From ca25f72ef3b889e9173a62c785cd4bd4e1e63a2d Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 13 Aug 2017 14:55:59 +0100 Subject: [PATCH 1/3] added control for common-paths-file --- manifests/main/files.pp | 27 ++++++++--- manifests/params.pp | 3 +- templates/paths_common_conf.erb | 81 +++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+), 7 deletions(-) create mode 100644 templates/paths_common_conf.erb diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 2aff38f..67d3323 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -31,7 +31,7 @@ class cd_fail2ban::main::files ( # manage fail2ban.conf file { $fn_fail2ban_conf_file: - ensure => present, + ensure => file, path => $fn_fail2ban_conf_file, owner => 'root', group => 'root', @@ -47,7 +47,7 @@ class cd_fail2ban::main::files ( # manage fail2ban.local file { $fn_fail2ban_local_file: - ensure => present, + ensure => file, path => $fn_fail2ban_local_file, owner => 'root', group => 'root', @@ -60,10 +60,10 @@ class cd_fail2ban::main::files ( notify => Service[$fn_service], } - # manage jail.conf + # manage jail.conf file { $fn_jail_conf_file: - ensure => present, + ensure => file, path => $fn_jail_conf_file, owner => 'root', group => 'root', @@ -76,10 +76,10 @@ class cd_fail2ban::main::files ( notify => Service[$fn_service], } - # manage jail.local + # manage jail.local file { $fn_jail_local_file: - ensure => present, + ensure => file, path => $fn_jail_local_file, owner => 'root', group => 'root', @@ -92,5 +92,20 @@ class cd_fail2ban::main::files ( notify => Service[$fn_service], } + # manage paths-common.conf + + file { $fn_paths_common_file: + ensure => file, + path => $fn_paths_common_file, + owner => 'root', + group => 'root', + mode => '0640', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($fn_paths_common_erb), + notify => Service[$fn_service], + } } } diff --git a/manifests/params.pp b/manifests/params.pp index 2056c4d..4c56df4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -206,7 +206,8 @@ $fn_jail_conf_file = "${fn_main_dir}/jail.conf" $fn_jail_conf_erb = 'cd_fail2ban/jail_conf.erb' $fn_jail_local_file = "${fn_main_dir}/jail.local" $fn_jail_local_erb = 'cd_fail2ban/jail_local.erb' - +$fn_paths_common_file = "${fn_main_dir}/paths-common.conf" +$fn_paths_common_erb = 'cd_fail2ban/paths_common_conf.erb' # includes must be last diff --git a/templates/paths_common_conf.erb b/templates/paths_common_conf.erb new file mode 100644 index 0000000..9072136 --- /dev/null +++ b/templates/paths_common_conf.erb @@ -0,0 +1,81 @@ +# Common +# + +[INCLUDES] + +after = paths-overrides.local + +[DEFAULT] + +default_backend = auto + +sshd_log = %(syslog_authpriv)s +sshd_backend = %(default_backend)s + +dropbear_log = %(syslog_authpriv)s +dropbear_backend = %(default_backend)s + +# There is no sensible generic defaults for syslog log targets, thus +# leaving them empty here so that no errors while parsing/interpolating configs +syslog_daemon = +syslog_ftp = +syslog_local0 = +syslog_mail_warn = +syslog_user = +# Set the default syslog backend target to default_backend +syslog_backend = %(default_backend)s + +# from /etc/audit/auditd.conf +auditd_log = /var/log/audit/audit.log + +exim_main_log = /var/log/exim/mainlog + +nginx_error_log = /var/log/nginx/*error.log + +nginx_access_log = /var/log/nginx/*access.log + + +lighttpd_error_log = /var/log/lighttpd/error.log + +# http://www.hardened-php.net/suhosin/configuration.html#suhosin.log.syslog.facility +# syslog_user is the default. Lighttpd also hooks errors into its log. + +suhosin_log = %(syslog_user)s + %(lighttpd_error_log)s + +# defaults to ftp or local2 if ftp doesn't exist +proftpd_log = %(syslog_ftp)s +proftpd_backend = %(default_backend)s + +# http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup +# defaults