mirror of
https://github.com/transatoshi-mw/grinminer.net.git
synced 2025-10-06 22:02:48 +00:00
36 lines
880 B
YAML
36 lines
880 B
YAML
- hosts: all
|
|
remote_user: root
|
|
tasks:
|
|
|
|
- name: Install fail2ban
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- fail2ban
|
|
state: latest
|
|
update_cache: yes
|
|
|
|
- name: Copy fail2ban jail
|
|
ansible.builtin.copy:
|
|
src: /etc/fail2ban/jail.conf
|
|
dest: /etc/fail2ban/jail.local
|
|
|
|
- name: Enable fail2ban
|
|
ansible.builtin.shell:
|
|
cmd: systemctl enable fail2ban
|
|
cmd: systemctl start fail2ban
|
|
|
|
- name: Replace PermitRootLogin
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: PermitRootLogin yes
|
|
replace: PermitRootLogin prohibit-password
|
|
|
|
- name: Replace PasswordAuthentication
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: PasswordAuthentication yes
|
|
replace: PasswordAuthentication no
|
|
|
|
- name: Restart SSH
|
|
ansible.builtin.shell:
|
|
cmd: systemctl restart ssh |