From 2f35b45dfc00c7d3f889ee9239747abbe10c4031 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 5 Jan 2016 21:05:35 +0000 Subject: [PATCH] Drop denyhosts role. We never used it on rhel7 hosts, and don't want to bother on rhel6/fedora either anymore. --- playbooks/groups/anitya.yml | 1 - playbooks/groups/arm-packager.yml | 1 - playbooks/groups/arm-qa.yml | 1 - playbooks/groups/ask.yml | 1 - playbooks/groups/autocloud-web.yml | 1 - playbooks/groups/autosign.yml | 1 - playbooks/groups/backup-server.yml | 1 - playbooks/groups/badges-backend.yml | 1 - playbooks/groups/badges-web.yml | 1 - playbooks/groups/batcave.yml | 1 - playbooks/groups/beaker-stg.yml | 1 - playbooks/groups/beaker-virthosts.yml | 1 - playbooks/groups/beaker.yml | 1 - playbooks/groups/bodhi2.yml | 1 - playbooks/groups/bugyou.yml | 1 - playbooks/groups/busgateway.yml | 1 - playbooks/groups/datagrepper.yml | 1 - playbooks/groups/docs-backend.yml | 1 - playbooks/groups/download.yml | 1 - playbooks/groups/elections.yml | 1 - playbooks/groups/fas.yml | 1 - playbooks/groups/fedimg.yml | 1 - playbooks/groups/fedoauth.yml | 1 - playbooks/groups/fedocal.yml | 1 - playbooks/groups/gallery.yml | 1 - playbooks/groups/github2fedmsg.yml | 1 - playbooks/groups/hotness.yml | 1 - playbooks/groups/ipsilon.yml | 1 - playbooks/groups/keyserver.yml | 1 - playbooks/groups/mailman.yml | 1 - playbooks/groups/mariadb-server.yml | 1 - playbooks/groups/noc.yml | 1 - playbooks/groups/notifs-backend.yml | 1 - playbooks/groups/notifs-web.yml | 1 - playbooks/groups/nuancier.yml | 1 - playbooks/groups/packages.yml | 1 - playbooks/groups/paste.yml | 1 - playbooks/groups/pkgdb.yml | 1 - playbooks/groups/pkgs.yml | 1 - playbooks/groups/postgresql-server.yml | 1 - playbooks/groups/retrace.yml | 1 - playbooks/groups/smtp-mm.yml | 1 - playbooks/groups/statscache.yml | 1 - playbooks/groups/summershum.yml | 1 - playbooks/groups/sundries.yml | 1 - playbooks/groups/tagger.yml | 1 - playbooks/groups/taskotron-client-hosts.yml | 1 - playbooks/groups/value.yml | 1 - playbooks/groups/virthost.yml | 1 - playbooks/groups/wiki.yml | 1 - .../cloud-noc01.cloud.fedoraproject.org.yml | 1 - .../hosts/grafana.cloud.fedoraproject.org.yml | 1 - roles/denyhosts/files/allowed-hosts | 30 - roles/denyhosts/files/denyhosts.conf | 626 ------------------ roles/denyhosts/handlers/main.yml | 3 - roles/denyhosts/tasks/main.yml | 33 - 56 files changed, 744 deletions(-) delete mode 100644 roles/denyhosts/files/allowed-hosts delete mode 100644 roles/denyhosts/files/denyhosts.conf delete mode 100644 roles/denyhosts/handlers/main.yml delete mode 100644 roles/denyhosts/tasks/main.yml diff --git a/playbooks/groups/anitya.yml b/playbooks/groups/anitya.yml index 4e10dd7f67..4daea85ee0 100644 --- a/playbooks/groups/anitya.yml +++ b/playbooks/groups/anitya.yml @@ -14,7 +14,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml index 6c38559927..74265d1440 100644 --- a/playbooks/groups/arm-packager.yml +++ b/playbooks/groups/arm-packager.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - denyhosts - hosts - fas_client - sudo diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml index 6cfb5d0c43..864bab27e7 100644 --- a/playbooks/groups/arm-qa.yml +++ b/playbooks/groups/arm-qa.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - denyhosts - hosts - fas_client - sudo diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml index 0a4c0f49c2..e3c1ca6489 100644 --- a/playbooks/groups/ask.yml +++ b/playbooks/groups/ask.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/autocloud-web.yml b/playbooks/groups/autocloud-web.yml index 8a2b189cc9..184c080fa3 100644 --- a/playbooks/groups/autocloud-web.yml +++ b/playbooks/groups/autocloud-web.yml @@ -16,7 +16,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/autosign.yml b/playbooks/groups/autosign.yml index a77746a4b6..281c3f2d79 100644 --- a/playbooks/groups/autosign.yml +++ b/playbooks/groups/autosign.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 9a3cca75b3..0fc75b5c8b 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -16,7 +16,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index 3c06544323..481632eed0 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index c9f40526b7..884c52e006 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 33a85da688..faa12b9371 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/beaker-stg.yml b/playbooks/groups/beaker-stg.yml index efa00d87a5..07dee88a37 100644 --- a/playbooks/groups/beaker-stg.yml +++ b/playbooks/groups/beaker-stg.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/beaker-virthosts.yml b/playbooks/groups/beaker-virthosts.yml index 295e114df1..7664ebadf9 100644 --- a/playbooks/groups/beaker-virthosts.yml +++ b/playbooks/groups/beaker-virthosts.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index d56f9161b2..3322778d6d 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/bodhi2.yml b/playbooks/groups/bodhi2.yml index 5604c70b3b..709496d5fe 100644 --- a/playbooks/groups/bodhi2.yml +++ b/playbooks/groups/bodhi2.