Side by Side Diff: modules/fail2ban/manifests/init.pp
Issue 29364214:
Issue 2487 - Introduce fail2ban module (Closed)
Patch Set: Issue 2487 - Introduce fail2ban module
Created Nov. 25, 2016, 3:17 p.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« modules/downloadserver/manifests/init.pp ('K')
|
« modules/fail2ban/manifests/filter.pp ('k')
|
modules/fail2ban/templates/filter.erb » ('j')
|
modules/fail2ban/templates/jail.erb » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| OLD | NEW |
|---|---|
| (Empty) | |
| 1 # == Class: fail2ban | |
| 2 # | |
| 3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups. | |
| 4 # | |
| 5 # == Parameters: | |
| 6 # | |
| 7 # [*jail_config*] | |
| 8 # Adds jail.local to the default configuration of fail2ban | |
| 9 # | |
| 10 # [*package*] | |
| 11 # Overwrite the default package options, to fine-tune the target version (i.e. | |
| 12 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged') | |
| 13 # | |
| 14 # [*service*] | |
| 15 # Overwrite the default service options. | |
| 16 # | |
| 17 # [*filters*] | |
| 18 # Adds adittional filters to the filters.d folder | |
| 19 # === Examples: | |
| 20 # | |
| 21 # class {'fail2ban': | |
| 22 # package => {ensure => 'present',}, | |
| 23 # service => {}, | |
| 24 # jail_config => { | |
|
f.nicolaisen
2016/11/25 16:23:29
We should require setting a port here, and if not
f.lopez
2016/11/25 17:41:10
That is the actual motive for this kinda of config
| |
| 25 # 'wordpress' => { | |
| 26 # logpath => '/var/log/nginx/access.log', | |
| 27 # }, | |
| 28 # }, | |
| 29 # filters => { | |
| 30 # 'wordpress' => { | |
| 31 # failregex => [ | |
| 32 # '^<HOST>.*\"WordPress\/.*', | |
| 33 # ], | |
| 34 # } | |
| 35 # }, | |
| 36 # } | |
| 37 class fail2ban ( | |
| 38 $package = hiera('fail2ban::package', 'present'), | |
| 39 $service = hiera('fail2ban::service', {}), | |
| 40 $jail_config = hiera('fail2ban::jail_config', {}), | |
| 41 $filters = hiera('fail2ban::filters', {}), | |
| 42 ) { | |
| 43 | |
| 44 include stdlib | |
| 45 | |
| 46 ensure_resource('package', $title, {ensure => $package}) | |
| 47 | |
| 48 # Used as default $ensure parameter for most resources below | |
| 49 $ensure = getparam(Package[$title], 'ensure') ? { | |
| 50 /^(absent|purged)$/ => 'absent', | |
| 51 default => 'present', | |
| 52 } | |
| 53 | |
| 54 # Service resources don't properly support the concept of absence | |
| 55 if ($ensure == 'present') { | |
| 56 | |
| 57 ensure_resource('service', $title, $service) | |
| 58 # See modules/fail2ban/manifests/filter.pp | |
| 59 create_resources('fail2ban::filter', $filters) | |
| 60 | |
| 61 # According to the docs one can also enable filters that are | |
| 62 # already in there, so the config file should be done indepentently | |
| 63 # of the filters, another thing to consider is the possibility of | |
| 64 # having the filters configured but not activated, so no conf is | |
| 65 # passed. | |
| 66 if jail_config != undef { | |
| 67 file {'/etc/fail2ban/jail.local': | |
|
f.nicolaisen
2016/11/25 16:23:29
Like stated earlier, if no ports have been configu
| |
| 68 ensure => present, | |
| 69 group => 'root', | |
| 70 mode => '0644', | |
| 71 owner => 'root', | |
| 72 content => template("fail2ban/jail.erb"), | |
| 73 notify => Service[$title], | |
| 74 } | |
| 75 } | |
| 76 | |
| 77 Package[$title] -> File['/etc/fail2ban/jail.local'] | |
| 78 | |
| 79 } | |
| 80 | |
| 81 } | |
| OLD | NEW |
