robertdebock / ansible-role-fail2ban

Install and configure fail2ban on your system.
https://robertdebock.nl/
Apache License 2.0
62 stars 29 forks source link

How to configure a jail #7

Closed mset closed 3 years ago

mset commented 4 years ago

Hi,

Could you please point me in the right direction as to how to configure a jail (ssh for example) using this role?

Thanks!

robertdebock commented 4 years ago

All details are in the README.md

Just to be sure, you can't create a jail with this role...

mset commented 4 years ago

So this role is about installing f2b and configuring the root aspects of it but not configuring jails, if I understand it correctly. As it is, fail2ban won't even start on a system that has this role installed as it does not have any jail configuration. What would be the best way to set up jails when using this role?

rohankrishnadev commented 4 years ago

Hi,

Could you please point me in the right direction as to how to configure a jail (ssh for example) using this role?

Thanks!

I've got a very basic ssh jail configured using the following:

fail2banvars.yml

---
fail2ban_jail_configuration:
  - option: enabled
    value: "yes"
    section: sshd
  - option: mode
    value: "aggressive"
    section: sshd
  - option: port
    value: "ssh"
    section: sshd
  - option: logpath
    value: "%(sshd_log)s"
    section: sshd
  - option: backend
    value: "%(sshd_backend)s"
    section: sshd

It does get a bit cumbersome if you're trying to get multiple jails setup. Might be easier to just copy a jail.local file with pre-configured jails.

robertdebock commented 3 years ago

I think @rohankrishnadev has answered the question. Thanks!