-
+
+
+
+
+
+
+
+
+
+
|Repo Name| version | Build
Status|
|---|---|---|---|
-|cd_fail2ban| 0.0.0.2 | cd_fail2ban| 0.0.0.4 | {Build
Status/]|
Installation * install required binaries
+Configuration +* manage directory structure (file system permissions, +selinux context) +* manage configration files (file system permissions, +selinux context, content based on parameters)
+ +Service +* manage service status (running or stopped)
+Repostructure has moved to REPOSTRUCTURE.md in repo.
@@ -184,6 +193,10 @@ right out of box as is. selinux is disabled, these contexts are ignored.firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban +by yum.
+|Repo Name| version | Build
Status|
|---|---|---|---|
-|cd_fail2ban| 0.0.0.2 | cd_fail2ban| 0.0.0.4 | {Build
Status/]|
Installation * install required binaries
+Configuration +* manage directory structure (file system permissions, +selinux context) +* manage configration files (file system permissions, +selinux context, content based on parameters)
+ +Service +* manage service status (running or stopped)
+Repostructure has moved to REPOSTRUCTURE.md in repo.
@@ -184,6 +193,10 @@ right out of box as is. selinux is disabled, these contexts are ignored.firewalld: firewalld is auto-installed on CentOS7 as dependency of fail2ban +by yum.
+# File 'manifests/main/config.pp', line 24
@@ -144,9 +143,8 @@ class cd_fail2ban::main::config (
) inherits cd_fail2ban::params {
- if $fn_enable_fail2ban == true {
include cd_fail2ban::main::service
- }
+
}
cd_fail2ban::main::dirs.pp Module name: cd_fail2ban Author: Arne Teuke -(arne_teuke@ConfDroid.com)
+(arne_teuke@confdroid.com) +License: + This file is part of cd_fail2ban. -cd_fail2ban is used for providing automatic configuration of Fail2Ban -
This file is part of cd_fail2ban.
- -cd_fail2ban is used for providing automatic configuration of - <service / -purpose> - Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) - This -program is free software: you can redistribute it and/or modify - it under -the terms of the GNU General Public License as published by - the Free -Software Foundation, either version 3 of the License, or - (at your option) -any later version.
+Copyright (C) 2017 confdroid (copyright@confdroid.com) + This program is +free software: you can redistribute it and/or modify + it under the terms of +the GNU General Public License as published by + the Free Software +Foundation, either version 3 of the License, or + (at your option) any later +version.This program is distributed in the hope that it will be useful, but @@ -130,6 +127,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
+23 24 25 26 @@ -138,10 +136,106 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/. 29 30 31 -32+32 +33 +34 +35 +36 +37 +38 +39 +40 +41 +42 +43 +44 +45 +46 +47 +48 +49 +50 +51 +52 +53 +54 +55 +56 +57 +58 +59 +60 +61 +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95 +96 +97 +98 +99 +100 +101 +102 +103 +104 +105 +106 +107 +108 +109 +110 +111 +112 +113 +114 +115 +116 +117 +118 +119 +120 +121 +122 +123 +124 +125 +126 +127 +128
# File 'manifests/main/dirs.pp', line 24
+ # File 'manifests/main/dirs.pp', line 23
class cd_fail2ban::main::dirs (
@@ -149,6 +243,103 @@ class cd_fail2ban::main::dirs (
require cd_fail2ban::main::install
+ # manage main dir
+
+ file { $fn_main_dir:
+ ensure => directory,
+ path => $fn_main_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # manage action.d dir
+
+ file { $fn_action_d_dir:
+ ensure => directory,
+ path => $fn_action_d_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # manage fail2ban.d dir
+
+ file { $fn_fail2ban_d_dir:
+ ensure => directory,
+ path => $fn_fail2ban_d_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # manage filter.d dir
+
+ file { $fn_filter_d_dir:
+ ensure => directory,
+ path => $fn_filter_d_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # manage jail.d dir
+
+ file { $fn_jail_d_dir:
+ ensure => directory,
+ path => $fn_jail_d_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # manage /var/lib/fail2ban
+
+ file { $fn_var_lib_dir:
+ ensure => directory,
+ path => $fn_var_lib_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => fail2ban_var_lib_t,
+ seluser => system_u,
+ }
+
+ # manage /var/run/fail2bam
+
+ file { $fn_var_run_dir:
+ ensure => directory,
+ path => $fn_var_run_dir,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ selrange => s0,
+ selrole => object_r,
+ seltype => fail2ban_var_run_t,
+ seluser => system_u,
+ }
}
@@ -159,7 +350,7 @@ class cd_fail2ban::main::dirs (
diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
index 950258c..1ba7621 100644
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
@@ -133,7 +133,42 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
26
27
28
-29
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
# File 'manifests/main/files.pp', line 23
@@ -144,6 +179,41 @@ class cd_fail2ban::main::files (
require cd_fail2ban::main::dirs
+ if $fn_manage_config == true {
+
+ # manage fail2ban.conf
+
+ file { $fn_fail2ban_conf_file:
+ ensure => present,
+ path => $fn_fail2ban_conf_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ content => template($fn_fail2ban_conf_erb),
+ notify => Service[$fn_service],
+ }
+
+ # manage fail2ban.local
+
+ file { $fn_fail2ban_local_file:
+ ensure => present,
+ path => $fn_fail2ban_local_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ content => template($fn_fail2ban_local_erb),
+ notify => Service[$fn_service],
+ }
+
+ }
}
# File 'manifests/main/service.pp', line 23
@@ -151,11 +152,12 @@ class cd_fail2ban::main::service (
require cd_fail2ban::main::files
service { $fn_service:
- ensure => running,
+ ensure => $fn_enable_service,
hasstatus => true,
hasrestart => true,
enable => true,
}
+
}
You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/.
