Moved fail2ban configuration into packages | refs #32632

1c46e347 · Stéphane Diemer · 4b86e1f0 · 1c46e347 · 1c46e347 · 1c46e347
Commit 1c46e347 authored 4 years ago by Stéphane Diemer
--- a/roles/celerity/defaults/main.yml
+++ b/roles/celerity/defaults/main.yml
@@ -13,23 +13,6 @@ celerity_ms_instances:
    ms_api_key: "{{ celerity_ms_api_key }}"
    ms_server_name: "{{ celerity_ms_hostname }}"

-celerity_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-celerity_f2b_filter:
-  name: celerity
-  content: |
-    [INCLUDES]
-    before = common.conf
-    [Definition]
-    # currently there is no login failure log in celerity so this useless for now
-    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
-    ignoreregex =
-celerity_f2b_jail:
-  name: celerity
-  content: |
-    [celerity]
-    logpath = /var/lib/celerity/twisted.log
-    enabled = {% if celerity_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
 celerity_firewall_enabled: true
 celerity_ferm_rules_filename: celerity
 celerity_ferm_input_rules:

--- a/roles/celerity/tasks/main.yml
+++ b/roles/celerity/tasks/main.yml
@@ -21,16 +21,6 @@
    enabled: true
    state: started

-# FAIL2BAN
-
- name: fail2ban
-  when: celerity_fail2ban_enabled
-  vars:
-    f2b_filter: "{{ celerity_f2b_filter }}"
-    f2b_jail: "{{ celerity_f2b_jail }}"
-  include_role:
-    name: fail2ban
-
 # FIREWALL

 - name: firewall

--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -4,7 +4,7 @@
  apt:
    force_apt_get: true
    name: "{{ f2b_packages }}"
-    state: present
+    state: latest

 - name: directories
  loop:

--- a/roles/mediaserver/defaults/main.yml
+++ b/roles/mediaserver/defaults/main.yml
@@ -29,23 +29,6 @@ server_celerity_signing_key: "{{ envsetup_celerity_signing_key }}"

 server_wowza_live_pwd: "{{ envsetup_wowza_live_pwd | d() }}"

-server_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-server_f2b_filter:
-  name: server
-  content: |
-    [INCLUDES]
-    before = common.conf
-    [Definition]
-    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
-                INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
-    ignoreregex =
-server_f2b_jail:
-  name: server
-  content: |
-    [server]
-    logpath = /home/*/mstmp/mediaserver.log
-    enabled = {% if server_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
 server_firewall_enabled: true
 server_ferm_rules_filename: server
 server_ferm_input_rules:

--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -127,16 +127,6 @@
    enabled: true
    state: started

-# FAIL2BAN
-
- name: fail2ban
-  when: server_fail2ban_enabled
-  vars:
-    f2b_filter: "{{ server_f2b_filter }}"
-    f2b_jail: "{{ server_f2b_jail }}"
-  include_role:
-    name: fail2ban
-
 # FIREWALL

 - name: firewall

--- a/roles/mirismanager/defaults/main.yml
+++ b/roles/mirismanager/defaults/main.yml
@@ -11,23 +11,6 @@ manager_default_email_sender: "noreply@{{ manager_hostname }}"
 manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
 manager_proxy_http: "{{ envsetup_proxy_http }}"

-manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-manager_f2b_filter:
-  name: manager
-  content: |
-    [INCLUDES]
-    before = common.conf
-    [Definition]
-    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
-                INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
-    ignoreregex =
-manager_f2b_jail:
-  name: manager
-  content: |
-    [manager]
-    logpath = /home/skyreach/.skyreach/logs/skyreach.log
-    enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
 manager_firewall_enabled: true
 manager_ferm_rules_filename: manager
 manager_ferm_input_rules:

--- a/roles/mirismanager/tasks/main.yml
+++ b/roles/mirismanager/tasks/main.yml
@@ -68,16 +68,6 @@
    enabled: true
    state: started

-# FAIL2BAN
-
- name: fail2ban
-  when: manager_fail2ban_enabled
-  vars:
-    f2b_filter: "{{ manager_f2b_filter }}"
-    f2b_jail: "{{ manager_f2b_jail }}"
-  include_role:
-    name: fail2ban
-
 # FIREWALL

 - name: firewall

--- a/roles/msmonitor/defaults/main.yml
+++ b/roles/msmonitor/defaults/main.yml
@@ -7,23 +7,6 @@ monitor_packages:
 monitor_shell_pwd: "{{ envsetup_monitor_shell_pwd }}"
 monitor_hostname: "{{ envsetup_monitor_server_name }}"

-monitor_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-monitor_f2b_filter:
-  name: monitor
-  content: |
-    [INCLUDES]
-    before = common.conf
-    [Definition]
-    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
-                INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
-    ignoreregex =
-monitor_f2b_jail:
-  name: monitor
-  content: |
-    [monitor]
-    logpath = /home/msmonitor/msmonitor/logs/site.log
-    enabled = {% if monitor_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
 monitor_firewall_enabled: true
 monitor_ferm_rules_filename: monitor
 monitor_ferm_input_rules:

--- a/roles/msmonitor/tasks/main.yml
+++ b/roles/msmonitor/tasks/main.yml
@@ -45,16 +45,6 @@
    mode: 0755
    state: directory

-# FAIL2BAN
-
- name: fail2ban
-  when: monitor_fail2ban_enabled
-  vars:
-    f2b_filter: "{{ monitor_f2b_filter }}"
-    f2b_jail: "{{ monitor_f2b_jail }}"
-  include_role:
-    name: fail2ban
-
 # FIREWALL

 - name: firewall