From 691afd098079d2c2457b75a94ac17510bc95a01b Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Sun, 11 Mar 2018 15:02:48 +0800 Subject: security/sshlockout: the syslog line cannot append to the file end ... --- roles/security/tasks/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'roles/security') diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml index 62c1ac5..1976def 100644 --- a/roles/security/tasks/main.yml +++ b/roles/security/tasks/main.yml @@ -14,13 +14,12 @@ command: rcenable pflog - name: sshlockout - setup with PF - blockinfile: + lineinfile: path: /etc/syslog.conf - marker: '# {mark} ANSIBLE MANAGED - sshlockout' - block: | - # Block SSH auth failures using "sshlockout" and "pf" - auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce + line: "auth.info;authpriv.info |exec /usr/sbin/sshlockout -pf bruteforce" + insertafter: 'auth\.info' notify: restart-syslogd + tags: sshlockout - name: periodic - copy clean-pf script copy: -- cgit v1.2.2