to ftp but can be overwritten. +pureftpd_log = %(syslog_ftp)s +pureftpd_backend = %(default_backend)s + +# ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time +# +wuftpd_log = %(syslog_ftp)s +wuftpd_backend = %(default_backend)s + +# syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log +# No distro seems to set it to syslog by default +# If syslog set it defaults to ftp facility if exists at compile time otherwise falls back to daemonlog. +vsftpd_log = /var/log/vsftpd.log + +# Technically syslog_facility in main.cf can overwrite but no-one sane does this. +postfix_log = %(syslog_mail_warn)s +postfix_backend = %(default_backend)s + +dovecot_log = %(syslog_mail_warn)s +dovecot_backend = %(default_backend)s + +# Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level +solidpop3d_log = %(syslog_local0)s + +mysql_log = %(syslog_daemon)s +mysql_backend = %(default_backend)s + +roundcube_errors_log = /var/log/roundcube/errors + +# Directory with ignorecommand scripts +ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands From 219355a4952bb7779d2166813a1ea835afa6a4bd Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 13 Aug 2017 15:15:43 +0100 Subject: [PATCH 2/3] added control for common-paths-file --- manifests/params.pp | 1 + templates/paths_common_conf.erb | 16 +++++++--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 4c56df4..3715491 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -169,6 +169,7 @@ $fn_action_badips = 'badips.py[category="%(__name__)s", banaction="%(b $fn_action_badips_report = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]', $fn_default_action = 'action_', + ) { # installation section diff --git a/templates/paths_common_conf.erb b/templates/paths_common_conf.erb index 9072136..c76badd 100644 --- a/templates/paths_common_conf.erb +++ b/templates/paths_common_conf.erb @@ -1,12 +1,15 @@ -# Common -# - +################################################################################ +########## paths-common.conf managed by Puppet ########## +########## manual changes will be overwritten !!! ########## +################################################################################ +########## full reference available under ########## +########## https://confdroid.com/2017/08/fail2ban-paths-common-conf/ ########## +################################################################################ [INCLUDES] after = paths-overrides.local [DEFAULT] - default_backend = auto sshd_log = %(syslog_authpriv)s @@ -27,14 +30,9 @@ syslog_backend = %(default_backend)s # from /etc/audit/auditd.conf auditd_log = /var/log/audit/audit.log - exim_main_log = /var/log/exim/mainlog - nginx_error_log = /var/log/nginx/*error.log - nginx_access_log = /var/log/nginx/*access.log - - lighttpd_error_log = /var/log/lighttpd/error.log # http://www.hardened-php.net/suhosin/configuration.html#suhosin.log.syslog.facility From 72c3195f0c395fada78fad46891135bd0b3ecc33 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Sun, 13 Aug 2017 16:27:11 +0200 Subject: [PATCH 3/3] recommit for updates in build 24 --- CHANGELOG.md | 50 +++++++++++++++++++ REPOSTRUCTURE.md | 5 +- doc/_index.html | 2 +- doc/file.README.html | 2 +- doc/index.html | 2 +- doc/puppet_classes/cd_fail2ban.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aconfig.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Adirs.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Afiles.html | 46 ++++++++++++++--- .../cd_fail2ban_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aservice.html | 2 +- .../cd_fail2ban_3A_3Aparams.html | 10 ++-- doc/top-level-namespace.html | 2 +- 13 files changed, 107 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 399a14e..f939de9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,56 @@ Changelog of Git Changelog.

