diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-11 15:02:48 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
| commit | 691afd098079d2c2457b75a94ac17510bc95a01b (patch) | |
| tree | ab01a2e620578cfc0dcb9ba750a5d4a19d3c02d4 | |
| parent | 903f6954a6fac6ffc56c2a14c21f65fa587d6470 (diff) | |
| download | ansible-dfly-vps-691afd098079d2c2457b75a94ac17510bc95a01b.tar.bz2 | |
security/sshlockout: the syslog line cannot append to the file end ...
| -rw-r--r-- | roles/security/tasks/main.yml | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml index 62c1ac5..1976def 100644 --- a/roles/security/tasks/main.yml +++ b/roles/security/tasks/main.yml @@ -14,13 +14,12 @@ command: rcenable pflog - name: sshlockout - setup with PF - blockinfile: + lineinfile: path: /etc/syslog.conf - marker: '# {mark} ANSIBLE MANAGED - sshlockout' - block: | - # Block SSH auth failures using "sshlockout" and "pf" - auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce + line: "auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce" + insertafter: 'auth\.info' notify: restart-syslogd + tags: sshlockout - name: periodic - copy clean-pf script copy: |