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/bugyou.yml b/playbooks/groups/bugyou.yml index 9c8750bd59..0ecbdcb394 100644 --- a/playbooks/groups/bugyou.yml +++ b/playbooks/groups/bugyou.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - collectd/base - hosts diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml index 98c9d6a6cd..db8f7155ff 100644 --- a/playbooks/groups/busgateway.yml +++ b/playbooks/groups/busgateway.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml index ed27ed386d..6ef5efe9c6 100644 --- a/playbooks/groups/datagrepper.yml +++ b/playbooks/groups/datagrepper.yml @@ -15,7 +15,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/docs-backend.yml b/playbooks/groups/docs-backend.yml index ae663da221..8bb7a01a51 100644 --- a/playbooks/groups/docs-backend.yml +++ b/playbooks/groups/docs-backend.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 16357c4009..e235df1420 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -29,7 +29,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml index b2d558ef78..6c810c377e 100644 --- a/playbooks/groups/elections.yml +++ b/playbooks/groups/elections.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml index 0600ef6c2d..48bb2541a4 100644 --- a/playbooks/groups/fas.yml +++ b/playbooks/groups/fas.yml @@ -16,7 +16,6 @@ - base - hosts - rkhunter - - denyhosts - nagios_client - fas_client - collectd/base diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml index 3df7a346cd..1e4ef4b9f5 100644 --- a/playbooks/groups/fedimg.yml +++ b/playbooks/groups/fedimg.yml @@ -16,7 +16,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - fas_client - nagios_client - hosts diff --git a/playbooks/groups/fedoauth.yml b/playbooks/groups/fedoauth.yml index 16c87f4d18..90c2e2ff74 100644 --- a/playbooks/groups/fedoauth.yml +++ b/playbooks/groups/fedoauth.yml @@ -32,7 +32,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index 7d9a060779..b5930ebff3 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml index 1359730fb4..61e2e3c610 100644 --- a/playbooks/groups/gallery.yml +++ b/playbooks/groups/gallery.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index 3fb7d7a248..a27b4435a1 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml index 3a9957e329..7386735d77 100644 --- a/playbooks/groups/hotness.yml +++ b/playbooks/groups/hotness.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - collectd/base - hosts diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 115a58b4a6..fc5131e3cb 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index 547c972f50..cf3179808c 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 7d282f9952..729d230f19 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index cd432df710..e9cb8f4aa6 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -19,7 +19,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - fas_client - nagios_client - hosts diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index 115792e7f2..159a97eb46 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml index f587120179..40e7a26db0 100644 --- a/playbooks/groups/notifs-backend.yml +++ b/playbooks/groups/notifs-backend.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - hosts - fas_client - nagios_client diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml index 88090fd4fe..eb7b4e4e34 100644 --- a/playbooks/groups/notifs-web.yml +++ b/playbooks/groups/notifs-web.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index 2ade85c6a2..332f7ac3c3 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index 6d3ad524be..e34d47f387 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/paste.yml b/playbooks/groups/paste.yml index ab487c4026..142d5d1436 100644 --- a/playbooks/groups/paste.yml +++ b/playbooks/groups/paste.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml index 493823358d..551be64660 100644 --- a/playbooks/groups/pkgdb.yml +++ b/playbooks/groups/pkgdb.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index f0318edec8..439bea674e 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - fas_client - collectd/base diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 50807cd98e..8d2e97219c 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -19,7 +19,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - fas_client - nagios_client - hosts diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 11375228b0..7ca6b7f0d4 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -14,7 +14,6 @@ - hosts - fas_client - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - sudo - fedmsg/base diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index 152c0eb618..90c4c24491 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -15,7 +15,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/statscache.yml b/playbooks/groups/statscache.yml index 9cb76f9540..a8a767bd91 100644 --- a/playbooks/groups/statscache.yml +++ b/playbooks/groups/statscache.yml @@ -19,7 +19,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/summershum.yml b/playbooks/groups/summershum.yml index 240b88c81d..cc26343dfc 100644 --- a/playbooks/groups/summershum.yml +++ b/playbooks/groups/summershum.