diff --git a/CHANGELOG.md b/CHANGELOG.md index 28fa7a9..192962c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+cb4b482e20b2be5 Arne Teuke 2017-08-03 14:56:00 +

+

fixed controls for main conf/local files

+ +

+6f0942201f20c66 Jenkins Server 2017-08-03 14:55:39 +

+

recommit for updates in build 9

+ +

8c3df7530a1ab21 Arne Teuke 2017-08-03 14:51:29

added controls for main conf/local files

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 3ce4a87..80a0b90 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -33,7 +33,9 @@ | `-- params.pp |-- templates | |-- fail2ban_conf.erb -| `-- fail2ban_local.erb +| |-- fail2ban_local.erb +| |-- jail_conf.erb +| `-- jail_local.erb |-- tests | `-- UTF_Files |-- CHANGELOG.md @@ -44,4 +46,4 @@ |-- README.md `-- REPOSTRUCTURE.md -8 directories, 36 files +8 directories, 38 files diff --git a/doc/_index.html b/doc/_index.html index e075b08..a84ecc4 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -132,7 +132,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 9f3f7fd..026d4df 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -61,7 +61,7 @@

|Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.4 | cd_fail2ban| 0.0.0.5 | {Build Status/]|

@@ -251,7 +251,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index b84eafc..c844152 100644 --- a/doc/index.html +++ b/doc/index.html @@ -61,7 +61,7 @@

|Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.4 | cd_fail2ban| 0.0.0.5 | {Build Status/]|

@@ -251,7 +251,7 @@ environments.

diff --git a/doc/puppet_classes/cd_fail2ban.html b/doc/puppet_classes/cd_fail2ban.html index 6201a8d..98cca7e 100644 --- a/doc/puppet_classes/cd_fail2ban.html +++ b/doc/puppet_classes/cd_fail2ban.html @@ -139,7 +139,7 @@ class cd_fail2ban { diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html index cb03150..e0aa07f 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html @@ -153,7 +153,7 @@ class cd_fail2ban::main::config ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html index e36bd45..2d811b7 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html @@ -350,7 +350,7 @@ class cd_fail2ban::main::dirs ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html index 1ba7621..97bae40 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html @@ -168,7 +168,39 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

61 62 63 -64 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95 +96 
# File 'manifests/main/files.pp', line 23
@@ -213,6 +245,38 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
+    # manage  jail.conf
+
+    file { $fn_jail_conf_file:
+      ensure    =>  present,
+      path      =>  $fn_jail_conf_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_jail_conf_erb),
+      notify    =>  Service[$fn_service],
+    }
+
+    # manage  jail.local
+
+    file { $fn_jail_local_file:
+      ensure    =>  present,
+      path      =>  $fn_jail_local_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_jail_local_erb),
+      notify    =>  Service[$fn_service],
+    }
+
   }
 }
@@ -222,7 +286,7 @@ class cd_fail2ban::main::files ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html index 5f1664b..f22bf7c 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html @@ -159,7 +159,7 @@ class cd_fail2ban::main::install ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html index 5837fb0..dae961d 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html @@ -166,7 +166,7 @@ class cd_fail2ban::main::service ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html index 6e53153..58144fa 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html @@ -333,6 +333,383 @@ database.

age in seconds at which bans should be purged from the database.

+
+ + + +
  • + + fn_ignoreip + + + (string) + + + (defaults to: '127.0.0.1/8') + + + — +
    +

    can be an IP address, a CIDR mask or a DNS host. +Fail2ban will not ban a +host which matches an address in this list. Several +addresses can be +defined using space (and/or comma) separator.

    +
    + +
    • + +
  • + + fn_ignorecommand + + + (string) + + + (defaults to: '') + + + — +
    +

    External command that will take an +tagged arguments to ignore, e.g. +<ip>,and return true if the IP is to be +ignored. False otherwise.

    +
    + +
    • + +
  • + + fn_bantime + + + (string) + + + (defaults to: '600') + + + — +
    +

    number of seconds that a host is banned.

