mirror of
https://github.com/transatoshi-mw/grinminer.net.git
synced 2025-10-06 22:02:48 +00:00
43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
- hosts: all
|
|
remote_user: root
|
|
tasks:
|
|
|
|
- name: Install fail2ban
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- fail2ban
|
|
state: latest
|
|
update_cache: yes
|
|
|
|
- name: Copy fail2ban jail
|
|
ansible.builtin.copy:
|
|
src: /etc/fail2ban/jail.conf
|
|
dest: /etc/fail2ban/jail.local
|
|
|
|
- name: Enable fail2ban
|
|
ansible.builtin.shell:
|
|
cmd: systemctl enable fail2ban
|
|
cmd: systemctl start fail2ban
|
|
|
|
- name: Replace PermitRootLogin
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: 'PermitRootLogin yes'
|
|
replace: 'PermitRootLogin prohibit-password'
|
|
|
|
- name: Replace PasswordAuthentication
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '#PasswordAuthentication yes'
|
|
replace: 'PasswordAuthentication no'
|
|
|
|
- name: Replace PasswordAuthentication
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: 'PasswordAuthentication yes'
|
|
replace: 'PasswordAuthentication no'
|
|
|
|
|
|
- name: Restart SSH
|
|
ansible.builtin.shell:
|
|
cmd: systemctl restart ssh |