ansible-personal/roles/common/templates
Alan Orth 0605f70f2e
roles/common: Add support for fail2ban
This is active banning of IPs that are brute forcing login attempts
to SSH, versus the passive banning of 10,000 abusive IPs from the
abuseipdb.com blacklist. For now I am banning IPs that fail to log
in successfully more than twelve times in a one-hour period, but
these settings might change, and I can override them at the group
and host level if needed.

Currently this works for CentOS 7, Ubuntu 16.04, and Ubuntu 18.04,
with minor differences in the systemd configuration due to older
versions on some distributions.

You can see the status of the jail like this:

    # fail2ban-client status sshd
    Status for the jail: sshd
    |- Filter
    |  |- Currently failed: 0
    |  |- Total failed:     0
    |  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
    `- Actions
       |- Currently banned: 1
       |- Total banned:     1
       `- Banned IP list:   106.13.112.20

You can unban IPs like this:

    # fail2ban-client set sshd unbanip 106.13.112.20
2019-10-26 16:36:07 +02:00
..
etc roles/common: Add support for fail2ban 2019-10-26 16:36:07 +02:00
ip6tables.j2 Add IPv6 support to firewall tasks / template 2015-05-25 18:17:23 +03:00
iptables.j2 Initial commit 2014-08-17 00:35:57 +03:00
public.xml.j2 roles/common: Relax SSH rate limit in firewalld 2019-10-06 18:27:45 +03:00
rc.local_Ubuntu.j2 roles/common: Remove I/O scheduler logic from rc.local 2015-03-15 17:40:54 +03:00
security.sources.list.j2 roles/common: Update security.sources.list for cron-apt 2019-07-06 21:16:19 +03:00
sources.list.j2 roles/common: Remove buster-backports 2019-10-18 22:56:52 +03:00
sshd_config_Debian-9.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sshd_config_Debian-10.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sshd_config_Ubuntu-16.04.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sshd_config_Ubuntu-18.04.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sysctl_Debian.j2 roles/common: Add sysctl template for Debian hosts 2015-08-23 00:12:17 +03:00
sysctl_Ubuntu.j2 roles/common: Remove logic for TCP congestion avoidance on early kernels in sysctl 2015-03-15 17:25:33 +03:00
tarsnap_sources.list.j2 roles/common: Use stable tarsnap 2019-09-13 22:14:49 +03:00