    +
    + +
    • + +
  • + + fn_findtime + + + (string) + + + (defaults to: '600') + + + — +
    +

    A host is banned if it has generated “maxretry” +during the last +"findtime" seconds.

    +
    + +
    • + +
  • + + fn_maxretry + + + (string) + + + (defaults to: '5') + + + — +
    +

    number of failures before a host get banned.

    +
    + +
    • + +
  • + + fn_backend + + + (string) + + + (defaults to: 'auto') + + + — +
    +

    specifies the backend used to get files +modification. options are +"pyinotify", "gamin", "polling", +"systemd" and +"auto". +pyinotify: requires pyinotify (a +file alteration monitor) to be installed. + If pyinotify is not installed, +Fail2ban will use auto. +gamin: requires Gamin (a file alteration monitor) +to be installed. + If Gamin is not installed, Fail2ban will use +auto. +polling: uses a polling algorithm which does not require external +libraries. +systemd: uses systemd python library to access the systemd +journal. + Specifying "logpath" is not valid for this backend. + +See "journalmatch" in the jails associated filter config +auto: +will try to use the following backends, in order: + pyinotify, gamin, +polling.

    +
    + +
    • + +
  • + + fn_usedns + + + (string) + + + (defaults to: 'warn') + + + — +
    +

    specifies if jails should trust hostnames in logs, +warn when DNS lookups +are performed, or ignore all hostnames in logs +yes: if a hostname is +encountered, a DNS lookup will be performed. +warn: if a hostname is +encountered, a DNS lookup will be performed, + but it will be logged as a +warning. +no: if a hostname is encountered, will not be used for banning, + +but it will be logged as info. +raw: use raw value (no hostname), allow use +it for no-host filters/actions +(example user)

    +
    + +
    • + +
  • + + fn_logencoding + + + (string) + + + (defaults to: 'auto') + + + — +
    +

    specifies the encoding of the log files +handled by the jail This is used to +decode the lines from the log file. +Typical examples: "ascii", +"utf-8" +auto: will use the system locale setting

    +
    + +
    • + +
  • + + fn_enabled + + + (string) + + + (defaults to: 'false') + + + — +
    +

    enables the jails. +By default all jails are disabled, and it should stay +this way. +Enable only relevant to your setup jails in your .local or +jail.d/*.conf +true: jail will be enabled and log files will get monitored +for changes +false: jail is not enabled

    +
    + +
    • + +
  • + + fn_filter + + + (string) + + + (defaults to: '%(__name__)s') + + + — +
    +

    defines the filter to use by the jail. +By default jails have names matching +their filter name

    +
    + +
    • + +
  • + + fn_destemail + + + (string) + + + (defaults to: 'root@localhost') + + + — +
    +

    Destination email address used solely for the +interpolations in +jail.conf,local,d/* configuration files.

    +
    + +
    • + +
  • + + fn_sender + + + (string) + + + (defaults to: 'root@localhost') + + + — +
    +

    Sender email address used solely for some actions

    +
    + +
    • + +
  • + + fn_mta + + + (string) + + + (defaults to: 'sendmail') + + + — +
    +

    E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA +for the mailing. +Change mta configuration parameter to mail if you want to +revert to +conventional 'mail'.

    +
    + +
    • + +
  • + + fn_protocol + + + (string) + + + (defaults to: 'tcp') + + + — +
    +

    Default protocol.

    +
    + +
    • + +
  • + + fn_chain + + + (string) + + + (defaults to: 'INPUT') + + + — +
    +

    Specify chain where jumps would need to be added in +iptables-* actions.

    +
    + +
    • + +
  • + + fn_port + + + (string) + + + (defaults to: '0:65535') + + + — +
    +

    Ports to be banned Usually should be overridden

    + +

    in a particular jail

    +
    + +
    • + +
  • + + fn_fail2ban_agent + + + (string) + + + (defaults to: 'Fail2Ban/%(fail2ban_version)s') + + + — +
    +

    Format of user-agent +tools.ietf.org/html/rfc7231#section-5.5.3

    • @@ -347,57 +724,90 @@ from the database.

