Initial commit of PVC Ansible role

roles/base/templates/etc/fail2ban/jail.d/sshd.conf.j2

@@ -0,0 +1,30 @@
+# Fail2Ban configuration file
+#
+# Author: Wolfgang Karall (based on sshd.conf from Cyril Jaquier)
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = sshd
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sUnable to negotiate with <HOST> .*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = ^%(__prefix_line)sDid not receive identification string from .*$

roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2

@@ -0,0 +1,11 @@
+[DEFAULT]
+maxretry    = 3
+bantime     = 14400
+ignoreip    = 127.0.0.0/8 10.0.0.0/8 198.55.48.48/28
+
+[ssh]
+enabled     = true
+filter      = sshd
+action      = route
+logpath     = /var/log/auth.log
+