No issue

+7e856636a16ccf7 Arne Teuke 2017-08-06 15:07:51 +

+

adjusting multiline break

+ +

+19cf115fce3293d Jenkins Server 2017-08-06 15:07:25 +

+

recommit for updates in build 21

+ +

+36c79fcaf3d99fd Arne Teuke 2017-08-06 15:04:43 +

+

adjusting multiline break

+ +

+d1a208d5c4176f8 Arne Teuke 2017-08-06 15:01:46 +

+

testing multiline break

+ +

+df2a6fc42cf1609 Arne Teuke 2017-08-06 14:57:38 +

+

testing multiline break

+ +

+c54dc53df69bf1c Arne Teuke 2017-08-06 14:52:24 +

+

testing multiline break

+ +

+329a1f904f45915 Arne Teuke 2017-08-06 14:45:32 +

+

testing multiline break

+ +

+f99b81661229439 Arne Teuke 2017-08-06 14:38:42 +

+

testing multiline break

+ +

+fa4758835e44da1 Arne Teuke 2017-08-06 14:30:02 +

+

finalized jail.local

+ +

+5361f997c9e1f20 Arne Teuke 2017-08-05 13:03:52 +

+

checking auto-carriage return

+ +

df59c3e85d59b32 Arne Teuke 2017-08-03 16:33:22

added more file controls

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 80a0b90..a296f30 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -35,7 +35,8 @@ | |-- fail2ban_conf.erb | |-- fail2ban_local.erb | |-- jail_conf.erb -| `-- jail_local.erb +| |-- jail_local.erb +| `-- paths_common_conf.erb |-- tests | `-- UTF_Files |-- CHANGELOG.md @@ -46,4 +47,4 @@ |-- README.md `-- REPOSTRUCTURE.md -8 directories, 38 files +8 directories, 39 files diff --git a/doc/_index.html b/doc/_index.html index 7d7f332..19e4c52 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -132,7 +132,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 88f8336..3fed651 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -251,7 +251,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 38cd58d..6ed22fe 100644 --- a/doc/index.html +++ b/doc/index.html @@ -251,7 +251,7 @@ environments.

diff --git a/doc/puppet_classes/cd_fail2ban.html b/doc/puppet_classes/cd_fail2ban.html index c09a4e7..67eb4cb 100644 --- a/doc/puppet_classes/cd_fail2ban.html +++ b/doc/puppet_classes/cd_fail2ban.html @@ -139,7 +139,7 @@ class cd_fail2ban { diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html index 65525c6..13c20d4 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html @@ -153,7 +153,7 @@ class cd_fail2ban::main::config ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html index 8066fa6..3bf9efb 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html @@ -350,7 +350,7 @@ class cd_fail2ban::main::dirs ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html index 1c4a982..1b2b056 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html @@ -200,7 +200,22 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

93 94 95 -96 +96 +97 +98 +99 +100 +101 +102 +103 +104 +105 +106 +107 +108 +109 +110 +111 
# File 'manifests/main/files.pp', line 23
@@ -216,7 +231,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.conf
 
     file { $fn_fail2ban_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -232,7 +247,7 @@ class cd_fail2ban::main::files (
     # manage fail2ban.local
 
     file { $fn_fail2ban_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_fail2ban_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -245,10 +260,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.conf
+    # manage jail.conf
 
     file { $fn_jail_conf_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_conf_file,
       owner     =>  'root',
       group     =>  'root',
@@ -261,10 +276,10 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
-    # manage  jail.local
+    # manage jail.local
 
     file { $fn_jail_local_file:
-      ensure    =>  present,
+      ensure    =>  file,
       path      =>  $fn_jail_local_file,
       owner     =>  'root',
       group     =>  'root',
@@ -277,6 +292,21 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
+    # manage paths-common.conf
+
+    file { $fn_paths_common_file:
+      ensure    =>  file,
+      path      =>  $fn_paths_common_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_paths_common_erb),
+      notify    =>  Service[$fn_service],
+    }
   }
 }
@@ -286,7 +316,7 @@ class cd_fail2ban::main::files ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html index a3c4a1e..4652977 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html @@ -159,7 +159,7 @@ class cd_fail2ban::main::install ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html index a3ec0af..c72711a 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html @@ -166,7 +166,7 @@ class cd_fail2ban::main::service ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html index f266486..3f27663 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html @@ -1026,7 +1026,9 @@ reporting service API

212 213 214 -215 +215 +216 +217 
# File 'manifests/params.pp', line 121
@@ -1082,6 +1084,7 @@ $fn_action_badips           = 'badips.py[category="%(__name__)s",
 $fn_action_badips_report    = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
 $fn_default_action          = 'action_',
 
+
 ) {
 
 # installation section
@@ -1119,7 +1122,8 @@ $fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
 $fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
 $fn_jail_local_file     = "${fn_main_dir}/jail.local"
 $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
-
+$fn_paths_common_file   = "${fn_main_dir}/paths-common.conf"
+$fn_paths_common_erb    = 'cd_fail2ban/paths_common_conf.erb'
 
 # includes must be last
 
@@ -1133,7 +1137,7 @@ $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index f69125f..d9e3300 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@