diff options
| author | boom2 <blizzack@blizzack.com> | 2023-12-21 23:17:53 -0500 |
|---|---|---|
| committer | boom2 <blizzack@blizzack.com> | 2023-12-21 23:17:53 -0500 |
| commit | e546f2ba800a55663ae04f18f8b01e86e1deac90 (patch) | |
| tree | 0179f56d978ca3f3896a49b7b8cdda6305161c99 | |
| parent | 200680e7c8cbd6b4426c3ce232568b1e06446bde (diff) | |
- initial commit for fail2ban playbook
| -rw-r--r-- | ansible-practice/system/10-playbook-copy-system-files-on-node.yml | 2 | ||||
| -rw-r--r-- | ansible-practice/system/18-playbook-slackbuild-fail2ban.yml | 74 | ||||
| -rw-r--r-- | ansible-practice/system/rc.local_shutdown | 6 | ||||
| -rw-r--r-- | ansible_stuff.org | 49 |
4 files changed, 130 insertions, 1 deletions
diff --git a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml index c073d44..ca00a85 100644 --- a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml +++ b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml @@ -41,7 +41,7 @@ - name: backup of system files ansible.builtin.copy: - src: /etc/{{ item }} + src: /etc/{{ item }} remote_src: true dest: "{{ backup_etc_dir }}/" mode: preserve diff --git a/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml b/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml new file mode 100644 index 0000000..4bd28b2 --- /dev/null +++ b/ansible-practice/system/18-playbook-slackbuild-fail2ban.yml @@ -0,0 +1,74 @@ +# fail2ban slackbuild install +# +# +--- +- name: import another playbook + ansible.builtin.import_playbook: 17-playbook-slackbuild-rsync-repo.yml + +- name: "18 - custom ansible - install fail2ban slackbuild" + become: yes # Run tasks with root/sudo privileges + hosts: dev + vars: + rc_local: /etc/rc.d/rc.local + rc_local_shutdown: /etc/rc.d/rc.local_shutdown + rc_d: /etc/rc.d + + tasks: + - name: "test - to see if '{{ rc_local }}' exists" + ansible.builtin.stat: + path: "{{ rc_local }}" + register: etc_rcd_rclocal + tags: ['register_etc_rcd_rclocal'] + + - name: "fail - if the '{{ rc_local }}' file does not exist !" + ansible.builtin.fail: + msg: "this host does not have {{ rc_local }}" + when: etc_rcd_rclocal.stat.isreg is not defined + tags: ['test_etc_rcd_rclocal_exists'] + + - name: append to /etc/rc.local + ansible.builtin.blockinfile: + path: "{{ rc_local }}" + backup: true + block: | + if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban start + fi + tags: ['append_to_etc_rcd_rclocal'] + + - name: "test - to see if '{{ rc_local_shutdown }}' exists" + ansible.builtin.stat: + path: "{{ rc_local_shutdown }}" + register: etc_rcd_rclocal_shutdown + tags: ['register_etc_rcd_rclocal_shutdown'] + + - name: "copy - {{ rc_local_shutdown }} from controller to managed node" + ansible.builtin.copy: + src: rc.local_shutdown # copying a local file + dest: "{{ rc_d }}/" + owner: root + group: root + mode: 0755 + register: etc_rcd_rclocal_shutdown_created + when: etc_rcd_rclocal_shutdown.stat.isreg is not defined + tags: ['copy_rc_local_shutdown'] + + - name: "append - to {{ rc_local_shutdown }}" + ansible.builtin.blockinfile: + path: "{{ rc_local }}_shutdown" + backup: true + block: | + if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban stop + fi + tags: ['append_to_etc_rcd_rclocal_shutdown'] + +# - make sure to run 'updatedb' and 'sync' when we've finished all tasks !!!! + +# References +# +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/blockinfile_module.html +# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/fail_module.html +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/stat_module.html + diff --git a/ansible-practice/system/rc.local_shutdown b/ansible-practice/system/rc.local_shutdown new file mode 100644 index 0000000..0e1d179 --- /dev/null +++ b/ansible-practice/system/rc.local_shutdown @@ -0,0 +1,6 @@ +#!/bin/sh +# +# /etc/rc.d/rc.local_shutdown: Local system shutdown script. +# +# Put any local shutdown commands in here. + diff --git a/ansible_stuff.org b/ansible_stuff.org index ea0f832..3ffdb3d 100644 --- a/ansible_stuff.org +++ b/ansible_stuff.org @@ -1060,6 +1060,55 @@ will bite me in the ass someday. - sed command https://unix.stackexchange.com/questions/144298/delete-the-last-character-of-a-string-using-string-manipulation-in-shell-script +* <2023-12-21 Thu> --------------------------------------------------------- + +** fail2ban playbook + +http://slackbuilds.org/repository/15.0/network/fail2ban + +this seems like an easier slackbuild to begin ansible automation since +there are no dependencies. + +- make sure we have sbopkg installed on system + +- rsync sbopkg repo + +- install fail2ban slackbuild + + sbopkg + +- confirm that the service is installed + + fail2ban-client version + +- make /etc/rc.d/rc.fail2ban executable + + chmod +x /etc/rc.d/rc.fail2ban + +- add to /etc/rc.local + + if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban start + fi + +- add to /etc/rc.local_shutdown + + if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban stop + fi + +- start up service like so: + + /etc/rc.d/rc.fail2ban start + +- bring system DB up-to-date after new installation + + updatedb + +- sync all writes to file system + + sync + * references 2023-12-16 -- the following is a lists of ansible related URLs compiled so far. |