fail2ban support for Trusty

roles/common/tasks/security.yml

@@ -9,6 +9,11 @@
   template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
   notify: restart fail2ban
 
+- name: Copy fail2ban configuration into place for Ubuntu Trusty
+  template: src=etc_trusty_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
+  when: ansible_sistributon_release == 'trusty'
+  notify: restart fail2ban
+
 - name: Copy fail2ban dovecot configuration into place
   copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf
   notify: restart fail2ban

roles/common/templates/etc_trusty_fail2ban_jail.local.j2

@@ -0,0 +1,34 @@
+[DEFAULT]
+ignoreip  = 127.0.0.1 {{ ansible_default_ipv4.address }} {{ ' '.join(friendly_networks) }}
+bantime   = 86400
+destemail = {{ admin_email }}
+banaction = iptables-multiport
+action    = %(action_)s
+
+# JAILS
+[ssh]
+enabled   = true
+maxretry  = 3
+
+[pam-generic]
+enabled   = true
+banaction = iptables-allports
+
+[ssh-ddos]
+enabled   = true
+
+[apache]
+enabled = true
+
+[postfix]
+enabled  = true
+maxretry = 1
+
+[dovecot-pop3imap]
+enabled = true
+filter = dovecot-pop3imap
+action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap,993,995", protocol=tcp]
+logpath = /var/log/maillog
+maxretry = 20
+findtime = 1200
+bantime = 1200