confdroid/confdroid_fail2ban
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

recommit for updates in build 2

Browse Source
This commit is contained in:
Jenkins ConfDroid
2018-12-07 14:37:41 +01:00
parent c6ae746210
commit b12f59ad57
16 changed files with 323 additions and 433 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
View File

@@ -6,7 +6,7 @@
<title>
Puppet Class: cd_fail2ban::params
&mdash; Documentation by YARD 0.9.9
&mdash; Documentation by YARD 0.9.16
</title>
@@ -96,44 +96,32 @@ inherited by all classes except defines.
<div class="docstring">
<div class="discussion">
<p>cd_fail2ban::params.pp
Module name: cd_fail2ban
Author: Arne Teuke
(arne_teuke@confdroid.com)
License:
This file is part of cd_fail2ban.</p>
<p>cd_fail2ban::params.pp Module name: cd_fail2ban Author: Arne Teuke
(arne_teuke@confdroid.com) License: This file is part of cd_fail2ban.</p>
<p>cd_fail2ban is used for providing automatic configuration of Fail2Ban
Copyright (C) 2017 confdroid (copyright@confdroid.com)
This program is
free software: you can redistribute it and/or modify
it under the terms of
the GNU General Public License as published by
the Free Software
Foundation, either version 3 of the License, or
(at your option) any later
<p>cd_fail2ban is used for providing automatic configuration of Fail2Ban
Copyright (C) 2017 confdroid (copyright@confdroid.com) This program is
free software: you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.</p>
<p>This program is distributed in the hope that it will be useful,
but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License
<p>This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.</p>
<p>You should have received a copy of the GNU General Public License
along
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see <a
href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.
<code>CRITICAL</code>,<code>ERROR</code>,<code>WARNING</code>,<code>NOTICE</code>,<code>INFO</code>
and <code>DEBUG</code>.
@param [string] Report ban via badips.com, and use
and <code>DEBUG</code>. @param [string] Report ban via badips.com, and use
as blacklist</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
@@ -152,8 +140,7 @@ as blacklist</p>
&mdash;
<div class='inline'>
<p>which <a href="https://confdroid.com/2017/05/puppet-type-package/">package
type</a>
to choose, i.e. <code>latest</code> or <code>present</code>.</p>
type</a> to choose, i.e. <code>latest</code> or <code>present</code>.</p>
</div>
</li>
@@ -171,10 +158,8 @@ to choose, i.e. <code>latest</code> or <code>present</code>.</p>
&mdash;
<div class='inline'>
<p>Whether to manage the fail2ban
configuration files. If set to false,
fail2ban will be installed, but the
configuration will not be managed.</p>
<p>Whether to manage the fail2ban configuration files. If set to false,
fail2ban will be installed, but the configuration will not be managed.</p>
</div>
</li>
@@ -192,8 +177,7 @@ configuration will not be managed.</p>
&mdash;
<div class='inline'>
<p>Whether to enable/start or disable/stop
the fail2ban service. Valid options
<p>Whether to enable/start or disable/stop the fail2ban service. Valid options
are <code>running</code> or <code>stopped</code>.</p>
</div>
@@ -230,8 +214,7 @@ are <code>running</code> or <code>stopped</code>.</p>
&mdash;
<div class='inline'>
<p>Set the log target. This could be a file,
SYSLOG, STDERR or STDOUT. Only
<p>Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. Only
one log target can be specified.</p>
</div>
@@ -250,10 +233,8 @@ one log target can be specified.</p>
&mdash;
<div class='inline'>
<p>Set the syslog socket file. Only used when
logtarget is SYSLOG. auto uses
platform.system() to determine predefined
paths Valid options: [ auto |
<p>Set the syslog socket file. Only used when logtarget is SYSLOG. auto uses
platform.system() to determine predefined paths Valid options: [ auto |
FILE ].</p>
</div>
@@ -290,8 +271,7 @@ FILE ].</p>
&mdash;
<div class='inline'>
<p>Set the PID file to store the process ID of the
fail2ban server.</p>
<p>Set the PID file to store the process ID of the fail2ban server.</p>
</div>
</li>
@@ -309,13 +289,9 @@ fail2ban server.</p>
&mdash;
<div class='inline'>
<p>file for the fail2ban persistent data to be stored.
