Add fail2ban for login nodes

UoB-HPC · Nov 7, 2024 · a87bf9e · a87bf9e
1 parent 273e028
commit a87bf9e
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/playbook-svc-login.yml b/playbook-svc-login.yml
@@ -7,6 +7,21 @@
     - include_tasks: tasks/backup_or_restore_host_keys.yml
     - include_tasks: tasks/setup_unattended_security_updates.yml
 
+    - name: Setup fail2ban
+      ansible.builtin.dnf:
+        name: ["fail2ban"]
+
+    - name: Configure fail2ban_config
+      ansible.builtin.template:
+        src: "ssh.conf.fail2ban.j2"
+        dest: /etc/fail2ban/jail.d/ssh.conf
+
+    - name: Enable fail2ban service
+      ansible.builtin.systemd_service:
+        name: fail2ban
+        state: restarted
+        enabled: true
+
     - name: Setup missing Slurm dependencies
       ansible.builtin.dnf:
         name: ["/bin/mailx", "Lmod"]

diff --git a/playbook-task-update_motd.yml → playbook-task-update-motd.yml b/playbook-task-update_motd.yml → playbook-task-update-motd.yml
diff --git a/templates/ssh.conf.fail2ban.j2 b/templates/ssh.conf.fail2ban.j2
@@ -0,0 +1,5 @@
+[sshd]
+enabled = true
+maxretry = 6
+bantime = 90m
+ignoreip = 127.0.0.1