From 7d2d9081e2a937849495e69915495ba3d8393b79 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Tue, 18 Nov 2025 21:30:47 -0500
Subject: [PATCH] Created set of additional tasks for custom filters for new
 Fail2Ban ProFTPd jail

---
 roles/bootstrap/handlers/proftpd.yml | 44 ++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/roles/bootstrap/handlers/proftpd.yml b/roles/bootstrap/handlers/proftpd.yml
index 02728a7..125e6db 100644
--- a/roles/bootstrap/handlers/proftpd.yml
+++ b/roles/bootstrap/handlers/proftpd.yml
@@ -111,3 +111,47 @@
         allowed_users: "{{ ','.join(list(map(lambda u: u['username'], filter(lambda u: not 'http' in u['services'] and not 'https' in u['services'] and not 'httpd' in u['services'] and not 'caddy' in u['services'] and not 'www-data' in u['services'], config['proftpd']['vusers'].values())))) }}"
         anon_root: "{{ map(lambda u: u['home'], filter(lambda u: 'ftps' in u['services'] or 'proftpd' in u['services'], hostvars[inventory_hostname]['users'].values())) | list | random }}/public"
         anon_user: "{{ config['proftpd']['vusers']['smuggler']['username'] }}"
+    - name: Set ProFTPd jail in fail2ban
+      block:
+        - name: Create fail2ban system configuration directory
+          ansible.builtin.file:
+            force: false
+            group: root
+            mode: "0755"
+            owner: root
+            path: /etc/fail2ban
+            state: directory
+        - name: Create fail2ban filters system configuration directory
+          ansible.builtin.file:
+            force: false
+            group: root
+            mode: "0755"
+            owner: root
+            path: /etc/fail2ban/filter.d
+            state: directory
+        - name: Create fail2ban filter system configuration
+          ansible.builtin.copy:
+            backup: true
+            dest: /etc/fail2ban/filter.d/custom_proftpd.conf
+            force: true
+            group: root
+            owner: root
+            src: fail2ban/filter.d/custom_proftpd.conf
+            # validate: string
+        - name: Create fail2ban jails system configuration directory
+          ansible.builtin.file:
+            force: false
+            group: root
+            mode: "0755"
+            owner: root
+            path: /etc/fail2ban/jail.d
+            state: directory
+        - name: Create fail2ban jail system configuration
+          ansible.builtin.copy:
+            backup: true
+            dest: /etc/fail2ban/jail.d/proftpd.local
+            force: true
+            group: root
+            owner: root
+            src: fail2ban/jail.d/proftpd.local
+            # validate: string