- name: setup sshguard gather_facts: yes hosts: "{{target}}" become: "{{become}}" vars: auth_log_file: "{{ 'auth.log' if ansible_facts['os_family'] == 'Debian' else 'secure' }}" tasks: #- debug: # msg: # - "{{os_family}}" # - "{{ansible_distribution}}" # - "{{ansible_distribution_release}}" - name: check sshguard is installed ansible.builtin.shell: executable: /bin/bash cmd: "[[ -x `which sshguard` ]]" changed_when: false check_mode: false - name: check auth log file is available ansible.builtin.shell: executable: /bin/bash cmd: "ls /var/log/{{auth_log_file}}" changed_when: false check_mode: false # do not tune config on ubuntu18, keep using iptables there - name: config files for debian/ubuntu20- ansible.builtin.template: src: templates/sshguard_ubuntu20.conf.j2 dest: /etc/sshguard/sshguard.conf notify: restart sshguard diff: true when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal' - name: config files for debian/ubuntu22+ ansible.builtin.template: src: templates/sshguard_ubuntu22.conf.j2 dest: /etc/sshguard/sshguard.conf notify: restart sshguard diff: true when: > ( ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'jammy' ) or ( ansible_distribution == 'Linux Mint' and ansible_distribution_release == 'vera' ) or ( ansible_distribution == 'Debian' and ansible_distribution_release == 'bookworm' ) - name: sshguard whitelist for ngenix ansible.builtin.copy: src: templates/whitelist.ngenix dest: /etc/sshguard/whitelist notify: restart sshguard diff: true when: ngenix_whitelist == 'yes' - name: config files for sbo package ansible.builtin.template: src: templates/sshguard_sbo.conf.j2 dest: /etc/sshguard.conf notify: restart sshguard diff: true when: ansible_distribution == 'Slackware' - name: non-systemd init script ansible.builtin.copy: src: templates/rc.sshguard dest: /etc/rc.d/rc.sshguard mode: "755" when: ansible_distribution == 'Slackware' notify: restart sshguard diff: true handlers: - name: restart sshguard ansible.builtin.shell: executable: /bin/bash cmd: "[[ -x /lib/systemd/systemd ]] && systemctl restart sshguard.service || /etc/rc.d/rc.sshguard restart"