Skip to content
Snippets Groups Projects
Commit 1c46e347 authored by Stéphane Diemer's avatar Stéphane Diemer
Browse files

Moved fail2ban configuration into packages | refs #32632

parent 4b86e1f0
No related branches found
No related tags found
No related merge requests found
......@@ -13,23 +13,6 @@ celerity_ms_instances:
ms_api_key: "{{ celerity_ms_api_key }}"
ms_server_name: "{{ celerity_ms_hostname }}"
celerity_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
celerity_f2b_filter:
name: celerity
content: |
[INCLUDES]
before = common.conf
[Definition]
# currently there is no login failure log in celerity so this useless for now
failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
ignoreregex =
celerity_f2b_jail:
name: celerity
content: |
[celerity]
logpath = /var/lib/celerity/twisted.log
enabled = {% if celerity_fail2ban_enabled | bool %}true{% else %}false{% endif %}
celerity_firewall_enabled: true
celerity_ferm_rules_filename: celerity
celerity_ferm_input_rules:
......
......@@ -21,16 +21,6 @@
enabled: true
state: started
# FAIL2BAN
- name: fail2ban
when: celerity_fail2ban_enabled
vars:
f2b_filter: "{{ celerity_f2b_filter }}"
f2b_jail: "{{ celerity_f2b_jail }}"
include_role:
name: fail2ban
# FIREWALL
- name: firewall
......
......@@ -4,7 +4,7 @@
apt:
force_apt_get: true
name: "{{ f2b_packages }}"
state: present
state: latest
- name: directories
loop:
......
......@@ -29,23 +29,6 @@ server_celerity_signing_key: "{{ envsetup_celerity_signing_key }}"
server_wowza_live_pwd: "{{ envsetup_wowza_live_pwd | d() }}"
server_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
server_f2b_filter:
name: server
content: |
[INCLUDES]
before = common.conf
[Definition]
failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
ignoreregex =
server_f2b_jail:
name: server
content: |
[server]
logpath = /home/*/mstmp/mediaserver.log
enabled = {% if server_fail2ban_enabled | bool %}true{% else %}false{% endif %}
server_firewall_enabled: true
server_ferm_rules_filename: server
server_ferm_input_rules:
......
......@@ -127,16 +127,6 @@
enabled: true
state: started
# FAIL2BAN
- name: fail2ban
when: server_fail2ban_enabled
vars:
f2b_filter: "{{ server_f2b_filter }}"
f2b_jail: "{{ server_f2b_jail }}"
include_role:
name: fail2ban
# FIREWALL
- name: firewall
......
......@@ -11,23 +11,6 @@ manager_default_email_sender: "noreply@{{ manager_hostname }}"
manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
manager_proxy_http: "{{ envsetup_proxy_http }}"
manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
manager_f2b_filter:
name: manager
content: |
[INCLUDES]
before = common.conf
[Definition]
failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
ignoreregex =
manager_f2b_jail:
name: manager
content: |
[manager]
logpath = /home/skyreach/.skyreach/logs/skyreach.log
enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
manager_firewall_enabled: true
manager_ferm_rules_filename: manager
manager_ferm_input_rules:
......
......@@ -68,16 +68,6 @@
enabled: true
state: started
# FAIL2BAN
- name: fail2ban
when: manager_fail2ban_enabled
vars:
f2b_filter: "{{ manager_f2b_filter }}"
f2b_jail: "{{ manager_f2b_jail }}"
include_role:
name: fail2ban
# FIREWALL
- name: firewall
......
......@@ -7,23 +7,6 @@ monitor_packages:
monitor_shell_pwd: "{{ envsetup_monitor_shell_pwd }}"
monitor_hostname: "{{ envsetup_monitor_server_name }}"
monitor_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
monitor_f2b_filter:
name: monitor
content: |
[INCLUDES]
before = common.conf
[Definition]
failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
ignoreregex =
monitor_f2b_jail:
name: monitor
content: |
[monitor]
logpath = /home/msmonitor/msmonitor/logs/site.log
enabled = {% if monitor_fail2ban_enabled | bool %}true{% else %}false{% endif %}
monitor_firewall_enabled: true
monitor_ferm_rules_filename: monitor
monitor_ferm_input_rules:
......
......@@ -45,16 +45,6 @@
mode: 0755
state: directory
# FAIL2BAN
- name: fail2ban
when: monitor_fail2ban_enabled
vars:
f2b_filter: "{{ monitor_f2b_filter }}"
f2b_jail: "{{ monitor_f2b_jail }}"
include_role:
name: fail2ban
# FIREWALL
- name: firewall
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment