init

ansible/roles/harden/fail2ban/templates/fail2ban.local.j2

@@ -0,0 +1,6 @@
+[Definition]
+loglevel   = INFO
+logtarget  = /var/log/fail2ban.log
+socket     = /run/fail2ban/fail2ban.sock
+pidfile    = /run/fail2ban/fail2ban.pid
+dbpurgeage = 86400

ansible/roles/harden/fail2ban/templates/jail.local.j2

@@ -0,0 +1,18 @@
+[DEFAULT]
+ignoreip = 127.0.0.1/8 ::1
+
+findtime = 600
+maxretry = 5
+bantime  = 1h
+
+backend   = systemd
+banaction = nftables[type=multiport]
+
+[sshd]
+enabled  = true
+port     = 25105
+filter   = sshd
+maxretry = 5
+findtime = 600
+bantime  = 1h
+mode     = aggressive