admin/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajouter securite.yml

Browse Source
This commit is contained in:
admin
2026-02-16 01:23:13 +00:00
parent 2b342d6e47
commit 4513807824
1 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
securite.yml Normal file
View File

@@ -0,0 +1,89 @@
---
- name: Sécurité Simple - Réseau local libre, extérieur protégé
hosts: all
become: yes
tasks:
- name: "=== Installation ==="
apt:
name:
- ufw
- fail2ban
state: present
update_cache: yes
- name: "=== FIREWALL ==="
debug:
msg: "Configuration du firewall..."
- name: Règles par défaut UFW
ufw:
default: "{{ item.direction }}"
direction: "{{ item.type }}"
loop:
- { direction: 'deny', type: 'incoming' }
- { direction: 'allow', type: 'outgoing' }
- name: SSH autorisé (pour ne pas se bloquer)
ufw:
rule: allow
port: '22'
proto: tcp
- name: Tout le réseau local autorisé
ufw:
rule: allow
from_ip: 192.168.123.0/24
- name: Activer UFW
ufw:
state: enabled
- name: "=== FAIL2BAN ==="
debug:
msg: "Configuration de Fail2ban..."
- name: Configuration Fail2ban simple
copy:
dest: /etc/fail2ban/jail.local
content: |
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3
mode: '0644'
- name: Démarrer Fail2ban
systemd:
name: fail2ban
state: restarted
enabled: yes
- name: "=== VÉRIFICATION ==="
command: ufw status
register: fw_status
changed_when: false
- name: Afficher config
debug:
var: fw_status.stdout_lines
- name: "=== RÉSUMÉ ==="
debug:
msg:
- "================================================"
- "✓ FIREWALL"
- " Depuis 192.168.123.0/24 → TOUS LES PORTS OK"
- " Depuis Internet → BLOQUÉ"
- ""
- "✓ FAIL2BAN"
- " 3 tentatives SSH ratées → Ban 1h"
- ""
- "✓ VOUS ÊTES PROTÉGÉ !"
- "================================================"