60 lines
1.0 KiB
YAML
60 lines
1.0 KiB
YAML
---
|
|
|
|
- name: sshguard package
|
|
become: yes
|
|
package:
|
|
name:
|
|
- sshguard
|
|
- suricata
|
|
- oinkmaster
|
|
state: present
|
|
|
|
- name: sshguard config
|
|
become: yes
|
|
copy:
|
|
src: sshguard.conf
|
|
dest: /etc/sshguard.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: sshguard allowlist
|
|
become: yes
|
|
copy:
|
|
dest: /etc/sshguard.allowlist
|
|
content: |
|
|
"{{ router }}/{{ netmask }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
# - name: Copy oinkmaster service
|
|
# register: oinkmaster_service
|
|
# become: yes
|
|
# loop:
|
|
# - oinkmaster.service
|
|
# - oinkmaster.timer
|
|
# copy:
|
|
# src: "{{ item }}"
|
|
# dest: "/usr/lib/systemd/system/{{ item }}"
|
|
# owner: root
|
|
# group: root
|
|
# mode: 0644
|
|
#
|
|
# - systemd:
|
|
# daemon_reload: yes
|
|
# become: yes
|
|
# when: oinkmaster_service.changed
|
|
|
|
- name: IDS services
|
|
become: yes
|
|
loop:
|
|
- suricata.service
|
|
- sshguard.service
|
|
# - oinkmaster.timer
|
|
service:
|
|
name: "{{ item }}"
|
|
state: restarted
|
|
enabled: yes
|
|
|