add readme and initial example
This commit is contained in:
commit
1447aa30fd
|
@ -0,0 +1,15 @@
|
|||
# Beispiel Ansible
|
||||
|
||||
## Erste Schritte
|
||||
|
||||
Du musst einmal die `host_vars/server.example.com.yml` Datei umbennenen und die `inventory` Datei anpassen um deinen Host zu erreichen.
|
||||
In `host_vars/server.example.com.yml` kannst du fail2ban und nftables konfigurieren.
|
||||
|
||||
## Dokumentation
|
||||
|
||||
### nftables
|
||||
- [Rolle](https://github.com/ipr-cnrs/nftables/blob/master/README.md)
|
||||
|
||||
### fail2ban
|
||||
- [Rolle](https://github.com/Oefenweb/ansible-fail2ban/blob/master/README.md)
|
||||
- [Konfiguration](https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration)
|
|
@ -0,0 +1,2 @@
|
|||
[connection]
|
||||
pipelining = True
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
nft_define_host:
|
||||
input tcp accepted:
|
||||
name: in_tcp_accept
|
||||
value: '{ ssh, http, https }'
|
||||
output tcp accepted:
|
||||
name: out_tcp_accept
|
||||
value: '{ ssh, http, https }'
|
||||
|
||||
fail2ban_services:
|
||||
- name: sshd
|
||||
backend: systemd
|
|
@ -0,0 +1 @@
|
|||
server.example.com ansible_host=0.0.0.0 ansible_ssh_user=example become=true become_user=root
|
|
@ -0,0 +1,6 @@
|
|||
roles:
|
||||
- src: ipr-cnrs.nftables
|
||||
version: v2.2.1
|
||||
|
||||
- src: Oefenweb.fail2ban
|
||||
version: v4.0.8
|
Loading…
Reference in New Issue