added control for common-paths-file
This commit is contained in:
Arne Teuke
@@ -31,7 +31,7 @@ class cd_fail2ban::main::files (
|
||||
# manage fail2ban.conf
|
||||
|
||||
file { $fn_fail2ban_conf_file:
|
||||
ensure => present,
|
||||
ensure => file,
|
||||
path => $fn_fail2ban_conf_file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@@ -47,7 +47,7 @@ class cd_fail2ban::main::files (
|
||||
# manage fail2ban.local
|
||||
|
||||
file { $fn_fail2ban_local_file:
|
||||
ensure => present,
|
||||
ensure => file,
|
||||
path => $fn_fail2ban_local_file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@@ -60,10 +60,10 @@ class cd_fail2ban::main::files (
|
||||
notify => Service[$fn_service],
|
||||
}
|
||||
|
||||
# manage jail.conf
|
||||
# manage jail.conf
|
||||
|
||||
file { $fn_jail_conf_file:
|
||||
ensure => present,
|
||||
ensure => file,
|
||||
path => $fn_jail_conf_file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@@ -76,10 +76,10 @@ class cd_fail2ban::main::files (
|
||||
notify => Service[$fn_service],
|
||||
}
|
||||
|
||||
# manage jail.local
|
||||
# manage jail.local
|
||||
|
||||
file { $fn_jail_local_file:
|
||||
ensure => present,
|
||||
ensure => file,
|
||||
path => $fn_jail_local_file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
@@ -92,5 +92,20 @@ class cd_fail2ban::main::files (
|
||||
notify => Service[$fn_service],
|
||||
}
|
||||
|
||||
# manage paths-common.conf
|
||||
|
||||
file { $fn_paths_common_file:
|
||||
ensure => file,
|
||||
path => $fn_paths_common_file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
selrange => s0,
|
||||
selrole => object_r,
|
||||
seltype => etc_t,
|
||||
seluser => system_u,
|
||||
content => template($fn_paths_common_erb),
|
||||
notify => Service[$fn_service],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -206,7 +206,8 @@ $fn_jail_conf_file = "${fn_main_dir}/jail.conf"
|
||||
$fn_jail_conf_erb = 'cd_fail2ban/jail_conf.erb'
|
||||
$fn_jail_local_file = "${fn_main_dir}/jail.local"
|
||||
$fn_jail_local_erb = 'cd_fail2ban/jail_local.erb'
|
||||
|
||||
$fn_paths_common_file = "${fn_main_dir}/paths-common.conf"
|
||||
$fn_paths_common_erb = 'cd_fail2ban/paths_common_conf.erb'
|
||||
|
||||
# includes must be last
|
||||
|
||||
|
||||
81
templates/paths_common_conf.erb
Normal file
81
templates/paths_common_conf.erb
Normal file
@@ -0,0 +1,81 @@
|
||||
# Common
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
after = paths-overrides.local
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
default_backend = auto
|
||||
|
||||
sshd_log = %(syslog_authpriv)s
|
||||
sshd_backend = %(default_backend)s
|
||||
|
||||
dropbear_log = %(syslog_authpriv)s
|
||||
dropbear_backend = %(default_backend)s
|
||||
|
||||
# There is no sensible generic defaults for syslog log targets, thus
|
||||
# leaving them empty here so that no errors while parsing/interpolating configs
|
||||
syslog_daemon =
|
||||
syslog_ftp =
|
||||
syslog_local0 =
|
||||
syslog_mail_warn =
|
||||
syslog_user =
|
||||
# Set the default syslog backend target to default_backend
|
||||
syslog_backend = %(default_backend)s
|
||||
|
||||
# from /etc/audit/auditd.conf
|
||||
auditd_log = /var/log/audit/audit.log
|
||||
|
||||
exim_main_log = /var/log/exim/mainlog
|
||||
|
||||
nginx_error_log = /var/log/nginx/*error.log
|
||||
|
||||
nginx_access_log = /var/log/nginx/*access.log
|
||||
|
||||
|
||||
lighttpd_error_log = /var/log/lighttpd/error.log
|
||||
|
||||
# http://www.hardened-php.net/suhosin/configuration.html#suhosin.log.syslog.facility
|
||||
# syslog_user is the default. Lighttpd also hooks errors into its log.
|
||||
|
||||
suhosin_log = %(syslog_user)s
|
||||
%(lighttpd_error_log)s
|
||||
|
||||
# defaults to ftp or local2 if ftp doesn't exist
|
||||
proftpd_log = %(syslog_ftp)s
|
||||
proftpd_backend = %(default_backend)s
|
||||
|
||||
# http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
|
||||
# defaults to ftp but can be overwritten.
|
||||
pureftpd_log = %(syslog_ftp)s
|
||||
pureftpd_backend = %(default_backend)s
|
||||
|
||||
# ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
|
||||
#
|
||||
wuftpd_log = %(syslog_ftp)s
|
||||
wuftpd_backend = %(default_backend)s
|
||||
|
||||
# syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
|
||||
# No distro seems to set it to syslog by default
|
||||
# If syslog set it defaults to ftp facility if exists at compile time otherwise falls back to daemonlog.
|
||||
vsftpd_log = /var/log/vsftpd.log
|
||||
|
||||
# Technically syslog_facility in main.cf can overwrite but no-one sane does this.
|
||||
postfix_log = %(syslog_mail_warn)s
|
||||
postfix_backend = %(default_backend)s
|
||||
|
||||
dovecot_log = %(syslog_mail_warn)s
|
||||
dovecot_backend = %(default_backend)s
|
||||
|
||||
# Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
|
||||
solidpop3d_log = %(syslog_local0)s
|
||||
|
||||
mysql_log = %(syslog_daemon)s
|
||||
mysql_backend = %(default_backend)s
|
||||
|
||||
roundcube_errors_log = /var/log/roundcube/errors
|
||||
|
||||
# Directory with ignorecommand scripts
|
||||
ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands
|
||||
Reference in New Issue
Block a user