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - collectd/base - hosts diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index c8bc7c0446..b59fa52d04 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml index dc8d04268f..fd80280c51 100644 --- a/playbooks/groups/tagger.yml +++ b/playbooks/groups/tagger.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/taskotron-client-hosts.yml b/playbooks/groups/taskotron-client-hosts.yml index 4b229aad50..ae9da5e865 100644 --- a/playbooks/groups/taskotron-client-hosts.yml +++ b/playbooks/groups/taskotron-client-hosts.yml @@ -17,7 +17,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index 4a90e65d06..3f68e6ae9f 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index 5bf08ed3db..68eff6ae29 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -15,7 +15,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index b0521ab2b2..4c0f10f38c 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -18,7 +18,6 @@ roles: - base - rkhunter - - denyhosts - nagios_client - hosts - fas_client diff --git a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml index 00c36389ba..95387f1444 100644 --- a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml @@ -13,7 +13,6 @@ roles: - base - rkhunter - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - nagios_client - hosts - fas_client diff --git a/playbooks/hosts/grafana.cloud.fedoraproject.org.yml b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml index 34d6de8854..d6448d98dd 100644 --- a/playbooks/hosts/grafana.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml @@ -23,7 +23,6 @@ roles: - base - rkhunter - #- { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - apache - graphite/graphite - graphite/statsd diff --git a/roles/denyhosts/files/allowed-hosts b/roles/denyhosts/files/allowed-hosts deleted file mode 100644 index ba971b5452..0000000000 --- a/roles/denyhosts/files/allowed-hosts +++ /dev/null @@ -1,30 +0,0 @@ -# We mustn't block localhost -127.0.0.1 - -#bastion -10.5.126.11 -10.5.126.12 -#lockbox -10.5.126.23 -# don't block lockbox's remote addr, either -209.132.181.6 - -#noc1 -noc1.phx2.fedoraproject.org -10.5.126.41 -192.168.1.10 -209.132.181.35 - -# RDU NAT -66.187.233.202 -66.187.233.206 -# RH NAT -66.187.230.200 -# PHX2 NAT -209.132.181.102 -# tlv RHT NAT -66.187.237.10 -# brno RHT NAT -209.132.186.34 -# IUD RHT NAT -66.187.233.203 diff --git a/roles/denyhosts/files/denyhosts.conf b/roles/denyhosts/files/denyhosts.conf deleted file mode 100644 index 577b8518ea..0000000000 --- a/roles/denyhosts/files/denyhosts.conf +++ /dev/null @@ -1,626 +0,0 @@ - ############ THESE SETTINGS ARE REQUIRED ############ - -######################################################################## -# -# SECURE_LOG: the log file that contains sshd logging info -# if you are not sure, grep "sshd:" /var/log/* -# -# The file to process can be overridden with the --file command line -# argument -# -# Redhat or Fedora Core: -SECURE_LOG = /var/log/secure -# -# Mandrake, FreeBSD or OpenBSD: -#SECURE_LOG = /var/log/auth.log -# -# SuSE: -#SECURE_LOG = /var/log/messages -# -# Mac OS X (v10.4 or greater - -# also refer to: http://www.denyhosts.net/faq.html#macos -#SECURE_LOG = /private/var/log/asl.log -# -# Mac OS X (v10.3 or earlier): -#SECURE_LOG=/private/var/log/system.log -# -######################################################################## - -######################################################################## -# -# HOSTS_DENY: the file which contains restricted host access information -# -# Most operating systems: -HOSTS_DENY = /etc/hosts.deny -# -# Some BSD (FreeBSD) Unixes: -#HOSTS_DENY = /etc/hosts.allow -# -# Another possibility (also see the next option): -#HOSTS_DENY = /etc/hosts.evil -####################################################################### - - -######################################################################## -# -# PURGE_DENY: removed HOSTS_DENY entries that are older than this time -# when DenyHosts is invoked with the --purge flag -# -# format is: i[dhwmy] -# Where 'i' is an integer (eg. 7) -# 'm' = minutes -# 'h' = hours -# 'd' = days -# 'w' = weeks -# 'y' = years -# -# never purge: -#PURGE_DENY = -# -# purge entries older than 1 week -#PURGE_DENY = 1w -# -# purge entries older than 5 days -#PURGE_DENY = 5d -# -# For the default Fedora Extras install, we want timestamping but no -# expiration (at least by default) so this is deliberately set high. -# Adjust to taste. -PURGE_DENY = 4w -####################################################################### - -####################################################################### -# -# PURGE_THRESHOLD: defines the maximum times a host will be purged. -# Once this value has been exceeded then this host will not be purged. -# Setting this parameter to 0 (the default) disables this feature. -# -# default: a denied host can be purged/re-added indefinitely -PURGE_THRESHOLD = 4 -# -# a denied host will be purged at