diff --git a/.scannerwork/.sonar_lock b/.scannerwork/.sonar_lock new file mode 100644 index 0000000..e69de29 diff --git a/.scannerwork/class-mapping.csv b/.scannerwork/class-mapping.csv new file mode 100644 index 0000000..e69de29 diff --git a/.scannerwork/report-task.txt b/.scannerwork/report-task.txt new file mode 100644 index 0000000..b387ee2 --- /dev/null +++ b/.scannerwork/report-task.txt @@ -0,0 +1,6 @@ +projectKey=cd_fail2ban +serverUrl=http://sonarqube.confdroid.com +serverVersion=7.9.1.27448 +dashboardUrl=http://sonarqube.confdroid.com/dashboard?id=cd_fail2ban +ceTaskId=AXvAr_22Yo9HjDKVQ1gr +ceTaskUrl=http://sonarqube.confdroid.com/api/ce/task?id=AXvAr_22Yo9HjDKVQ1gr diff --git a/doc/file.README.html b/doc/file.README.html index efa6e86..76559b5 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -58,10 +58,14 @@
+

Readme

+

-

Synopsis

+

[[TOC]]

+ +

Synopsis

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.

@@ -69,7 +73,7 @@ computer servers from brute-force attacks.

cd_fail2ban is a Puppet module to automate installation, configuration and management of fail2ban settings and rules.

-

WARNING

+

WARNING

**__!!! Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and @@ -79,128 +83,91 @@ test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production!!! __**

-

Table of Contents

+

Features

+ +

Installation

-

Features

+

Configuration

+ -

Installation * install required binaries

+

Service

+ -

Configuration * manage directory structure (file system permissions, -selinux context) * manage configration files (file system permissions, -selinux context, content based on parameters)

- -

Service * manage service status (running or stopped)

- -

Repo Structure

- -

Repostructure has moved to REPOSTRUCTURE.md in repo.

- -

Repo Documentation

- -

See the full Puppet documentation in docs/index.html

- -

Dependencies

+

Dependencies

All dependencies must be included in the catalogue.

+ -

Deployment

- -
native Puppet deployment
+

Deployment

+

via site.pp or nodes.pp

node 'example.example.net' {
-  include cd_puppetdb
+  include cd_elasticsearch
 }
- -

through Foreman:

+

In order to apply parameters through Foreman, -cd_fail2ban::params must be added to the host or hostgroup -in question.

+cd_elasticsearch::params must be added to the host or host +group in question.

See more details about class deployment on Confdroid.com.

-

Parameters

+

Parameters

-

The following parameters are editable via params.pp or through ENC -(recommended). Values changed will take immediate effect -at next puppet run. Services will be restarted where neccessary.

+

The parameters are documented via puppet strings and listed here. Simply open in web browser.

-

The full -list of Parameters is available here and -in the docs folder in the software repo.

- -

Mandatory Parameters

- -

There are currently no mandatory parameters, i.e. the module will function -right out of box as is.

- -

Optional Parameters

- -

SELINUX

+

SELINUX

All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

-

Known Problems

+

Known Problems

-

Support

+

Support

-

Tests

+

Tests

+

Readme

+

-

Synopsis

+

[[TOC]]

+ +

Synopsis

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.

@@ -69,7 +73,7 @@ computer servers from brute-force attacks.

cd_fail2ban is a Puppet module to automate installation, configuration and management of fail2ban settings and rules.

-

WARNING

+

WARNING

**__!!! Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and @@ -79,128 +83,91 @@ test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production!!! __**

-

Table of Contents

+

Features

+ +

Installation

-

Features

+

Configuration

+
  • +

    manage directory structure (file system permissions, selinux context)

    +
  • +

    manage configuration files (file system permissions, selinux context, +content based on parameters)

    +
-

Installation * install required binaries

+

Service

+
  • +

    manage service status (running or stopped)

    +
-

Configuration * manage directory structure (file system permissions, -selinux context) * manage configration files (file system permissions, -selinux context, content based on parameters)

- -

Service * manage service status (running or stopped)

- -

Repo Structure

- -

Repostructure has moved to REPOSTRUCTURE.md in repo.

- -

Repo Documentation

- -

See the full Puppet documentation in docs/index.html

- -

Dependencies

+

Dependencies

All dependencies must be included in the catalogue.

+
  • +

    cd_resources +to manage yum base repos

    +
  • +

    cd_firewall +or puppetlabs-firewall to manage firewall settings (optional)

    +
-

Deployment

- -
native Puppet deployment
+

Deployment

+
  • +

    native Puppet deployment

    +

via site.pp or nodes.pp

node 'example.example.net' {
-  include cd_puppetdb
+  include cd_elasticsearch
 }
- -

through Foreman:

+
  • +

    through Foreman:

    +

In order to apply parameters through Foreman, -cd_fail2ban::params must be added to the host or hostgroup -in question.

+cd_elasticsearch::params must be added to the host or host +group in question.

See more details about class deployment on Confdroid.com.

-

Parameters

+

Parameters

-

The following parameters are editable via params.pp or through ENC -(recommended). Values changed will take immediate effect -at next puppet run. Services will be restarted where neccessary.

+

The parameters are documented via puppet strings and listed here. Simply open in web browser.

-

The full -list of Parameters is available here and -in the docs folder in the software repo.

- -

Mandatory Parameters

- -

There are currently no mandatory parameters, i.e. the module will function -right out of box as is.

- -

Optional Parameters

- -

SELINUX

+

SELINUX

All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

-

Known Problems

+

Known Problems

  • firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban by yum.

-

Support

+

Support

  • OS: CentOS 7

  • -

    Puppet 5.x

    +

    Puppet 5

-

Tests

+

Tests

  • Puppet Lint

  • excluded tests:

    • -

      --no-class_inherits_from_params_class-check:relavant only to +

      --no-class_inherits_from_params_class-check:relevant only to non-supported outdated puppet versions

    • --no-variable_scope-check: not applicable as we are inheriting @@ -220,15 +187,20 @@ block, not per class.

    • ERB Template Parser

    • -

      Test for unwanted UTF8 files in the Puppet code as this causes problems -with PuppetDB (see tests/UTF_Files)

      - -

      Contact Us

      - -

      contact Us

      +

      Test for unwanted UTF8 files in the Puppet code (see tests/UTF_Files)

      +
    • +

      Markdown-lint

      +
    • +

      Spellcheck

      +
    • +

      Sonar Quality Gate

    -

    Disclaimer

    +

    Contact Us

    + +

    contact Us

    + +

    Disclaimer

    ConfDroid as entity is entirely independent from Puppet. We provide custom configuration modules, written for specific purposes and specific