modules/fail2ban/manifests/init.pp - Issue 29364214: Issue 2487 - Introduce fail2ban module

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/fail2ban/manifests/init.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)

Patch Set: Issue 2487 - Introduce fail2ban module Created Dec. 1, 2016, 9:14 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # == Class: fail2ban

	2 #

	3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups.

	4 #

	5 # == Parameters:

	6 #

	7 # [jail_config]

	8 # Provisions a jail.local adjacent to the default configuration.

	9 # By default entries will have the following parameters:

	10 # 'enabled' => 'true',

	11 # 'port' => 'all',

	12 # 'maxretry' => 6,

	13 # 'banaction' => 'iptables-allports',

	14 # 'bantime' => 3600,

	15 #

	16 # For the default banaction iptables-allports, the port parameter

	17 # is not used and only set here for documentation purposes. Note

	18 # that if 'banaction' is set to iptables-multiport, it requires that

	19 # the 'port' parameter contains one or more comma-separated ports or protocols .

	20 #

	21 # [package]

	22 # Overwrite the default package options, to fine-tune the target version (i.e.

	23 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged')

	24 #

	25 # [service]

	26 # Overwrite the default service options.

	27 #

	28 # [filters]

	29 # Adds adittional filters to the filters.d folder.

	30 #

	31 # === Examples:

	32 #

	33 # class {'fail2ban':

	34 # package => {ensure => 'present',},

	35 # service => {},

	36 # jail_config => {

	37 # 'CVE-2013-0235' => {

	38 # 'logpath' => '/var/log/nginx/access_log_hg',

	39 # 'banaction' => 'iptables-multiport',

	40 # 'port' => 'https, http',

	41 # }

	42 # },

	43 # filters => {

	44 # 'CVE-2013-0235' => {

	45 # regexes => [

	46 # '^<HOST>.\"WordPress\/.',

	47 # ],

	48 # }

	49 # },

	50 # }

	51 #

	52 class fail2ban (

	53 $package = {},
	mathias 2016/12/01 09:32:44 Please consistently use hiera('fail2ban::PARAMETER Please consistently use hiera('fail2ban::PARAMETER', $DEFAULT), in order to mimic Puppet 3 behavior and allow for adjustments outside of the classes: hash. f.lopez 2016/12/01 10:16:05 Acknowledged. Show quoted text On 2016/12/01 09:32:44, mathias wrote: > Please consistently use hiera('fail2ban::PARAMETER', $DEFAULT), in order to > mimic Puppet 3 behavior and allow for adjustments outside of the classes: hash. Acknowledged.
	54 $service = {},

	55 $jail_config = {},

	56 $filters = {},

	57 ) {

	58

	59 include stdlib

	60

	61 $jail_default = {

	62 'enabled' => 'true',

	63 'port' => 'all',

	64 'maxretry' => 6,

	65 'banaction' => 'iptables-allports',

	66 'bantime' => 3600,

	67 }

	68

	69 ensure_resource('package', $title, $package)

	70

	71 # Used as default $ensure parameter for most resources below
	mathias 2016/12/01 09:28:30 It is not used as parameter anywhere, just in the It is not used as parameter anywhere, just in the condition. Simply removing the comment here should suffice though. f.lopez 2016/12/01 10:16:05 Acknowledged. Show quoted text On 2016/12/01 09:28:30, mathias wrote: > It is not used as parameter anywhere, just in the condition. Simply removing the > comment here should suffice though. Acknowledged.
	72 $ensure = getparam(Package[$title], 'ensure') ? {

	73 /^(absent\|purged)$/ => 'absent',

	74 default => 'present',

	75 }

	76

	77 if ($ensure == 'present') {

	78

	79 ensure_resource('service', $title, merge({

	80 hasrestart => true,

	81 hasstatus => true,

	82 }, $service))

	83

	84 # See modules/fail2ban/manifests/filter.pp

	85 create_resources('fail2ban::filter', $filters)

	86

	87 file {'/etc/fail2ban/jail.local':

	88 ensure => present,

	89 group => 'root',

	90 mode => '0644',

	91 owner => 'root',

	92 content => template("fail2ban/jail.erb"),

	93 notify => Service['fail2ban'],

	94 require => Package['fail2ban'],

	95 }

	96

	97 Package[$title] -> File['/etc/fail2ban/jail.local']

	98 Service[$title] <~ Package[$title]

	99 }

	100

	101 }

	102

OLD	NEW

« modules/fail2ban/manifests/filter.pp ('K') | « modules/fail2ban/manifests/filter.pp ('k') | modules/fail2ban/templates/filter.erb » ('j') | no next file with comments »