most 2 times. -#PURGE_THRESHOLD = 2 -# -####################################################################### - - -####################################################################### -# -# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY -# -# man 5 hosts_access for details -# -# eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 -# -# To block all services for the offending host: -#BLOCK_SERVICE = ALL -# To block only sshd: -BLOCK_SERVICE = sshd -# To only record the offending host and nothing else (if using -# an auxilary file to list the hosts). Refer to: -# http://denyhosts.sourceforge.net/faq.html#aux -#BLOCK_SERVICE = -# -####################################################################### - - -####################################################################### -# -# DENY_THRESHOLD_INVALID: block each host after the number of failed login -# attempts has exceeded this value. This value applies to invalid -# user login attempts (eg. non-existent user accounts) -# -DENY_THRESHOLD_INVALID = 15 -# -####################################################################### - -####################################################################### -# -# DENY_THRESHOLD_VALID: block each host after the number of failed -# login attempts has exceeded this value. This value applies to valid -# user login attempts (eg. user accounts that exist in /etc/passwd) except -# for the "root" user -# -DENY_THRESHOLD_VALID = 15 -# -####################################################################### - -####################################################################### -# -# DENY_THRESHOLD_ROOT: block each host after the number of failed -# login attempts has exceeded this value. This value applies to -# "root" user login attempts only. -# -DENY_THRESHOLD_ROOT = 5 -# -####################################################################### - - -####################################################################### -# -# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed -# login attempts has exceeded this value. This value applies to -# usernames that appear in the WORK_DIR/restricted-usernames file only. -# -DENY_THRESHOLD_RESTRICTED = 1 -# -####################################################################### - - -####################################################################### -# -# WORK_DIR: the path that DenyHosts will use for writing data to -# (it will be created if it does not already exist). -# -# Note: it is recommended that you use an absolute pathname -# for this value (eg. /home/foo/denyhosts/data) -# -WORK_DIR = /var/lib/denyhosts -# -####################################################################### - -####################################################################### -# -# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS -# -# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO -# If set to YES, if a suspicious login attempt results from an allowed-host -# then it is considered suspicious. If this is NO, then suspicious logins -# from allowed-hosts will not be reported. All suspicious logins from -# ip addresses that are not in allowed-hosts will always be reported. -# -SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES -###################################################################### - -###################################################################### -# -# HOSTNAME_LOOKUP -# -# HOSTNAME_LOOKUP=YES|NO -# If set to YES, for each IP address that is reported by Denyhosts, -# the corresponding hostname will be looked up and reported as well -# (if available). -# -HOSTNAME_LOOKUP=YES -# -###################################################################### - - -###################################################################### -# -# LOCK_FILE -# -# LOCK_FILE=/path/denyhosts -# If this file exists when DenyHosts is run, then DenyHosts will exit -# immediately. Otherwise, this file will be created upon invocation -# and deleted upon exit. This ensures that only one instance is -# running at a time. -# -# Redhat/Fedora: -LOCK_FILE = /var/lock/subsys/denyhosts -# -# Debian -#LOCK_FILE = /var/run/denyhosts.pid -# -# Misc -#LOCK_FILE = /tmp/denyhosts.lock -# -###################################################################### - - - ############ THESE SETTINGS ARE OPTIONAL ############ - - -####################################################################### -# -# ADMIN_EMAIL: if you would like to receive emails regarding newly -# restricted hosts and suspicious logins, set this address to -# match your email address. If you do not want to receive these reports -# leave this field blank (or run with the --noemail option) -# -# Multiple email addresses can be delimited by a comma, eg: -# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com -# -# ADMIN_EMAIL = ausil@fedoraproject.org -# -####################################################################### - -####################################################################### -# -# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email -# reports (see ADMIN_EMAIL) then these settings specify the -# email server address (SMTP_HOST) and the server port (SMTP_PORT) -# -# -# THEMOVE FIXME this needs to work from external non-VPN machines. -SMTP_HOST = bastion -SMTP_PORT = 25 -# -####################################################################### - -####################################################################### -# -# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your -# smtp email server requires authentication -# -#SMTP_USERNAME=foo -#SMTP_PASSWORD=bar -# -###################################################################### - -####################################################################### -# -# SMTP_FROM: you can specify the "From:" address in messages sent -# from DenyHosts when it reports thwarted abuse attempts -# -SMTP_FROM = DenyHosts -# -####################################################################### - -####################################################################### -# -# SMTP_SUBJECT: you can specify the "Subject:" of messages sent -# by DenyHosts when it reports thwarted abuse attempts -SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME] -# -###################################################################### - -###################################################################### -# -# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header -# when sending email messages. -# -# for possible values for this parameter refer to: man strftime -# -# the default: -# -#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z -# -###################################################################### - -###################################################################### -# -# SYSLOG_REPORT -# -# SYSLOG_REPORT=YES|NO -# If set to yes, when denied hosts are recorded the report data -# will be sent to syslog (syslog must be present on your system). -# The default is: NO -# -#SYSLOG_REPORT=NO -# -#SYSLOG_REPORT=YES -# -###################################################################### - -###################################################################### -# -# ALLOWED_HOSTS_HOSTNAME_LOOKUP -# -# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO -# If set to YES, for each entry in the WORK_DIR/allowed-hosts file, -# the hostname will be looked up. If your versions of tcp_wrappers -# and sshd sometimes log hostnames in addition to ip addresses -# then you may wish to specify this option. -# -#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO -# -###################################################################### - -###################################################################### -# -# AGE_RESET_VALID: Specifies the period of time between failed login -# attempts that, when exceeded will result in the failed count for -# this host to be reset to 0. This value applies to login attempts -# to all valid users (those within /etc/passwd) with the -# exception of root. If not defined, this count will never -# be reset. -# -# See the comments in the PURGE_DENY section (above) -# for details on specifying this value or for complete details -# refer to: http://denyhosts.sourceforge.net/faq.html#timespec -# -AGE_RESET_VALID=5d -# -###################################################################### - -###################################################################### -# -# AGE_RESET_ROOT: Specifies the period of time between failed login -# attempts that, when exceeded will result in the failed count for -# this host to be reset to 0. This value applies to all login -# attempts to the "root" user account. If not defined, -# this count will never be reset. -# -# See the comments in the PURGE_DENY section (above) -# for details on specifying this value or for complete details -# refer to: http://denyhosts.sourceforge.net/faq.html#timespec -# -AGE_RESET_ROOT=25d -# -###################################################################### - -###################################################################### -# -# AGE_RESET_RESTRICTED: Specifies the period of time between failed login -# attempts that, when exceeded will result in the failed count for -# this host to be reset to 0. This value applies to all login -# attempts to entries found in the WORK_DIR/restricted-usernames file. -# If not defined, the count will never be reset. -# -# See the comments in the PURGE_DENY section (above) -# for details on specifying this value or for complete details -# refer to: http://denyhosts.sourceforge.net/faq.html#timespec -# -AGE_RESET_RESTRICTED=25d -# -###################################################################### - - -###################################################################### -# -# AGE_RESET_INVALID: Specifies the period of time between failed login -# attempts that, when exceeded will result in the failed count for -# this host to be reset to 0. This value applies to login attempts -# made to any invalid username (those that do not appear -# in /etc/passwd). If not defined, count will