A value of
&quot;:memory:&quot; means database is only stored in memory
and data is
lost when fail2ban is stopped.
A value of &quot;None&quot; disables the
database.</p>
<p>file for the fail2ban persistent data to be stored. A value of “:memory:”
means database is only stored in memory and data is lost when fail2ban is
stopped. A value of “None” disables the database.</p>
</div>
</li>
@@ -333,8 +309,7 @@ database.</p>
&mdash;
<div class='inline'>
<p>age in seconds at which bans should be purged
from the database.</p>
<p>age in seconds at which bans should be purged from the database.</p>
</div>
</li>
@@ -352,10 +327,8 @@ from the database.</p>
&mdash;
<div class='inline'>
<p>can be an IP address, a CIDR mask or a DNS host.
Fail2ban will not ban a
host which matches an address in this list. Several
addresses can be
<p>can be an IP address, a CIDR mask or a DNS host. Fail2ban will not ban a
host which matches an address in this list. Several addresses can be
defined using space (and/or comma) separator.</p>
</div>
@@ -374,10 +347,8 @@ defined using space (and/or comma) separator.</p>
&mdash;
<div class='inline'>
<p>External command that will take an
tagged arguments to ignore, e.g.
&lt;ip&gt;,and return true if the IP is to be
ignored. False otherwise.</p>
<p>External command that will take an tagged arguments to ignore, e.g.
&lt;ip&gt;,and return true if the IP is to be ignored. False otherwise.</p>
</div>
</li>
@@ -413,9 +384,8 @@ ignored. False otherwise.</p>
&mdash;
<div class='inline'>
<p>A host is banned if it has generated “maxretry”
during the last
&quot;findtime&quot; seconds.</p>
<p>A host is banned if it has generated “maxretry” during the last “findtime”
seconds.</p>
</div>
</li>
@@ -451,30 +421,16 @@ during the last
&mdash;
<div class='inline'>
<p>specifies the backend used to get files
modification. options are
&quot;pyinotify&quot;, &quot;gamin&quot;, &quot;polling&quot;,
&quot;systemd&quot; and
&quot;auto&quot;.
pyinotify: requires pyinotify (a
file alteration monitor) to be installed.
If pyinotify is not installed,
Fail2ban will use auto.
gamin: requires Gamin (a file alteration monitor)
to be installed.
If Gamin is not installed, Fail2ban will use
auto.
polling: uses a polling algorithm which does not require external
libraries.
systemd: uses systemd python library to access the systemd
journal.
Specifying &quot;logpath&quot; is not valid for this backend.
See &quot;journalmatch&quot; in the jails associated filter config
auto:
will try to use the following backends, in order:
pyinotify, gamin,
polling.</p>
<p>specifies the backend used to get files modification. options are
“pyinotify”, “gamin”, “polling”, “systemd” and “auto”. pyinotify: requires
pyinotify (a file alteration monitor) to be installed. If pyinotify is not
installed, Fail2ban will use auto. gamin: requires Gamin (a file alteration
monitor) to be installed. If Gamin is not installed, Fail2ban will use
auto. polling: uses a polling algorithm which does not require external
libraries. systemd: uses systemd python library to access the systemd
journal. Specifying “logpath” is not valid for this backend. See
“journalmatch” in the jails associated filter config auto: will try to use
the following backends, in order: pyinotify, gamin, polling.</p>
</div>
</li>
@@ -492,21 +448,13 @@ polling.</p>
&mdash;
<div class='inline'>
<p>specifies if jails should trust hostnames in logs,
warn when DNS lookups
are performed, or ignore all hostnames in logs
yes: if a hostname is
encountered, a DNS lookup will be performed.
warn: if a hostname is
encountered, a DNS lookup will be performed,
but it will be logged as a
warning.
no: if a hostname is encountered, will not be used for banning,
but it will be logged as info.
raw: use raw value (no hostname), allow use
it for no-host filters/actions
(example user)</p>
<p>specifies if jails should trust hostnames in logs, warn when DNS lookups
are performed, or ignore all hostnames in logs yes: if a hostname is
encountered, a DNS lookup will be performed. warn: if a hostname is
encountered, a DNS lookup will be performed, but it will be logged as a
warning. no: if a hostname is encountered, will not be used for banning,
but it will be logged as info. raw: use raw value (no hostname), allow use
it for no-host filters/actions (example user)</p>
</div>
</li>
@@ -524,11 +472,8 @@ it for no-host filters/actions
&mdash;
<div class='inline'>
<p>specifies the encoding of the log files
handled by the jail This is used to
decode the lines from the log file.
