35 lines
836 B
YAML
35 lines
836 B
YAML
- name: Install fail2ban
|
|
apt:
|
|
name:
|
|
- fail2ban
|
|
|
|
- name: Configure fail2ban
|
|
copy:
|
|
src: fail2ban/jail.local
|
|
dest: /etc/fail2ban/jail.local
|
|
notify: Restart fail2ban
|
|
|
|
- name: Disable ssh password authentication for all but user of ansible
|
|
blockinfile:
|
|
path: /etc/ssh/sshd_config
|
|
block: |
|
|
Match User {{ ansible_user }}
|
|
PasswordAuthentication yes
|
|
Match all
|
|
PasswordAuthentication no
|
|
notify: Restart sshd
|
|
|
|
- name: Configure sshd ClientAliveInterval
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?ClientAliveInterval'
|
|
line: '#ClientAliveInterval 5m'
|
|
notify: Restart sshd
|
|
|
|
- name: Configure sshd ClientAliveCountMax
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?ClientAliveCountMax'
|
|
line: '#ClientAliveCountMax 3'
|
|
notify: Restart sshd
|