Install aggressive Fail2ban jail for SSH

2022-06-18 19:47:02 -04:00 · 2022-06-18 19:47:02 -04:00 · 82df91305a
commit 82df91305a
parent dd9f84d498
2 changed files with 14 additions and 0 deletions
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@ -23,6 +23,17 @@
    name: ssh
    rule: limit

+- name: Remove Fail2ban defaults-debian.conf
+  file:
+    path: /etc/fail2ban/jail.d/defaults-debian.conf
+    state: absent
+
+- name: Install OpenSSH's Fail2ban jail
+  template:
+    src: fail2ban-ssh.conf.j2
+    dest: /etc/fail2ban/jail.d/sshd.conf
+  notify: restart_fail2ban
+
 - name: Enable firewall
  ufw:
    state: enabled
--- a/roles/base/templates/fail2ban-ssh.conf.j2
+++ b/roles/base/templates/fail2ban-ssh.conf.j2
@ -0,0 +1,3 @@
+[sshd]
+mode = aggressive
+enabled = true