Merge pull request #122 from stepanbaghdasaryan/fix/fail2ban_use_syst…

…emd_backend_for_debian12 fix: use systemd backend for fail2ban for Debian 12 and higher
geerlingguy · Mar 15, 2024 · d85046d · d85046d
2 parents 9e826a3 + 0b9a774
commit d85046d
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
@@ -12,7 +12,7 @@
     state: present
   when: ansible_os_family == 'Debian'
 
-- name: Copy fail2ban custom configuration file into place.
+- name: Copy jail custom configuration file into place.
   template:
     src: "{{ security_fail2ban_custom_configuration_template }}"
     dest: /etc/fail2ban/jail.local
@@ -22,6 +22,19 @@
   notify:
     - reload fail2ban
 
+- name: Copy fail2ban custom configuration file into place.
+  template:
+    src: fail2ban.local.j2
+    dest: /etc/fail2ban/fail2ban.local
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - ansible_os_family == 'Debian'
+    - ansible_distribution_major_version | int >= 12
+  notify:
+   - reload fail2ban
+
 - name: Ensure fail2ban is running and enabled on boot.
   service:
     name: fail2ban

diff --git a/templates/fail2ban.local.j2 b/templates/fail2ban.local.j2
@@ -0,0 +1,2 @@
+[Definition]
+logtarget = SYSTEMD-JOURNAL
diff --git a/templates/jail.local.j2 b/templates/jail.local.j2
@@ -2,3 +2,6 @@
 enabled = true
 port    = {{ security_ssh_port }}
 filter  = sshd
+{% if ansible_os_family == 'Debian' and ansible_distribution_major_version | int >= 12 %}
+backend = systemd
+{% endif %}