+href="http://www.gnu.org/licenses">www.gnu.org/licenses/. +CRITICAL,ERROR,WARNING,NOTICE,INFO
+and DEBUG.
@@ -156,15 +158,183 @@ to choose, i.e. latest or present.
Whether to manage the fail2ban +configuration files. If set to false, +fail2ban will be installed, but the +configuration will not be managed.
+Whether to enable/start or disable/stop
+the fail2ban service. Valid options
+are running or stopped.
Set the log level output. Valid options are
+Set the log target. This could be a file, +SYSLOG, STDERR or STDOUT. Only +one log target can be specified.
+Set the syslog socket file. Only used when +logtarget is SYSLOG. auto uses +platform.system() to determine predefined +paths Valid options: [ auto | +FILE ].
+Set the socket file to communicate with the daemon.
+Set the PID file to store the process ID of the +fail2ban server.
+file for the fail2ban persistent data to be stored. +A value of +":memory:" means database is only stored in memory +and data is +lost when fail2ban is stopped. +A value of "None" disables the +database.
+age in seconds at which bans should be purged +from the database.
+latest or present.
-27 -28 -29 -30 -31 -32 -33 -34 -35 -36 -37 -38 -39 -40 -41 -42 -43 -44 -45 -46 -47+48 +49 +50 +51 +52 +53 +54 +55 +56 +57 +58 +59 +60 +61 +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95
# File 'manifests/params.pp', line 27 +# File 'manifests/params.pp', line 48 class cd_fail2ban::params ( -$pkg_ensure = 'latest', +$pkg_ensure = 'latest', + +$fn_manage_config = true, +$fn_enable_service = 'running', +$fn_loglevel = 'INFO', +$fn_logtarget = 'SYSLOG', +$fn_syslogsocket = 'auto', +$fn_socket = '/var/run/fail2ban/fail2ban.sock', +$fn_pidfile = '/var/run/fail2ban/fail2ban.pid', +$fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3', +$fn_dbpurgeage = '86400', -$fn_enable_fail2ban = true, ) { # installation section $reqpackages = $::operatingsystem ? { - /(?i-mx:centos|fedora|redhat)/ => ['fail2ban'], + /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld', + 'fail2ban-sendmail', + 'fail2ban-server.noarch'], } + # service -$fn_service = 'fail2ban' +$fn_service = 'fail2ban' + +# directories +$fn_main_dir = '/etc/fail2ban' +$fn_action_d_dir = "${fn_main_dir}/action.d" +$fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d" +$fn_filter_d_dir = "${fn_main_dir}/filter.d" +$fn_jail_d_dir = "${fn_main_dir}/jail.d" +$fn_var_lib_dir = '/var/lib/fail2ban' +$fn_var_run_dir = '/var/run/fail2ban' + +# files +$fn_fail2ban_conf_file = "${fn_main_dir}/fail2ban.conf" +$fn_fail2ban_conf_erb = 'cd_fail2ban/fail2ban_conf.erb' +$fn_fail2ban_local_file = "${fn_main_dir}/fail2ban.local" +$fn_fail2ban_local_erb = 'cd_fail2ban/fail2ban_local.erb' # includes must be last @@ -230,7 +454,7 @@ $fn_service = 'fail2ban' diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html index bcf9706..4af7cea 100644 --- a/doc/top-level-namespace.html +++ b/doc/top-level-namespace.html @@ -90,7 +90,7 @@