never be reset. -# -# See the comments in the PURGE_DENY section (above) -# for details on specifying this value or for complete details -# refer to: http://denyhosts.sourceforge.net/faq.html#timespec -# -AGE_RESET_INVALID=10d -# -###################################################################### - - -###################################################################### -# -# RESET_ON_SUCCESS: If this parameter is set to "yes" then the -# failed count for the respective ip address will be reset to 0 -# if the login is successful. -# -# The default is RESET_ON_SUCCESS = no -# -RESET_ON_SUCCESS = yes -# -##################################################################### - - -###################################################################### -# -# PLUGIN_DENY: If set, this value should point to an executable -# program that will be invoked when a host is added to the -# HOSTS_DENY file. This executable will be passed the host -# that will be added as it's only argument. -# -#PLUGIN_DENY=/usr/bin/true -# -###################################################################### - - -###################################################################### -# -# PLUGIN_PURGE: If set, this value should point to an executable -# program that will be invoked when a host is removed from the -# HOSTS_DENY file. This executable will be passed the host -# that is to be purged as it's only argument. -# -#PLUGIN_PURGE=/usr/bin/true -# -###################################################################### - -###################################################################### -# -# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain -# a regular expression that can be used to identify additional -# hackers for your particular ssh configuration. This functionality -# extends the built-in regular expressions that DenyHosts uses. -# This parameter can be specified multiple times. -# See this faq entry for more details: -# http://denyhosts.sf.net/faq.html#userdef_regex -# -#USERDEF_FAILED_ENTRY_REGEX= -# -# -###################################################################### - - - - - ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ########## - - - -####################################################################### -# -# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag) -# this is the logfile that DenyHosts uses to report it's status. -# To disable logging, leave blank. (default is: /var/log/denyhosts) -# -DAEMON_LOG = /var/log/denyhosts -# -# disable logging: -#DAEMON_LOG = -# -###################################################################### - -####################################################################### -# -# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode -# (--daemon flag) this specifies the timestamp format of -# the DAEMON_LOG messages (default is the ISO8061 format: -# ie. 2005-07-22 10:38:01,745) -# -# for possible values for this parameter refer to: man strftime -# -# Jan 1 13:05:59 -#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S -# -# Jan 1 01:05:59 -#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S -# -###################################################################### - -####################################################################### -# -# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode -# (--daemon flag) this specifies the message format of each logged -# entry. By default the following format is used: -# -# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s -# -# Where the "%(asctime)s" portion is expanded to the format -# defined by DAEMON_LOG_TIME_FORMAT -# -# This string is passed to python's logging.Formatter contstuctor. -# For details on the possible format types please refer to: -# http://docs.python.org/lib/node357.html -# -# This is the default: -#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s -# -# -###################################################################### - - -####################################################################### -# -# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) -# this is the amount of time DenyHosts will sleep between polling -# the SECURE_LOG. See the comments in the PURGE_DENY section (above) -# for details on specifying this value or for complete details -# refer to: http://denyhosts.sourceforge.net/faq.html#timespec -# -# -DAEMON_SLEEP = 30s -# -####################################################################### - -####################################################################### -# -# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode, -# run the purge mechanism to expire old entries in HOSTS_DENY -# This has no effect if PURGE_DENY is blank. -# -DAEMON_PURGE = 1h -# -####################################################################### - - - ######### THESE SETTINGS ARE SPECIFIC TO ########## - ######### DAEMON SYNCHRONIZATION ########## - - -####################################################################### -# -# Synchronization mode allows the DenyHosts daemon the ability -# to