alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Add nginx filter for fail2ban

Browse Source 
Some hosts can use fail2ban's nginx-botsearch filter to ban anyone
making requests to non-existent files like wp-login.php. There is
no reason to request such files naively and anyone found doing so
can be banned immediately.

In theory I should report them to AbuseIPDB.com, but that will take
a little more wiring up.
This commit is contained in:
Alan Orth
2021-08-01 09:56:43 +03:00
parent a67d901641
commit 98cc3a8c2e
3 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/common/tasks/fail2ban.yml
View File

@ -4,6 +4,11 @@
template: src=etc/fail2ban/jail.d/sshd.local.j2 dest=/etc/fail2ban/jail.d/sshd.local owner=root mode=0644
notify: restart fail2ban
- name: Configure fail2ban nginx filter
when: "extra_fail2ban_filters is defined and 'nginx' in extra_fail2ban_filters"
template: src=etc/fail2ban/jail.d/nginx.local.j2 dest=/etc/fail2ban/jail.d/nginx.local owner=root mode=0644
notify: restart fail2ban
- name: Create fail2ban service override directory
file: path=/etc/systemd/system/fail2ban.service.d state=directory owner=root mode=0755