     
 
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93
-94
-95
    +104 +105 +106 +107 +108 +109 +110 +111 +112 +113 +114 +115 +116 +117 +118 +119 +120 +121 +122 +123 +124 +125 +126 +127 +128 +129 +130 +131 +132 +133 +134 +135 +136 +137 +138 +139 +140 +141 +142 +143 +144 +145 +146 +147 +148 +149 +150 +151 +152 +153 +154 +155 +156 +157 +158 +159 +160 +161 +162 +163 +164 +165 +166 +167 +168 +169 +170 +171 +172 +173 +174 +175 +176 +177 +178 +179 +180 +181 +182 +183 +184 - 
    # File 'manifests/params.pp', line 48
+        
    # File 'manifests/params.pp', line 104
 
 class cd_fail2ban::params (
 
@@ -405,6 +815,9 @@ $pkg_ensure             = 'latest',
 
 $fn_manage_config       = true,
 $fn_enable_service      = 'running',
+
+# fail2ban.conf/local
+
 $fn_loglevel            = 'INFO',
 $fn_logtarget           = 'SYSLOG',
 $fn_syslogsocket        = 'auto',
@@ -413,16 +826,41 @@ $fn_pidfile             = '/var/run/fail2ban/fail2ban.pid',
 $fn_dbfile              = '/var/lib/fail2ban/fail2ban.sqlite3',
 $fn_dbpurgeage          = '86400',
 
+# jail.conf/local
+$fn_ignoreip            = '127.0.0.1/8',
+$fn_ignorecommand       = '',
+$fn_bantime             = '600',
+$fn_findtime            = '600',
+$fn_maxretry            = '5',
+$fn_backend             = 'auto',
+$fn_usedns              = 'warn',
+$fn_logencoding         = 'auto',
+$fn_enabled             = 'false',
+$fn_filter              = '%(__name__)s',
+$fn_destemail           = 'root@localhost',
+$fn_sender              = 'root@localhost',
+$fn_mta                 = 'sendmail',
+$fn_protocol            = 'tcp',
+$fn_chain               = 'INPUT',
+$fn_port                = '0:65535',
+$fn_fail2ban_agent      = 'Fail2Ban/%(fail2ban_version)s',
+
 
 ) {
 
 # installation section
-$reqpackages  = $::operatingsystem ? {
+$reqpackages    = $::operatingsystem ? {
     /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld',
                                         'fail2ban-sendmail',
-                                        'fail2ban-server.noarch'],
+                                        'fail2ban-server.noarch','jwhois'],
   }
 
+$fn_jail_paths    = $::operatingsystem ? {
+    /(?i-mx:centos|fedora|redhat)/ => 'fedora',
+  }
+
+# shortcuts
+$fn_os                  = $::operatingsystem
 
 # service
 $fn_service             = 'fail2ban'
@@ -441,6 +879,11 @@ $fn_fail2ban_conf_file  = "${fn_main_dir}/fail2ban.conf"
 $fn_fail2ban_conf_erb   = 'cd_fail2ban/fail2ban_conf.erb'
 $fn_fail2ban_local_file = "${fn_main_dir}/fail2ban.local"
 $fn_fail2ban_local_erb  = 'cd_fail2ban/fail2ban_local.erb'
+$fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
+$fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
+$fn_jail_local_file     = "${fn_main_dir}/jail.local"
+$fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
+
 
 # includes must be last
 
@@ -454,7 +897,7 @@ $fn_fail2ban_local_erb  = 'cd_fail2ban/fail2ban_local.erb'
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 4af7cea..136fa21 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/tests/UTF_Files b/tests/UTF_Files
index a138597..4319827 100644
--- a/tests/UTF_Files
+++ b/tests/UTF_Files
@@ -4,3 +4,4 @@
 ./.yardoc/objects/root.dat: data
 ./doc/css/style.css: HTML document, UTF-8 Unicode text, with very long lines
 ./doc/js/jquery.js: HTML document, UTF-8 Unicode text, with very long lines
+./doc/puppet_classes/cd_fail2ban_3A_3Aparams.html: HTML document, UTF-8 Unicode text