C.J. Scarlett

Installing Fail2ban with an Ansible Role on Ubuntu 18.04 (Bionic Beaver)

Fail2ban Logo with Ansible Logo

Preamble

The Ansible role in question comes from Ansible Galaxy. It’s linked here below, where you can read about it more if needs be:

https://galaxy.ansible.com/tersmitten/fail2ban/

Here’s my method for making use of the role, which is within the context of an Ansible project that already automates the other aspects of setting up a server. It’s necessary to have a provisioning playbook already in place, so you can incorporate the role shown in this post into the main project.

If this idea of “context” doesn’t make much sense then check out this other post I have on provisioning a server with Ansible for Debian 8 (Jessie).

Installing Fail2ban with Ansible on Ubuntu 18.04 (Bionic Beaver)

Fail2ban Logo with Ansible Logo

Preamble

This is a very short post covering a rudimentary Ansible playbook (if you can even call it one) that contains tasks for installing Fail2ban in a straightforward manner. It’s intended as a follow on from the manual set of instructions/commands most people are familiar with, which I covered in this other post:

Installing Fail2ban on Ubuntu 18.04 (Bionic Beaver)

At the end I’m linking to a third and final post which goes into detail on a more extensive solution to installing Fail2ban, as part of an Ansible provisioning project. It uses an Ansible role rather than a standalone playbook.

Installing Fail2ban on Ubuntu 18.04 (Bionic Beaver)

Fail2ban Logo

Preamble

A highly condensed set of basic commands to install Fail2ban the traditional way. These can be executed on any remote server/VPS running recent versions of Ubuntu; although the process was carried out by myself on 18.04. If you’re not familiar with Fail2ban, the start of this brief guide refers to two good resources you can read up on. One more up to date than the other.

The purpose of this post is to serve as background for a follow up post which uses Ansible to install the Fail2ban package and configuration more efficiently (linked at the end).

Deploying Meltdown and Spectre Fixes with Ansible on Linux Hosts

Spectre & Meltdown Logos

Preamble

As it stands the current “fixes” for Meltdown and Spectre mainly involve updating and upgrading hosts to include their patched kernel upgrades. When it comes to applying the updates to multiple Linux servers, one approach is to use the playbook/plays in this “lockdown” repo from Ansible.

https://github.com/ansible/ansible-lockdown/blob/master/meltdown-spectre-linux.yml

This is how the YAML works to patch the aforementioned exploits.

Kernel Updates for Meltdown and Spectre CPU Exploits

Meltdown and Spectre Logos

Preamble

As updating the target hosts system packages to their latest versions includes the kernel updates, this is in general the easiest way to bring in any Meltdown and Spectre fixes. A reboot is required after the updates for kernel changes to take effect.

Without configuration management or any automation tools it’s pretty simple.