aboutsummaryrefslogtreecommitdiffstats
path: root/roles/security/tasks
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-11 15:02:48 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:08 +0800
commit691afd098079d2c2457b75a94ac17510bc95a01b (patch)
treeab01a2e620578cfc0dcb9ba750a5d4a19d3c02d4 /roles/security/tasks
parent903f6954a6fac6ffc56c2a14c21f65fa587d6470 (diff)
downloadansible-dfly-vps-691afd098079d2c2457b75a94ac17510bc95a01b.tar.bz2
security/sshlockout: the syslog line cannot append to the file end ...
Diffstat (limited to 'roles/security/tasks')
-rw-r--r--roles/security/tasks/main.yml9
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml
index 62c1ac5..1976def 100644
--- a/roles/security/tasks/main.yml
+++ b/roles/security/tasks/main.yml
@@ -14,13 +14,12 @@
command: rcenable pflog
- name: sshlockout - setup with PF
- blockinfile:
+ lineinfile:
path: /etc/syslog.conf
- marker: '# {mark} ANSIBLE MANAGED - sshlockout'
- block: |
- # Block SSH auth failures using "sshlockout" and "pf"
- auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce
+ line: "auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce"
+ insertafter: 'auth\.info'
notify: restart-syslogd
+ tags: sshlockout
- name: periodic - copy clean-pf script
copy: