-`fail2ban_socket`: [default: `/var/run/fail2ban/fail2ban.sock`]: Sets the socket file, which is used to communicate with the daemon
-`fail2ban_pidfile`: [default: `/var/run/fail2ban/fail2ban.pid`]: Sets the pid file, which is used to to store the process ID of the daemon (Only works on `fail2ban >= 0.8.9`)
-`fail2ban_ignoreips`: [default: `[127.0.0.1/8]`]: Which IP address/CIDR mask/DNS host should be ignored from fail2ban's actions
-`fail2ban_bantime`: [default: `600`]: Sets the bantime
-`fail2ban_maxretry`: [default: `3`]: Maximum number of retries before the host is put into jail
-`fail2ban_findtime`: [default: `600`]: A host is banned if it has generated `fail2ban_maxretry` during the last `fail2ban_findtime`
-`fail2ban_backend`: [default: `auto`]: Specifies the backend used to get files modification
-`fail2ban_banaction`: [default: `iptables-multiport`]: Sets the global/default banaction
-`fail2ban_protocol`: [default: `tcp`]: Sets the default protocol
-`fail2ban_chain`: [default: `INPUT`]: Specifies the chain where jumps would need to be added in iptables-* actions
-`fail2ban_action`: [default: `%(action_)s`]: Default action. **Note that variables (including the actions defined elsewhere in the config files) must be wrapped in python-style `%(` and `)s` so they are expanded**
-`fail2ban_services` [default see `defaults/main.yml`]: Service definitions
-`fail2ban_services.{n}.name` [required]: Service name (e.g. `sshd`, `ssh`)
-`fail2ban_services.{n}.enabled` [default: `true`]: Whether or not enabled
-`fail2ban_services.{n}.*` [optional]: Name of the option
-`fail2ban_services.{n}.*.*` [optional]: Value of the option
* Sets the log target. This could be a file, SYSLOG, STDERR or STDOUT.
* default: `/var/log/fail2ban.log`
* fail2ban_syslog_target:
* description:
* Sets the syslog target instance.
* default: `/var/log/fail2ban.log`
* fail2ban_syslog_facility:
* description:
* tbd...
* default: `1`
* fail2ban_socket:
* description:
* Sets the socket file, which is used to communicate with the daemon.
* default: `/var/run/fail2ban/fail2ban.sock`
* fail2ban_pidfile:
* description:
* Sets the pid file, which is used to to store the process ID of the daemon (Only works on `fail2ban >= 0.8.9`).
* default: `/var/run/fail2ban/fail2ban.pid`
* fail2ban_ignoreips:
* description:
* Which IP address/CIDR mask/DNS host should be ignored from fail2ban's actions.
* default: `[127.0.0.1/8]`
* fail2ban_bantime:
* description:
* Sets the bantime in seconds.
* default: `600`
* fail2ban_maxretry:
* description:
* Maximum number of retries before the host is put into jail.
* default: `3`
* fail2ban_findtime:
* description:
* A host is banned if it has generated `fail2ban_maxretry` during the last `fail2ban_findtime` in seconds.
* default: `600`
* fail2ban_backend:
* description:
* Specifies the backend used to get files modification.
* default: `auto`
* choices: tbd...
* fail2ban_banaction:
* description:
* Sets the global/default banaction.
* default: `iptables-multiport`
* fail2ban_protocol:
* description:
* Sets the default protocol.
* default: `tcp`
* choices: tbd...
* fail2ban_chain:
* description:
* Specifies the chain where jumps would need to be added in iptables-* actions.
* default: `INPUT`
* fail2ban_action:
* description:
* Default action. **Note that variables (including the actions defined elsewhere in the config files) must be wrapped in python-style `%(` and `)s` so they are expanded**.
* default: `%(action_)s`
* fail2ban_services:
* description:
* Service definitions.
* default see `defaults/main.yml`
* fail2ban_services.{n}.name [required]:
* description:
* Service name.
* default: undefined
* example: `sshd`, `ssh`
* fail2ban_services.{n}.enabled:
* description:
* Whether or not enabled.
* default: `true`
* choices: `true`, `false`
* fail2ban_services.{n}.* [optional]:
* description:
* Name of the option
* fail2ban_services.{n}.*.* [optional]:
* description:
* Value of the option
Processes
=========
1. install fail2ban
2. create configuration files from templates
## License
License
=======
BSD-3-Clauses
## Author Information
Contributors
============
- Michael Klix <michael.klix@tu-dresden.de>
* Michael Klix (michael.klix@tu-dresden.de)
Based on the provided SDM framework of
- Martin Pietsch <martin.pietsch@tu-dresden.de>
* Martin Pietsch (martin.pietsch@tu-dresden.de)
Mainly influenced by the implementation/example of Nicolas Bigot <https://github.com/nbigot/ansible-fail2ban>.
Mainly influenced by the implementation/example of
- Nicolas Bigot <https://github.com/nbigot/ansible-fail2ban>