From 7ea3baad594b889f6f7f4e7e4ccc4dc7c0099bc6 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 14 Dec 2022 12:01:33 +0100
Subject: Improve Debian 11's fail2ban rules.

---
 .../common/files/etc/systemd/system/fail2ban.service.d/override.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf')

diff --git a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf
index e3e651f..b34d130 100644
--- a/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf
+++ b/roles/common/files/etc/systemd/system/fail2ban.service.d/override.conf
@@ -2,13 +2,16 @@
 After=nftables.service
 
 [Service]
+ExecStartPre=
+ExecStart=
+ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
+
 # Need explicit rights to read logs as we don't grant CAP_DAC_READ_SEARCH
 SupplementaryGroups=adm
 
 # Hardening
 NoNewPrivileges=yes
 ProtectSystem=strict
-ReadWriteDirectories=/var/log/fail2ban
 RuntimeDirectory=fail2ban
 PrivateDevices=yes
 ProtectControlGroups=yes
-- 
cgit v1.2.3