diff --git a/CHANGELOG.md b/CHANGELOG.md index 399a14e..f939de9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,56 @@ Changelog of Git Changelog.

No issue

+7e856636a16ccf7 Arne Teuke 2017-08-06 15:07:51 +

+

adjusting multiline break

+ +

+19cf115fce3293d Jenkins Server 2017-08-06 15:07:25 +

+

recommit for updates in build 21

+ +

+36c79fcaf3d99fd Arne Teuke 2017-08-06 15:04:43 +

+

adjusting multiline break

+ +

+d1a208d5c4176f8 Arne Teuke 2017-08-06 15:01:46 +

+

testing multiline break

+ +

+df2a6fc42cf1609 Arne Teuke 2017-08-06 14:57:38 +

+

testing multiline break

+ +

+c54dc53df69bf1c Arne Teuke 2017-08-06 14:52:24 +

+

testing multiline break

+ +

+329a1f904f45915 Arne Teuke 2017-08-06 14:45:32 +

+

testing multiline break

+ +

+f99b81661229439 Arne Teuke 2017-08-06 14:38:42 +

+

testing multiline break

+ +

+fa4758835e44da1 Arne Teuke 2017-08-06 14:30:02 +

+

finalized jail.local

+ +

+5361f997c9e1f20 Arne Teuke 2017-08-05 13:03:52 +

+

checking auto-carriage return

+ +

df59c3e85d59b32 Arne Teuke 2017-08-03 16:33:22

added more file controls

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 80a0b90..a296f30 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -35,7 +35,8 @@ | |-- fail2ban_conf.erb | |-- fail2ban_local.erb | |-- jail_conf.erb -| `-- jail_local.erb +| |-- jail_local.erb +| `-- paths_common_conf.erb |-- tests | `-- UTF_Files |-- CHANGELOG.md @@ -46,4 +47,4 @@ |-- README.md `-- REPOSTRUCTURE.md -8 directories, 38 files +8 directories, 39 files diff --git a/doc/_index.html b/doc/_index.html index 7d7f332..19e4c52 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -132,7 +132,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 88f8336..3fed651 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -251,7 +251,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 38cd58d..6ed22fe 100644 --- a/doc/index.html +++ b/doc/index.html @@ -251,7 +251,7 @@ environments.

diff --git a/doc/puppet_classes/cd_fail2ban.html b/doc/puppet_classes/cd_fail2ban.html index c09a4e7..67eb4cb 100644 --- a/doc/puppet_classes/cd_fail2ban.html +++ b/doc/puppet_classes/cd_fail2ban.html @@ -139,7 +139,7 @@ class cd_fail2ban { diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html index 65525c6..13c20d4 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html @@ -153,7 +153,7 @@ class cd_fail2ban::main::config ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html index 8066fa6..3bf9efb 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html @@ -350,7 +350,7 @@ class cd_fail2ban::main::dirs ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html index 1c4a982..1b2b056 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html @@ -200,7 +200,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

93 94 95 -96 +96 +97 +98 +99 +100 +101 +102 +103 +104 +105 +106 +107 +108 +109 +110 +111 
# File 'manifests/main/files.pp', line 23
@@ -216,7 +231,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.conf
 
     file { $fn_fail2ban_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -232,7 +247,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.local
 
     file { $fn_fail2ban_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -245,10 +260,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.conf
+    # manage jail.conf
 
     file { $fn_jail_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -261,10 +276,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.local
+    # manage jail.local
 
     file { $fn_jail_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -277,6 +292,21 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
+    # manage paths-common.conf
+
+    file { $fn_paths_common_file:
+      ensure    =>  file,
+      path      =>  $fn_paths_common_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_paths_common_erb),
+      notify    =>  Service[$fn_service],
+    }
   }
 }
@@ -286,7 +316,7 @@ class cd_fail2ban::main::files ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html index a3c4a1e..4652977 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html @@ -159,7 +159,7 @@ class cd_fail2ban::main::install ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html index a3ec0af..c72711a 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html @@ -166,7 +166,7 @@ class cd_fail2ban::main::service ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html index f266486..3f27663 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html @@ -1026,7 +1026,9 @@ reporting service API

212 213 214 -215 +215 +216 +217 
# File 'manifests/params.pp', line 121
@@ -1082,6 +1084,7 @@ $fn_action_badips           = 'badips.py[category="%(__name__)s",
 $fn_action_badips_report    = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
 $fn_default_action          = 'action_',
 
