From 3c581b56cc82cb98df4620161c542f048efa60e0 Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Thu, 3 Aug 2017 14:01:25 +0100
Subject: [PATCH] added directory control

---
 README.md              |  4 +-
 manifests/main/dirs.pp | 90 +++++++++++++++++++++++++++++++++++++++---
 manifests/params.pp    | 19 ++++++++-
 3 files changed, 105 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index b6ec707..aa51431 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_fail2ban`| 0.0.0.2 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
+|`cd_fail2ban`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
 
 ### Synopsis
 Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.
@@ -34,6 +34,7 @@ Fail2Ban is an intrusion prevention software framework that protects computer se
 Installation
 * install required binaries
 
+
 ### Repo Structure
 Repostructure has moved to REPOSTRUCTURE.md in repo.
 
@@ -78,6 +79,7 @@ There are currently no mandatory parameters, i.e. the module will function right
 All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
 
 ### Known Problems
+* firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban by yum.
 
 ### Support
 * OS: CentOS 6, 7
diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp
index 1543b67..4c60b4f 100644
--- a/manifests/main/dirs.pp
+++ b/manifests/main/dirs.pp
@@ -1,12 +1,11 @@
 ## cd_fail2ban::main::dirs.pp
 # Module name: cd_fail2ban
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+# License:
 #    This file is part of cd_fail2ban.
 #
-#    cd_fail2ban is used for providing automatic configuration of
-#    <service / purpose>
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
+#    cd_fail2ban is used for providing automatic configuration of Fail2Ban
+#    Copyright (C) 2017  confdroid (copyright@confdroid.com)
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
 #    the Free Software Foundation, either version 3 of the License, or
@@ -27,6 +26,87 @@ class cd_fail2ban::main::dirs (
 
   require cd_fail2ban::main::install
 
+  # manage main dir
 
+  file { $fn_main_dir:
+    ensure    =>  directory,
+    path      =>  $fn_main_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
 
+  # manage action.d dir
+
+  file { $fn_action_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_action_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage fail2ban.d dir
+
+  file { $fn_fail2ban_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_fail2ban_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage filter.d dir
+
+  file { $fn_filter_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_filter_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  # manage jail.d dir
+
+  file { $fn_jail_d_dir:
+    ensure    =>  directory,
+    path      =>  $fn_jail_d_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
+
+  #  manage /var/lib/fail2ban
+
+  file { $fn_var_lib_dir:
+    ensure    =>  directory,
+    path      =>  $fn_var_lib_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  etc_t,
+    seluser   =>  system_u,
+  }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 7e5d348..70c99b5 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -34,11 +34,26 @@ $fn_enable_fail2ban   =  true,
 
 # installation section
 $reqpackages  = $::operatingsystem ? {
-    /(?i-mx:centos|fedora|redhat)/ => ['fail2ban'],
+    /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld',
+                                        'fail2ban-sendmail',
+                                        'fail2ban-server.noarch'],
   }
 
+
+
 # service
-$fn_service   = 'fail2ban'
+$fn_service           = 'fail2ban'
+
+# directories
+$fn_main_dir          = '/etc/fail2ban'
+$fn_action_d_dir      = "${fn_main_dir}/action.d"
+$fn_fail2ban_d_dir    = "${fn_main_dir}/fail2ban.d"
+$fn_filter_d_dir      = "${fn_main_dir}/filter.d"
+$fn_jail_d_dir        = "${fn_main_dir}/jail.d"
+$fn_var_lib_dir       = '/var/lib/fail2ban'
+
+
+# files
 
 # includes must be last