Typical examples: &quot;ascii&quot;,
&quot;utf-8&quot;
<p>specifies the encoding of the log files handled by the jail This is used to
decode the lines from the log file. Typical examples: “ascii”, “utf-8”
auto: will use the system locale setting</p>
</div>
@@ -547,14 +492,10 @@ auto: will use the system locale setting</p>
&mdash;
<div class='inline'>
<p>enables the jails.
By default all jails are disabled, and it should stay
this way.
Enable only relevant to your setup jails in your .local or
jail.d/*.conf
true: jail will be enabled and log files will get monitored
for changes
false: jail is not enabled</p>
<p>enables the jails. By default all jails are disabled, and it should stay
this way. Enable only relevant to your setup jails in your .local or
jail.d/*.conf true: jail will be enabled and log files will get monitored
for changes false: jail is not enabled</p>
</div>
</li>
@@ -572,8 +513,7 @@ false: jail is not enabled</p>
&mdash;
<div class='inline'>
<p>defines the filter to use by the jail.
By default jails have names matching
<p>defines the filter to use by the jail. By default jails have names matching
their filter name</p>
</div>
@@ -592,8 +532,7 @@ their filter name</p>
&mdash;
<div class='inline'>
<p>Destination email address used solely for the
interpolations in
<p>Destination email address used solely for the interpolations in
jail.conf,local,d/* configuration files.</p>
</div>
@@ -630,10 +569,8 @@ jail.conf,local,d/* configuration files.</p>
&mdash;
<div class='inline'>
<p>E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA
for the mailing.
Change mta configuration parameter to mail if you want to
revert to
<p>E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the mailing.
Change mta configuration parameter to mail if you want to revert to
conventional &#39;mail&#39;.</p>
</div>
@@ -670,8 +607,7 @@ conventional &#39;mail&#39;.</p>
&mdash;
<div class='inline'>
<p>Specify chain where jumps would need to be added in
iptables-* actions.</p>
<p>Specify chain where jumps would need to be added in iptables-* actions.</p>
</div>
</li>
@@ -709,8 +645,7 @@ iptables-* actions.</p>
&mdash;
<div class='inline'>
<p>Format of user-agent
<a
<p>Format of user-agent <a
href="https://tools.ietf.org/html/rfc7231#section-5.5.3">tools.ietf.org/html/rfc7231#section-5.5.3</a></p>
</div>
@@ -784,8 +719,7 @@ href="https://tools.ietf.org/html/rfc7231#section-5.5.3">tools.ietf.org/html/rfc
&mdash;
<div class='inline'>
<p>ban &amp; send an e-mail with whois report to the
destemail.</p>
<p>ban &amp; send an e-mail with whois report to the destemail.</p>
</div>
</li>
@@ -804,8 +738,7 @@ destemail.</p>
&mdash;
<div class='inline'>
<p>ban &amp; send an e-mail with whois report and
relevant log lines</p>
<p>ban &amp; send an e-mail with whois report and relevant log lines</p>
</div>
</li>
@@ -824,8 +757,7 @@ relevant log lines</p>
&mdash;
<div class='inline'>
<p>ban &amp; send a xarf e-mail to abuse contact of
IP address and include
<p>ban &amp; send a xarf e-mail to abuse contact of IP address and include
relevant log lines.</p>
</div>
@@ -845,8 +777,7 @@ relevant log lines.</p>
&mdash;
<div class='inline'>
<p>ban IP on CloudFlare &amp; send an e-mail with
whois report and relevant
<p>ban IP on CloudFlare &amp; send an e-mail with whois report and relevant
log lines.</p>
</div>
@@ -865,8 +796,7 @@ log lines.</p>
&mdash;
<div class='inline'>
<p>Report block via blocklist.de fail2ban
reporting service API</p>
<p>Report block via blocklist.de fail2ban reporting service API</p>
</div>
</li>
@@ -1137,9 +1067,7 @@ $fn_paths_common_erb = &#39;cd_fail2ban/paths_common_conf.erb&#39;
</div>
<div id="footer">
Generated on Mon Oct 9 17:39:08 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>.
</div>
</div>