+
 ) {
 
 # installation section
@@ -1119,7 +1122,8 @@ $fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
 $fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
 $fn_jail_local_file     = "${fn_main_dir}/jail.local"
 $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
-
+$fn_paths_common_file   = "${fn_main_dir}/paths-common.conf"
+$fn_paths_common_erb    = 'cd_fail2ban/paths_common_conf.erb'
 
 # includes must be last
 
@@ -1133,7 +1137,7 @@ $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index f69125f..d9e3300 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 2aff38f..67d3323 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -31,7 +31,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.conf
 
     file { $fn_fail2ban_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -47,7 +47,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.local
 
     file { $fn_fail2ban_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -60,10 +60,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.conf
+    # manage jail.conf
 
     file { $fn_jail_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -76,10 +76,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.local
+    # manage jail.local
 
     file { $fn_jail_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -92,5 +92,20 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
+    # manage paths-common.conf
+
+    file { $fn_paths_common_file:
+      ensure    =>  file,
+      path      =>  $fn_paths_common_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_paths_common_erb),
+      notify    =>  Service[$fn_service],
+    }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 2056c4d..3715491 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -169,6 +169,7 @@ $fn_action_badips           = 'badips.py[category="%(__name__)s", banaction="%(b
 $fn_action_badips_report    = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
 $fn_default_action          = 'action_',
 
+
 ) {
 
 # installation section
@@ -206,7 +207,8 @@ $fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
 $fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
 $fn_jail_local_file     = "${fn_main_dir}/jail.local"
 $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
-
+$fn_paths_common_file   = "${fn_main_dir}/paths-common.conf"
+$fn_paths_common_erb    = 'cd_fail2ban/paths_common_conf.erb'
 
 # includes must be last
 
diff --git a/templates/paths_common_conf.erb b/templates/paths_common_conf.erb
new file mode 100644
index 0000000..c76badd
--- /dev/null
+++ b/templates/paths_common_conf.erb
@@ -0,0 +1,79 @@
+################################################################################
+##########           paths-common.conf managed by Puppet              ##########
+##########            manual changes will be overwritten !!!          ##########
+################################################################################
+##########              full reference available under                ##########
+########## https://confdroid.com/2017/08/fail2ban-paths-common-conf/  ##########
+################################################################################
+[INCLUDES]
+
+after  = paths-overrides.local
+
+[DEFAULT]
+default_backend = auto
+
+sshd_log = %(syslog_authpriv)s
+sshd_backend = %(default_backend)s
+
+dropbear_log = %(syslog_authpriv)s
+dropbear_backend = %(default_backend)s
+
+# There is no sensible generic defaults for syslog log targets, thus
+# leaving them empty here so that no errors while parsing/interpolating configs
+syslog_daemon =
+syslog_ftp =
+syslog_local0 =
+syslog_mail_warn =
+syslog_user =
+# Set the default syslog backend target to default_backend
+syslog_backend = %(default_backend)s
+
+# from /etc/audit/auditd.conf
+auditd_log = /var/log/audit/audit.log
+exim_main_log = /var/log/exim/mainlog
+nginx_error_log = /var/log/nginx/*error.log
+nginx_access_log = /var/log/nginx/*access.log
+lighttpd_error_log = /var/log/lighttpd/error.log
+
+# http://www.hardened-php.net/suhosin/configuration.html#suhosin.log.syslog.facility
+# syslog_user is the default. Lighttpd also hooks errors into its log.
+
+suhosin_log = %(syslog_user)s
+              %(lighttpd_error_log)s
+
+# defaults to ftp or local2 if ftp doesn't exist
+proftpd_log = %(syslog_ftp)s
+proftpd_backend = %(default_backend)s
+
+# http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
+# defaults to ftp but can be overwritten.
+pureftpd_log = %(syslog_ftp)s
+pureftpd_backend = %(default_backend)s
+
+# ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
+#
+wuftpd_log = %(syslog_ftp)s
+wuftpd_backend = %(default_backend)s
+
+# syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
+# No distro seems to set it to syslog by default
+# If syslog set it defaults to ftp facility if exists at compile time otherwise falls back to daemonlog.
+vsftpd_log = /var/log/vsftpd.log
+
+# Technically syslog_facility in main.cf can overwrite but no-one sane does this.
+postfix_log = %(syslog_mail_warn)s
+postfix_backend = %(default_backend)s
+
+dovecot_log = %(syslog_mail_warn)s
+dovecot_backend = %(default_backend)s
+
+# Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
+solidpop3d_log = %(syslog_local0)s
+
+mysql_log = %(syslog_daemon)s
+mysql_backend = %(default_backend)s
+
+roundcube_errors_log = /var/log/roundcube/errors
+
+# Directory with ignorecommand scripts
+ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands