Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: modules/fail2ban/manifests/init.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)
Patch Set: For comments 18 and 19 Created Dec. 1, 2016, 10:16 a.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « modules/fail2ban/manifests/filter.pp ('k') | modules/fail2ban/templates/filter.erb » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 # == Class: fail2ban
2 #
3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups.
4 #
5 # == Parameters:
6 #
7 # [*jail_config*]
mathias 2016/12/02 13:16:21 One last point: I'd like to rename this one to "ja
f.lopez 2016/12/02 14:16:13 Yeah sounds good to me, that was actually my first
8 # Provisions a jail.local adjacent to the default configuration.
9 # By default entries will have the following parameters:
10 # 'enabled' => 'true',
11 # 'port' => 'all',
12 # 'maxretry' => 6,
13 # 'banaction' => 'iptables-allports',
14 # 'bantime' => 3600,
15 #
16 # For the default banaction iptables-allports, the port parameter
17 # is not used and only set here for documentation purposes. Note
18 # that if 'banaction' is set to iptables-multiport, it requires that
19 # the 'port' parameter contains one or more comma-separated ports or protocols .
20 #
21 # [*package*]
22 # Overwrite the default package options, to fine-tune the target version (i.e.
23 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged')
24 #
25 # [*service*]
26 # Overwrite the default service options.
27 #
28 # [*filters*]
29 # Adds adittional filters to the filters.d folder.
30 #
31 # === Examples:
32 #
33 # class {'fail2ban':
34 # package => {ensure => 'present',},
35 # service => {},
36 # jail_config => {
37 # 'CVE-2013-0235' => {
38 # 'logpath' => '/var/log/nginx/access_log_hg',
39 # 'banaction' => 'iptables-multiport',
40 # 'port' => 'https, http',
41 # }
42 # },
43 # filters => {
44 # 'CVE-2013-0235' => {
45 # regexes => [
46 # '^<HOST>.*\"WordPress\/.*',
47 # ],
48 # }
49 # },
50 # }
51 #
52 class fail2ban (
53 $package = hiera('fail2ban::package', {}),
54 $service = hiera('fail2ban::service', {}),
55 $jail_config = hiera('fail2ban::jail_config', {}),
56 $filters = hiera('fail2ban::filters', {}),
57 ) {
58
59 include stdlib
60
61 $jail_default = {
62 'enabled' => 'true',
63 'port' => 'all',
64 'maxretry' => 6,
65 'banaction' => 'iptables-allports',
66 'bantime' => 3600,
67 }
68
69 ensure_resource('package', $title, $package)
70
71 $ensure = getparam(Package[$title], 'ensure') ? {
72 /^(absent|purged)$/ => 'absent',
73 default => 'present',
74 }
75
76 if ($ensure == 'present') {
77
78 ensure_resource('service', $title, merge({
79 hasrestart => true,
80 hasstatus => true,
81 }, $service))
82
83 # See modules/fail2ban/manifests/filter.pp
84 create_resources('fail2ban::filter', $filters)
85
86 file {'/etc/fail2ban/jail.local':
87 ensure => present,
88 group => 'root',
89 mode => '0644',
90 owner => 'root',
91 content => template("fail2ban/jail.erb"),
92 notify => Service['fail2ban'],
93 require => Package['fail2ban'],
94 }
95
96 Package[$title] -> File['/etc/fail2ban/jail.local']
97 Service[$title] <~ Package[$title]
98 }
99
100 }
101
OLDNEW
« no previous file with comments | « modules/fail2ban/manifests/filter.pp ('k') | modules/fail2ban/templates/filter.erb » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld