35 lines
830 B
YAML
35 lines
830 B
YAML
|
- name: Install fail2ban
|
||
|
apt:
|
||
|
name:
|
||
|
- fail2ban
|
||
|
|
||
|
- name: Configure fail2ban
|
||
|
copy:
|
||
|
src: fail2ban/jail.local
|
||
|
dest: /etc/fail2ban/jail.local
|
||
|
notify: Restart fail2ban
|
||
|
|
||
|
- name: Disable ssh password authentication for all but user of ansible
|
||
|
blockinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
block: |
|
||
|
Match User {{ ansible_user }}
|
||
|
PasswordAuthentication yes
|
||
|
Match all
|
||
|
PasswordAuthentication no
|
||
|
notify: Restart sshd
|
||
|
|
||
|
- name: Configure sshd ClientAliveInterval
|
||
|
lineinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
regexp: '^#?ClientAliveInterval'
|
||
|
line: ClientAliveInterval 5m
|
||
|
notify: Restart sshd
|
||
|
|
||
|
- name: Configure sshd ClientAliveCountMax
|
||
|
lineinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
regexp: '^#?ClientAliveCountMax'
|
||
|
line: ClientAliveCountMax 3
|
||
|
notify: Restart sshd
|