2023-05-24 09:44:34 +00:00
|
|
|
# role_fail2ban
|
2023-05-24 09:43:10 +00:00
|
|
|
|
2023-05-24 09:44:34 +00:00
|
|
|
Ce rôle permet d'installation, configurer et supprimer la configuration de fail2ban.
|
|
|
|
|
|
|
|
## Variables
|
|
|
|
|
|
|
|
### fail2ban_destemail
|
|
|
|
|
|
|
|
Adresse IP où seront envoyé les alertes.
|
|
|
|
|
|
|
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
|
|
|
|
|
|
|
### fail2ban_ignoreip
|
|
|
|
|
|
|
|
Liste d'adresse IP qui seront ignorées et donc jamais bannis.
|
|
|
|
|
|
|
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
|
|
|
|
|
|
|
### fail2ban_ssh_port
|
|
|
|
|
|
|
|
Port d'écoute de SSH.
|
|
|
|
|
|
|
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
|
|
|
|
|
|
|
### fail2ban_templates_*
|
|
|
|
|
|
|
|
Liste de templates à déployer.
|
|
|
|
|
|
|
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
|
|
|
|
|
|
|
## Exemple d'utilisation
|
|
|
|
|
|
|
|
### inventory.yml
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
---
|
|
|
|
|
|
|
|
all:
|
|
|
|
hosts:
|
|
|
|
host1.ykn.local:
|
|
|
|
host2.ykn.local:
|
|
|
|
children:
|
|
|
|
dnsservers:
|
|
|
|
hosts:
|
|
|
|
dnsmasq1.ykn.local:
|
|
|
|
dnsmasq2.ykn.local:
|
|
|
|
```
|
|
|
|
|
|
|
|
### group_vars/all.yml
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
---
|
|
|
|
|
|
|
|
fail2ban_destemail: hostmaster@ykn.local
|
|
|
|
fail2ban_sender: "{{ inventory_hostname }} <fail2ban@ykn.local>"
|
|
|
|
fail2ban_ignoreip: []
|
|
|
|
fail2ban_ssh_port: 22
|
|
|
|
```
|
|
|
|
|
|
|
|
### playbook.yml
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
---
|
|
|
|
|
|
|
|
- hosts: 'all'
|
|
|
|
roles:
|
|
|
|
- name: fail2ban
|
|
|
|
```
|