ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/base/templates/jail.local.j2
ilia 01d35172e4
Some checks failed
CI / lint-and-test (pull_request) Failing after 58s
Details
CI / ansible-validation (pull_request) Failing after 1m58s
Details
CI / secret-scanning (pull_request) Successful in 58s
Details
CI / dependency-scan (pull_request) Successful in 1m1s
Details
CI / sast-scan (pull_request) Successful in 1m55s
Details
CI / license-check (pull_request) Successful in 58s
Details
CI / vault-check (pull_request) Failing after 1m55s
Details
CI / playbook-test (pull_request) Successful in 1m57s
Details
CI / container-scan (pull_request) Successful in 1m27s
Details
CI / sonar-analysis (pull_request) Successful in 2m4s
Details
CI / workflow-summary (pull_request) Successful in 55s
Details
Fix: Resolve linting errors and improve firewall configuration 
- Fix UFW firewall to allow outbound traffic (was blocking all outbound)
- Add HOST parameter support to shell Makefile target
- Fix all ansible-lint errors (trailing spaces, missing newlines, document starts)
- Add changed_when: false to check commands
- Fix variable naming (vault_devGPU -> vault_devgpu)
- Update .ansible-lint config to exclude .gitea/ and allow strategy: free
- Fix NodeSource repository GPG key handling in shell playbook
- Add missing document starts to host_vars files
- Clean up empty lines in datascience role files
2025-12-17 22:51:04 -05:00

38 lines
881 B
Django/Jinja
Raw Blame History

[DEFAULT]
# Ban hosts for 1 hour
bantime = 3600
# Check for repeated failures for 10 minutes
findtime = 600
# Allow 3 failures before banning
maxretry = 3
# Email notifications (configured via fail2ban_destemail variable)
{% if fail2ban_destemail | default('') | length > 0 %}
destemail = {{ fail2ban_destemail }}
sender = {{ fail2ban_sender | default(fail2ban_destemail) }}
action = {{ fail2ban_action | default('%(action_mwl)s') }}
{% else %}
# Email notifications disabled (set fail2ban_destemail in group_vars/all/main.yml to enable)
{% endif %}
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache2/error.log
maxretry = 3
[nginx-http-auth]
enabled = false
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 3
Reference in New Issue View Git Blame Copy Permalink