diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-11 15:02:48 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
commit | 691afd098079d2c2457b75a94ac17510bc95a01b (patch) | |
tree | ab01a2e620578cfc0dcb9ba750a5d4a19d3c02d4 /roles/security/tasks | |
parent | 903f6954a6fac6ffc56c2a14c21f65fa587d6470 (diff) | |
download | ansible-dfly-vps-691afd098079d2c2457b75a94ac17510bc95a01b.tar.bz2 |
security/sshlockout: the syslog line cannot append to the file end ...
Diffstat (limited to 'roles/security/tasks')
-rw-r--r-- | roles/security/tasks/main.yml | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml index 62c1ac5..1976def 100644 --- a/roles/security/tasks/main.yml +++ b/roles/security/tasks/main.yml @@ -14,13 +14,12 @@ command: rcenable pflog - name: sshlockout - setup with PF - blockinfile: + lineinfile: path: /etc/syslog.conf - marker: '# {mark} ANSIBLE MANAGED - sshlockout' - block: | - # Block SSH auth failures using "sshlockout" and "pf" - auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce + line: "auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce" + insertafter: 'auth\.info' notify: restart-syslogd + tags: sshlockout - name: periodic - copy clean-pf script copy: |