From 8c5b4309222890ec2b7a99ac388ac3428be50fb1 Mon Sep 17 00:00:00 2001
From: Jeff Oakes <oakesj@ucsb.edu>
Date: Wed, 20 Mar 2024 17:37:54 -0700
Subject: [PATCH] add jail.local

---
 bootstrap.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/bootstrap.yml b/bootstrap.yml
index a22b710..c0b3820 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -13,6 +13,20 @@
      ansible.builtin.dnf:
        name: fail2ban
        state: present
+
+   - name: enable sshd jail
+     copy:
+       dest: /etc/fail2ban/jail.local
+       content: |
+         [sshd]
+         enabled = true
+         port = ssh
+         filter = sshd
+         logpath = /var/log/auth.log
+         maxretry = 3
+         findtime = 300
+         bantime = 600
+         ignoreip = 127.0.0.1,169.231.0.0/16,128.111.0.0/16
        
    - name: start fail2ban
      ansible.builtin.systemd_service: