From 3c581b56cc82cb98df4620161c542f048efa60e0 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Thu, 3 Aug 2017 14:01:25 +0100 Subject: [PATCH 1/2] added directory control --- README.md | 4 +- manifests/main/dirs.pp | 90 +++++++++++++++++++++++++++++++++++++++--- manifests/params.pp | 19 ++++++++- 3 files changed, 105 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b6ec707..aa51431 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ |Repo Name| version | Build Status| |---|---|---|---| -|`cd_fail2ban`| 0.0.0.2 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| +|`cd_fail2ban`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| ### Synopsis Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. @@ -34,6 +34,7 @@ Fail2Ban is an intrusion prevention software framework that protects computer se Installation * install required binaries + ### Repo Structure Repostructure has moved to REPOSTRUCTURE.md in repo. @@ -78,6 +79,7 @@ There are currently no mandatory parameters, i.e. the module will function right All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. ### Known Problems +* firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban by yum. ### Support * OS: CentOS 6, 7 diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp index 1543b67..4c60b4f 100644 --- a/manifests/main/dirs.pp +++ b/manifests/main/dirs.pp @@ -1,12 +1,11 @@ ## cd_fail2ban::main::dirs.pp # Module name: cd_fail2ban -# Author: Arne Teuke (arne_teuke@ConfDroid.com) -# # License: +# Author: Arne Teuke (arne_teuke@confdroid.com) +# License: # This file is part of cd_fail2ban. # -# cd_fail2ban is used for providing automatic configuration of -# -# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) +# cd_fail2ban is used for providing automatic configuration of Fail2Ban +# Copyright (C) 2017 confdroid (copyright@confdroid.com) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or @@ -27,6 +26,87 @@ class cd_fail2ban::main::dirs ( require cd_fail2ban::main::install + # manage main dir + file { $fn_main_dir: + ensure => directory, + path => $fn_main_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } + # manage action.d dir + + file { $fn_action_d_dir: + ensure => directory, + path => $fn_action_d_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } + + # manage fail2ban.d dir + + file { $fn_fail2ban_d_dir: + ensure => directory, + path => $fn_fail2ban_d_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } + + # manage filter.d dir + + file { $fn_filter_d_dir: + ensure => directory, + path => $fn_filter_d_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } + + # manage jail.d dir + + file { $fn_jail_d_dir: + ensure => directory, + path => $fn_jail_d_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } + + # manage /var/lib/fail2ban + + file { $fn_var_lib_dir: + ensure => directory, + path => $fn_var_lib_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + } } diff --git a/manifests/params.pp b/manifests/params.pp index 7e5d348..70c99b5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -34,11 +34,26 @@ $fn_enable_fail2ban = true, # installation section $reqpackages = $::operatingsystem ? { - /(?i-mx:centos|fedora|redhat)/ => ['fail2ban'], + /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld', + 'fail2ban-sendmail', + 'fail2ban-server.noarch'], } + + # service -$fn_service = 'fail2ban' +$fn_service = 'fail2ban' + +# directories +$fn_main_dir = '/etc/fail2ban' +$fn_action_d_dir = "${fn_main_dir}/action.d" +$fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d" +$fn_filter_d_dir = "${fn_main_dir}/filter.d" +$fn_jail_d_dir = "${fn_main_dir}/jail.d" +$fn_var_lib_dir = '/var/lib/fail2ban' + + +# files # includes must be last From ab94577ae7093a2a24b2b555f6750d00c74c690c Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 3 Aug 2017 15:01:03 +0200 Subject: [PATCH 2/2] recommit for updates in build 4 --- CHANGELOG.md | 14 +- REPOSTRUCTURE.md | 31 ++- doc/_index.html | 2 +- doc/file.README.html | 8 +- doc/index.html | 8 +- doc/puppet_classes/cd_fail2ban.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Adirs.html | 197 ++++++++++++++++-- .../cd_fail2ban_3A_3Amain_3A_3Afiles.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_fail2ban_3A_3Aparams.html | 38 +++- doc/top-level-namespace.html | 2 +- 13 files changed, 272 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 995f46c..da695c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,9 +8,19 @@ Changelog of Git Changelog.

No issue

-dc918f331ab225f Arne Teuke 2017-08-03 11:01:32 +82035d505ca0352 Arne Teuke 2017-08-03 12:13:00

-

initial commit

+

added service control

+ +

+423db4a35427180 Jenkins Server 2017-08-03 12:12:32 +

+

recommit for updates in build 3

+ +

+059e16bca627858 Arne Teuke 2017-08-03 12:07:42 +

+

added service control

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index b032489..752e395 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -1,4 +1,27 @@ . +|-- doc +| |-- css +| | |-- common.css +| | |-- full_list.css +| | `-- style.css +| |-- js +| | |-- app.js +| | |-- full_list.js +| | `-- jquery.js +| |-- puppet_classes +| | |-- cd_fail2ban_3A_3Amain_3A_3Aconfig.html +| | |-- cd_fail2ban_3A_3Amain_3A_3Adirs.html +| | |-- cd_fail2ban_3A_3Amain_3A_3Afiles.html +| | |-- cd_fail2ban_3A_3Amain_3A_3Ainstall.html +| | |-- cd_fail2ban_3A_3Amain_3A_3Aservice.html +| | |-- cd_fail2ban_3A_3Aparams.html +| | `-- cd_fail2ban.html +| |-- file.README.html +| |-- frames.html +| |-- _index.html +| |-- index.html +| |-- puppet_class_list.html +| `-- top-level-namespace.html |-- manifests | |-- main | | |-- config.pp @@ -8,10 +31,14 @@ | | `-- service.pp | |-- init.pp | `-- params.pp +|-- tests +| `-- UTF_Files +|-- CHANGELOG.md |-- Gemfile |-- Gemfile.lock |-- Jenkinsfile |-- LICENSE -`-- README.md +|-- README.md +`-- REPOSTRUCTURE.md -2 directories, 12 files +7 directories, 34 files diff --git a/doc/_index.html b/doc/_index.html index efa3534..b999eaa 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -132,7 +132,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 58369d3..70fc01a 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -61,7 +61,7 @@

|Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.2 | cd_fail2ban| 0.0.0.3 | {Build Status/]|

@@ -184,6 +184,10 @@ right out of box as is.

selinux is disabled, these contexts are ignored.

Known Problems

+
  • +

    firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban +by yum.

    +

Support

  • @@ -238,7 +242,7 @@ environments.

    diff --git a/doc/index.html b/doc/index.html index 31e3547..ac62e2c 100644 --- a/doc/index.html +++ b/doc/index.html @@ -61,7 +61,7 @@

    |Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.2 | cd_fail2ban| 0.0.0.3 | {Build Status/]|

    @@ -184,6 +184,10 @@ right out of box as is.

    selinux is disabled, these contexts are ignored.

    Known Problems

    +
    • +

      firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban +by yum.

      +

    Support

    • @@ -238,7 +242,7 @@ environments.

      diff --git a/doc/puppet_classes/cd_fail2ban.html b/doc/puppet_classes/cd_fail2ban.html index b0476a6..0ee6cfa 100644 --- a/doc/puppet_classes/cd_fail2ban.html +++ b/doc/puppet_classes/cd_fail2ban.html @@ -139,7 +139,7 @@ class cd_fail2ban { diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html index 58a8418..4dd24bd 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html @@ -155,7 +155,7 @@ class cd_fail2ban::main::config ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html index 20c078c..69bbcb1 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html @@ -86,24 +86,21 @@

      cd_fail2ban::main::dirs.pp Module name: cd_fail2ban Author: Arne Teuke -(arne_teuke@ConfDroid.com)

      +(arne_teuke@confdroid.com) +License: + This file is part of cd_fail2ban.

      -

      License:

      +

      cd_fail2ban is used for providing automatic configuration of Fail2Ban -

      This file is part of cd_fail2ban.

