confdroid/confdroid_fail2ban
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added directory control

Browse Source
This commit is contained in:
Arne Teuke
2017-08-03 14:01:25 +01:00
parent 16b4aa5664
commit 3c581b56cc
3 changed files with 105 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -1,6 +1,6 @@
|Repo Name| version | Build Status| |Repo Name| version | Build Status|
|---|---|---|---| |---|---|---|---|
|`cd_fail2ban`| 0.0.0.2 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| |`cd_fail2ban`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
### Synopsis ### Synopsis
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.
@@ -34,6 +34,7 @@ Fail2Ban is an intrusion prevention software framework that protects computer se
Installation Installation
* install required binaries * install required binaries
### Repo Structure ### Repo Structure
Repostructure has moved to REPOSTRUCTURE.md in repo. Repostructure has moved to REPOSTRUCTURE.md in repo.
@@ -78,6 +79,7 @@ There are currently no mandatory parameters, i.e. the module will function right
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
### Known Problems ### Known Problems
* firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban by yum.
### Support ### Support
* OS: CentOS 6, 7 * OS: CentOS 6, 7

92
manifests/main/dirs.pp
View File

@@ -1,12 +1,11 @@
## cd_fail2ban::main::dirs.pp ## cd_fail2ban::main::dirs.pp
# Module name: cd_fail2ban # Module name: cd_fail2ban
# Author: Arne Teuke (arne_teuke@ConfDroid.com) # Author: Arne Teuke (arne_teuke@confdroid.com)
# # License: # License:
# This file is part of cd_fail2ban. # This file is part of cd_fail2ban.
# #
# cd_fail2ban is used for providing automatic configuration of # cd_fail2ban is used for providing automatic configuration of Fail2Ban
# <service / purpose> # Copyright (C) 2017 confdroid (copyright@confdroid.com)
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or # the Free Software Foundation, either version 3 of the License, or
@@ -27,6 +26,87 @@ class cd_fail2ban::main::dirs (
require cd_fail2ban::main::install require cd_fail2ban::main::install
# manage main dir
file { $fn_main_dir:
ensure => directory,
path => $fn_main_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# manage action.d dir
file { $fn_action_d_dir:
ensure => directory,
path => $fn_action_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# manage fail2ban.d dir
file { $fn_fail2ban_d_dir:
ensure => directory,
path => $fn_fail2ban_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# manage filter.d dir
file { $fn_filter_d_dir:
ensure => directory,
path => $fn_filter_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# manage jail.d dir
file { $fn_jail_d_dir:
ensure => directory,
path => $fn_jail_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# manage /var/lib/fail2ban
file { $fn_var_lib_dir:
ensure => directory,
path => $fn_var_lib_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
} }

17
manifests/params.pp
View File

@@ -34,12 +34,27 @@ $fn_enable_fail2ban = true,
# installation section # installation section
$reqpackages = $::operatingsystem ? { $reqpackages = $::operatingsystem ? {
/(?i-mx:centos|fedora|redhat)/ => ['fail2ban'], /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld',
'fail2ban-sendmail',
'fail2ban-server.noarch'],
} }
# service # service
$fn_service = 'fail2ban' $fn_service = 'fail2ban'
# directories
$fn_main_dir = '/etc/fail2ban'
$fn_action_d_dir = "${fn_main_dir}/action.d"
$fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d"
$fn_filter_d_dir = "${fn_main_dir}/filter.d"
$fn_jail_d_dir = "${fn_main_dir}/jail.d"
$fn_var_lib_dir = '/var/lib/fail2ban'
# files
# includes must be last # includes must be last
include cd_fail2ban::main::config include cd_fail2ban::main::config