From 588d175f4dc99998e7d8d6c595cfa035e89693e1 Mon Sep 17 00:00:00 2001
From: stepanbaghdasaryan <styop.b@hotmail.com>
Date: Sun, 19 Nov 2023 12:28:52 +0100
Subject: [PATCH 1/2] fix: use systemd backend for fail2ban for debian 12 and
 higher

---
 templates/jail.local.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/templates/jail.local.j2 b/templates/jail.local.j2
index de9b947..30de016 100644
--- a/templates/jail.local.j2
+++ b/templates/jail.local.j2
@@ -1,3 +1,9 @@
+{% if ansible_distribution_major_version | int >= 12 %}
+[DEFAULT]
+backend = systemd
+logtarget = SYSTEMD-JOURNAL
+
+{% endif %}
 [sshd]
 enabled = true
 port    = {{ security_ssh_port }}

From 0b9a774f875ff3c175fc4f16a6d2b5b479d17e45 Mon Sep 17 00:00:00 2001
From: stepanbaghdasaryan <styop.b@hotmail.com>
Date: Mon, 18 Dec 2023 19:53:27 +0100
Subject: [PATCH 2/2] fix: move logtarget config to fail2ban.local and add
 debian distribution check

---
 tasks/fail2ban.yml          | 15 ++++++++++++++-
 templates/fail2ban.local.j2 |  2 ++
 templates/jail.local.j2     |  9 +++------
 3 files changed, 19 insertions(+), 7 deletions(-)
 create mode 100644 templates/fail2ban.local.j2

diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml
index f82f5e4..a2be94b 100644
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -12,7 +12,7 @@
     state: present
   when: ansible_os_family == 'Debian'
 
-- name: Copy fail2ban custom configuration file into place.
+- name: Copy jail custom configuration file into place.
   template:
     src: "{{ security_fail2ban_custom_configuration_template }}"
     dest: /etc/fail2ban/jail.local
@@ -22,6 +22,19 @@
   notify:
    - reload fail2ban
 
+- name: Copy fail2ban custom configuration file into place.
+  template:
+    src: fail2ban.local.j2
+    dest: /etc/fail2ban/fail2ban.local
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - ansible_os_family == 'Debian'
+    - ansible_distribution_major_version | int >= 12
+  notify:
+   - reload fail2ban
+
 - name: Ensure fail2ban is running and enabled on boot.
   service:
     name: fail2ban
diff --git a/templates/fail2ban.local.j2 b/templates/fail2ban.local.j2
new file mode 100644
index 0000000..59bc278
--- /dev/null
+++ b/templates/fail2ban.local.j2
@@ -0,0 +1,2 @@
+[Definition]
+logtarget = SYSTEMD-JOURNAL
diff --git a/templates/jail.local.j2 b/templates/jail.local.j2
index 30de016..2670d99 100644
--- a/templates/jail.local.j2
+++ b/templates/jail.local.j2
@@ -1,10 +1,7 @@
-{% if ansible_distribution_major_version | int >= 12 %}
-[DEFAULT]
-backend = systemd
-logtarget = SYSTEMD-JOURNAL
-
-{% endif %}
 [sshd]
 enabled = true
 port    = {{ security_ssh_port }}
 filter  = sshd
+{% if ansible_os_family == 'Debian' and ansible_distribution_major_version | int >= 12 %}
+backend = systemd
+{% endif %}