Ansible Playbooks

Fail2Ban Installation & SSH Configuration

Welcome

This playbook installs fail2ban on the target hosts, deploys a specific fail2ban configuration for SSH security, and restarts the fail2ban service to apply the changes. This helps protect the servers from unauthorized SSH login attempts by blocking IP addresses that exhibit suspicious behavior.

Please be aware, the coding on this site is meant to guide. Testing these scripts in a non-production environment is strongly encouraged. I take no responsibility for use of any scripts on this site or on my github repositories.

Additional information: Click Here (External Resource)

Playbook:

---
- name: Install fail2ban and configure sshd
  hosts: "{{ my_hosts | d([]) }}"
  become: true

  tasks:
    - name: Install fail2ban
      ansible.builtin.apt:
        name:
          - fail2ban
        update_cache: true

    - name: Copy fail2ban config file
      ansible.builtin.copy:
        src: configfiles/debian-sshd-default.conf
        dest: /etc/fail2ban/jail.d/debian-sshd-default.conf
        mode: '0644'
        owner: root
        group: root

    - name: Restart fail2ban
      ansible.builtin.systemd_service:
        state: restarted
        daemon_reload: true
        name: fail2ban

View on GitHub