      - -

      cd_fail2ban is used for providing automatic configuration of - <service / -purpose> - Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) - This -program is free software: you can redistribute it and/or modify - it under -the terms of the GNU General Public License as published by - the Free -Software Foundation, either version 3 of the License, or - (at your option) -any later version.

      +Copyright (C) 2017 confdroid (copyright@confdroid.com) + This program is +free software: you can redistribute it and/or modify + it under the terms of +the GNU General Public License as published by + the Free Software +Foundation, either version 3 of the License, or + (at your option) any later +version.

      This program is distributed in the hope that it will be useful, but @@ -130,6 +127,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

       
 
+23
 24
 25
 26
@@ -138,10 +136,90 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
      
 29
 30
 31
-32
      +32 +33 +34 +35 +36 +37 +38 +39 +40 +41 +42 +43 +44 +45 +46 +47 +48 +49 +50 +51 +52 +53 +54 +55 +56 +57 +58 +59 +60 +61 +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95 +96 +97 +98 +99 +100 +101 +102 +103 +104 +105 +106 +107 +108 +109 +110 +111 +112 - 
      # File 'manifests/main/dirs.pp', line 24
+        
      # File 'manifests/main/dirs.pp', line 23
 
 class cd_fail2ban::main::dirs (
 
@@ -149,8 +227,89 @@ class cd_fail2ban::main::dirs (
 
   require cd_fail2ban::main::install
 
+  # manage main dir
 
+  file { $fn_main_dir:
+    ensure    =>  directory,
+    path      =>  $fn_main_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
 
+  # manage action.d dir
+
+  file { $fn_action_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_action_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage fail2ban.d dir
+
+  file { $fn_fail2ban_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_fail2ban_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage filter.d dir
+
+  file { $fn_filter_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_filter_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage jail.d dir
+
+  file { $fn_jail_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_jail_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  #  manage /var/lib/fail2ban
+
+  file { $fn_var_lib_dir:
+    ensure    =>  directory,
+    path      =>  $fn_var_lib_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
 }
      
       
     
@@ -159,7 +318,7 @@ class cd_fail2ban::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
index 950258c..4cca46d 100644
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
@@ -152,7 +152,7 @@ class cd_fail2ban::main::files (
 
 
       
diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
index 48bb6ed..8223443 100644
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
@@ -159,7 +159,7 @@ class cd_fail2ban::main::install (
 
 
       
diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
index b3f588b..5bba949 100644
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
@@ -164,7 +164,7 @@ class cd_fail2ban::main::service (
 
 
       
diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
index 6fb2787..37c7f9e 100644
--- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
@@ -197,7 +197,22 @@ to choose, i.e. latest or present.
      
 44
 45
 46
-47
      +47 +48 +49 +50 +51 +52 +53 +54 +55 +56 +57 +58 +59 +60 +61 +62 
      # File 'manifests/params.pp', line 27
@@ -212,11 +227,26 @@ $fn_enable_fail2ban   =  true,
 
 # installation section
 $reqpackages  = $::operatingsystem ? {
-    /(?i-mx:centos|fedora|redhat)/ => ['fail2ban'],
+    /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld',
+                                        'fail2ban-sendmail',
+                                        'fail2ban-server.noarch'],
   }
 
+
+
 # service
-$fn_service   = 'fail2ban'
+$fn_service           = 'fail2ban'
+
+# directories
+$fn_main_dir          = '/etc/fail2ban'
+$fn_action_d_dir      = "${fn_main_dir}/action.d"
+$fn_fail2ban_d_dir    = "${fn_main_dir}/fail2ban.d"
+$fn_filter_d_dir      = "${fn_main_dir}/filter.d"
+$fn_jail_d_dir        = "${fn_main_dir}/jail.d"
+$fn_var_lib_dir       = '/var/lib/fail2ban'
+
+
+# files
 
 # includes must be last
 
@@ -230,7 +260,7 @@ $fn_service   = 'fail2ban'
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index bcf9706..719adc9 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@