Delta Between Two Patch Sets: modules/fail2ban/manifests/init.pp
Issue 29364214:
Issue 2487 - Introduce fail2ban module (Closed)
Left Patch Set: For comments 18 and 19
Created Dec. 1, 2016, 10:16 a.m.
Right Patch Set: For comment 22 and 23
Created Dec. 2, 2016, 2:22 p.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with change/comment
|
« modules/fail2ban/manifests/filter.pp ('k')
|
modules/fail2ban/templates/filter.erb » ('j')
|
no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| LEFT | RIGHT |
|---|---|
| 1 # == Class: fail2ban | 1 # == Class: fail2ban |
| 2 # | 2 # |
| 3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups. | 3 # Create and maintain fail2ban (http://www.fail2ban.org/) setups. |
| 4 # | 4 # |
| 5 # == Parameters: | 5 # == Parameters: |
| 6 # | 6 # |
| 7 # [*jail_config*] | 7 # [*jails*] |
|
mathias
2016/12/02 13:16:21
One last point: I'd like to rename this one to "ja
f.lopez
2016/12/02 14:16:13
Yeah sounds good to me, that was actually my first
| |
| 8 # Provisions a jail.local adjacent to the default configuration. | 8 # Provisions a jail.local adjacent to the default configuration. |
| 9 # By default entries will have the following parameters: | 9 # By default entries will have the following parameters: |
| 10 # 'enabled' => 'true', | 10 # 'enabled' => 'true', |
| 11 # 'port' => 'all', | 11 # 'port' => 'all', |
| 12 # 'maxretry' => 6, | 12 # 'maxretry' => 6, |
| 13 # 'banaction' => 'iptables-allports', | 13 # 'banaction' => 'iptables-allports', |
| 14 # 'bantime' => 3600, | 14 # 'bantime' => 3600, |
| 15 # | 15 # |
| 16 # For the default banaction iptables-allports, the port parameter | 16 # For the default banaction iptables-allports, the port parameter |
| 17 # is not used and only set here for documentation purposes. Note | 17 # is not used and only set here for documentation purposes. Note |
| 18 # that if 'banaction' is set to iptables-multiport, it requires that | 18 # that if 'banaction' is set to iptables-multiport, it requires that |
| 19 # the 'port' parameter contains one or more comma-separated ports or protocols . | 19 # the 'port' parameter contains one or more comma-separated ports or protocols . |
| 20 # | 20 # |
| 21 # [*package*] | 21 # [*package*] |
| 22 # Overwrite the default package options, to fine-tune the target version (i.e. | 22 # Overwrite the default package options, to fine-tune the target version (i.e. |
| 23 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged') | 23 # ensure => 'latest') or remove fail2ban (ensure => 'absent' or 'purged') |
| 24 # | 24 # |
| 25 # [*service*] | 25 # [*service*] |
| 26 # Overwrite the default service options. | 26 # Overwrite the default service options. |
| 27 # | 27 # |
| 28 # [*filters*] | 28 # [*filters*] |
| 29 # Adds adittional filters to the filters.d folder. | 29 # Adds adittional filters to the filters.d folder. |
| 30 # | 30 # |
| 31 # === Examples: | 31 # === Examples: |
| 32 # | 32 # |
| 33 # class {'fail2ban': | 33 # class {'fail2ban': |
| 34 # package => {ensure => 'present',}, | 34 # package => {ensure => 'present',}, |
| 35 # service => {}, | 35 # service => {}, |
| 36 # jail_config => { | 36 # jails => { |
| 37 # 'CVE-2013-0235' => { | 37 # 'CVE-2013-0235' => { |
| 38 # 'logpath' => '/var/log/nginx/access_log_hg', | 38 # 'logpath' => '/var/log/nginx/access_log_hg', |
| 39 # 'banaction' => 'iptables-multiport', | 39 # 'banaction' => 'iptables-multiport', |
| 40 # 'port' => 'https, http', | 40 # 'port' => 'https, http', |
| 41 # } | 41 # } |
| 42 # }, | 42 # }, |
| 43 # filters => { | 43 # filters => { |
| 44 # 'CVE-2013-0235' => { | 44 # 'CVE-2013-0235' => { |
| 45 # regexes => [ | 45 # regexes => [ |
| 46 # '^<HOST>.*\"WordPress\/.*', | 46 # '^<HOST>.*\"WordPress\/.*', |
| 47 # ], | 47 # ], |
| 48 # } | 48 # } |
| 49 # }, | 49 # }, |
| 50 # } | 50 # } |
| 51 # | 51 # |
| 52 class fail2ban ( | 52 class fail2ban ( |
| 53 $package = hiera('fail2ban::package', {}), | 53 $package = hiera('fail2ban::package', {}), |
| 54 $service = hiera('fail2ban::service', {}), | 54 $service = hiera('fail2ban::service', {}), |
| 55 $jail_config = hiera('fail2ban::jail_config', {}), | 55 $jails = hiera('fail2ban::jails', {}), |
| 56 $filters = hiera('fail2ban::filters', {}), | 56 $filters = hiera('fail2ban::filters', {}), |
| 57 ) { | 57 ) { |
| 58 | 58 |
| 59 include stdlib | 59 include stdlib |
| 60 | 60 |
| 61 $jail_default = { | 61 $jail_default = { |
| 62 'enabled' => 'true', | 62 'enabled' => 'true', |
| 63 'port' => 'all', | 63 'port' => 'all', |
| 64 'maxretry' => 6, | 64 'maxretry' => 6, |
| 65 'banaction' => 'iptables-allports', | 65 'banaction' => 'iptables-allports', |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 92 notify => Service['fail2ban'], | 92 notify => Service['fail2ban'], |
| 93 require => Package['fail2ban'], | 93 require => Package['fail2ban'], |
| 94 } | 94 } |
| 95 | 95 |
| 96 Package[$title] -> File['/etc/fail2ban/jail.local'] | 96 Package[$title] -> File['/etc/fail2ban/jail.local'] |
| 97 Service[$title] <~ Package[$title] | 97 Service[$title] <~ Package[$title] |
| 98 } | 98 } |
| 99 | 99 |
| 100 } | 100 } |
| 101 | 101 |
| LEFT | RIGHT |
« modules/fail2ban/manifests/filter.pp ('k')
|
modules/fail2ban/templates/filter.erb » ('j')
|
Toggle Intra-line Diffs ('i')
|
Expand Comments ('e')
|
Collapse Comments ('c')
|
Toggle Comments ('s')
