modules/fail2ban/manifests/init.pp - Issue 29364214: Issue 2487 - Introduce fail2ban module

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/fail2ban/manifests/init.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)

Patch Set: Issue 2487 - Introduce fail2ban module Created Nov. 29, 2016, 10:48 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # == Class: fail2ban

	2 #

	3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups.

	4 #

	5 # == Parameters:

	6 #

	7 # [jail_config]

	8 # Provisions a jail.local adjacent to the default configuration.

	9 # By default entries will have the following parameters:

	10 # 'enabled' => 'true',

	11 # 'port' => 'all',

	12 # 'maxretry' => 6,

	13 # 'banaction' => 'iptables-allports',

	14 # 'bantime' => 3600,

	15 #

	16 # For the default banaction iptables-allports, the port parameter

	17 # is not used and only set here for documentation purposes. Note

	18 # that if 'banaction' is set to iptables-multiport, it requires that

	19 # the 'port' parameter contains one or more comma-separated ports or protocols .

	20 #

	21 # [package]

	22 # Overwrite the default package options, to fine-tune the target version (i.e.

	23 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged')

	24 #

	25 # [service]

	26 # Overwrite the default service options.

	27 #

	28 # [filters]

	29 # Adds adittional filters to the filters.d folder.

	30 # === Examples:

	31 #

	32 # class {'fail2ban':

	33 # package => {ensure => 'present',},

	34 # service => {},

	35 # jail_config => {

	36 # 'CVE-2013-0235' => {

	37 # 'logpath' => '/var/log/nginx/access_log_hg',

	38 # 'banaction' => 'iptables-multiport',

	39 # 'port' => 'https, http',
	f.nicolaisen 2016/11/29 11:01:05 lines not aligned? lines not aligned?
	40 # }

	41 # },

	42 # filters => {

	43 # 'CVE-2013-0235' => {

	44 # failregex => [

	45 # '^<HOST>.\"WordPress\/.',

	46 # ],

	47 # }

	48 # },

	49 # }

	50 class fail2ban (

	51 $package = {},

	52 $service = {},

	53 $jail_config = {},

	54 $filters = {},

	55 ) {

	56

	57 include stdlib

	58

	59 $jail_default = {

	60 'enabled' => 'true',

	61 'port' => 'all',

	62 'maxretry' => 6,

	63 'banaction' => 'iptables-allports',

	64 'bantime' => 3600,

	65 }

	66

	67 ensure_resource('package', $title, $package)

	68

	69 # Used as default $ensure parameter for most resources below

	70 $ensure = getparam(Package[$title], 'ensure') ? {

	71 /^(absent\|purged)$/ => 'absent',

	72 default => 'present',

	73 }

	74

	75 # Service resources don't properly support the concept of absence

	76 if ($ensure == 'present') {

	77

	78 ensure_resource('service', $title, $service)

	79 # See modules/fail2ban/manifests/filter.pp

	80 create_resources('fail2ban::filter', $filters)

	81

	82 # Filters already present in the fail2ban distribution can

	83 # also be activated.

	84 # Another thing to consider is the possibility of

	85 # having the filters configured but not activated, so no conf is

	86 # passed.
	f.nicolaisen 2016/11/29 11:01:05 I still don't understand when I should consider th I still don't understand when I should consider this possibility :) "so no conf is passed" is not clear grammar. Who is passing what conf where?
	87 if jail_config != undef {

	88 file {'/etc/fail2ban/jail.local':

	89 ensure => present,

	90 group => 'root',

	91 mode => '0644',

	92 owner => 'root',

	93 content => template("fail2ban/jail.erb"),

	94 notify => Service[$title],

	95 }

	96 }

	97

	98 Package[$title] -> File['/etc/fail2ban/jail.local']

	99 }

	100

	101 }

OLD	NEW

« no previous file with comments | « modules/fail2ban/manifests/filter.pp ('k') | modules/fail2ban/templates/filter.erb » ('j') | no next file with comments »