- name: Install security-related packages
  apt: pkg={{ item }} state=installed
  with_items:
    - fail2ban
    - lynis
    - rkhunter

- name: Copy fail2ban configuration into place
  template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
  notify: restart fail2ban

- name: Copy fail2ban dovecot configuration into place
  copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf
  notify: restart fail2ban

- name: Update sshd config to disallow root logins
  lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present
  notify: restart ssh