periodically send and receive denied host data such that -# DenyHosts daemons worldwide can automatically inform one -# another regarding banned hosts. This mode is disabled by -# default, you must uncomment SYNC_SERVER to enable this mode. -# -# for more information, please refer to: -# http:/denyhosts.sourceforge.net/faq.html#sync -# -####################################################################### - - -####################################################################### -# -# SYNC_SERVER: The central server that communicates with DenyHost -# daemons. Currently, denyhosts.net is the only available server -# however, in the future, it may be possible for organizations to -# install their own server for internal network synchronization -# -# To disable synchronization (the default), do nothing. -# -# To enable synchronization, you must uncomment the following line: -#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 -# -####################################################################### - -####################################################################### -# -# SYNC_INTERVAL: the interval of time to perform synchronizations if -# SYNC_SERVER has been uncommented. The default is 1 hour. -# -SYNC_INTERVAL = 1h -# -####################################################################### - - -####################################################################### -# -# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have -# been denied? This option only applies if SYNC_SERVER has -# been uncommented. -# The default is SYNC_UPLOAD = yes -# -#SYNC_UPLOAD = no -#SYNC_UPLOAD = yes -# -####################################################################### - - -####################################################################### -# -# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have -# been denied by others? This option only applies if SYNC_SERVER has -# been uncommented. -# The default is SYNC_DOWNLOAD = yes -# -#SYNC_DOWNLOAD = no -#SYNC_DOWNLOAD = yes -# -# -# -####################################################################### - -####################################################################### -# -# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter -# filters the returned hosts to those that have been blocked this many -# times by others. That is, if set to 1, then if a single DenyHosts -# server has denied an ip address then you will receive the denied host. -# -# See also SYNC_DOWNLOAD_RESILIENCY -# -#SYNC_DOWNLOAD_THRESHOLD = 10 -# -# The default is SYNC_DOWNLOAD_THRESHOLD = 3 -# -#SYNC_DOWNLOAD_THRESHOLD = 3 -# -####################################################################### - -####################################################################### -# -# SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the -# value specified for this option limits the downloaded data -# to this resiliency period or greater. -# -# Resiliency is defined as the timespan between a hackers first known -# attack and it's most recent attack. Example: -# -# If the centralized denyhosts.net server records an attack at 2 PM -# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h -# will not download this ip address. -# -# However, if the attacker is recorded again at 6:15 PM then the -# ip address will be downloaded by your DenyHosts instance. -# -# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD -# and only hosts that satisfy both values will be downloaded. -# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 -# -# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours) -# -# Only obtain hackers that have been at it for 2 days or more: -#SYNC_DOWNLOAD_RESILIENCY = 2d -# -# Only obtain hackers that have been at it for 5 hours or more: -#SYNC_DOWNLOAD_RESILIENCY = 5h -# -####################################################################### - diff --git a/roles/denyhosts/handlers/main.yml b/roles/denyhosts/handlers/main.yml deleted file mode 100644 index 83c446bce7..0000000000 --- a/roles/denyhosts/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart denyhosts - action: service name=denyhosts state=restarted diff --git a/roles/denyhosts/tasks/main.yml b/roles/denyhosts/tasks/main.yml deleted file mode 100644 index 2eda5661a8..0000000000 --- a/roles/denyhosts/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -#install denyhosts -- name: install denyhosts (yum) - yum: name=denyhosts state=present - tags: - - packages - when: ansible_distribution_major_version|int < 22 - -- name: install denyhosts (dnf) - dnf: name=denyhosts state=present - tags: - - packages - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- name: /etc/denyhosts.conf - copy: src=denyhosts.conf dest=/etc/denyhosts.conf - notify: - - restart denyhosts - tags: - - config - -- name: /var/lib/denyhosts/allowed-hosts - copy: src=allowed-hosts dest=/var/lib/denyhosts/allowed-hosts - notify: - - restart denyhosts - tags: - - config - -- name: enable the service - service: name=denyhosts state=running enabled=true - tags: - - service -