Merge branch 'jenkins' into 'master'

Jenkins See merge request !7
2017-08-03 18:34:04 +02:00
parent d00319fe55 1b33e2a210
commit cfb33c15b8
19 changed files with 2309 additions and 71 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,16 @@ Changelog of Git Changelog.
 <h2> No issue </h2>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/cb4b482e20b2be5">cb4b482e20b2be5</a> Arne Teuke <i>2017-08-03 14:56:00</i>
 <p>
 <h3>fixed controls for main conf/local files</h3>
 </p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/6f0942201f20c66">6f0942201f20c66</a> Jenkins Server <i>2017-08-03 14:55:39</i>
 <p>
 <h3>recommit for updates in build 9</h3>
 </p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/8c3df7530a1ab21">8c3df7530a1ab21</a> Arne Teuke <i>2017-08-03 14:51:29</i>
 <p>
 <h3>added controls for main conf/local files</h3>
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_fail2ban`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
+|`cd_fail2ban`| 0.0.0.5 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
 ### Synopsis
 Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.
--- a/REPOSTRUCTURE.md
+++ b/REPOSTRUCTURE.md
@@ -33,7 +33,9 @@
 |   `-- params.pp
 |-- templates
 |   |-- fail2ban_conf.erb
-|   `-- fail2ban_local.erb
+|   |-- fail2ban_local.erb
 |   |-- jail_conf.erb
 |   `-- jail_local.erb
 |-- tests
 |   `-- UTF_Files
 |-- CHANGELOG.md
@@ -44,4 +46,4 @@
 |-- README.md
 `-- REPOSTRUCTURE.md
-8 directories, 36 files
+8 directories, 38 files
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -132,7 +132,7 @@
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:35 2017 by
+  Generated on Thu Aug  3 18:32:54 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -61,7 +61,7 @@
 <p>|Repo Name| version | Build
 Status|
 |---|---|---|---|
-|<code>cd_fail2ban</code>| 0.0.0.4 | <a
+|<code>cd_fail2ban</code>| 0.0.0.5 | <a
 href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build
 Status</a>/]|</p>
@@ -251,7 +251,7 @@ environments.</p>
 </div></div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:36 2017 by
+  Generated on Thu Aug  3 18:32:55 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/index.html
+++ b/doc/index.html
@@ -61,7 +61,7 @@
 <p>|Repo Name| version | Build
 Status|
 |---|---|---|---|
-|<code>cd_fail2ban</code>| 0.0.0.4 | <a
+|<code>cd_fail2ban</code>| 0.0.0.5 | <a
 href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build
 Status</a>/]|</p>
@@ -251,7 +251,7 @@ environments.</p>
 </div></div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:36 2017 by
+  Generated on Thu Aug  3 18:32:55 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban.html
+++ b/doc/puppet_classes/cd_fail2ban.html
@@ -139,7 +139,7 @@ class cd_fail2ban {
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:36 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html
@@ -153,7 +153,7 @@ class cd_fail2ban::main::config (
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html
@@ -350,7 +350,7 @@ class cd_fail2ban::main::dirs (
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
@@ -168,7 +168,39 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
 61
 62
 63
-64</pre>
+64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96</pre>
      </td>
      <td>
        <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 23</span>
@@ -213,6 +245,38 @@ class cd_fail2ban::main::files (
      notify    =&gt;  Service[$fn_service],
    }
    # manage  jail.conf
    file { $fn_jail_conf_file:
      ensure    =&gt;  present,
      path      =&gt;  $fn_jail_conf_file,
      owner     =&gt;  &#39;root&#39;,
      group     =&gt;  &#39;root&#39;,
      mode      =&gt;  &#39;0640&#39;,
      selrange  =&gt;  s0,
      selrole   =&gt;  object_r,
      seltype   =&gt;  etc_t,
      seluser   =&gt;  system_u,
      content   =&gt;  template($fn_jail_conf_erb),
      notify    =&gt;  Service[$fn_service],
    }
    # manage  jail.local
    file { $fn_jail_local_file:
      ensure    =&gt;  present,
      path      =&gt;  $fn_jail_local_file,
      owner     =&gt;  &#39;root&#39;,
      group     =&gt;  &#39;root&#39;,
      mode      =&gt;  &#39;0640&#39;,
      selrange  =&gt;  s0,
      selrole   =&gt;  object_r,
      seltype   =&gt;  etc_t,
      seluser   =&gt;  system_u,
      content   =&gt;  template($fn_jail_local_erb),
      notify    =&gt;  Service[$fn_service],
    }
  }
 }</pre>
      </td>
@@ -222,7 +286,7 @@ class cd_fail2ban::main::files (
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
@@ -159,7 +159,7 @@ class cd_fail2ban::main::install (
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
@@ -166,7 +166,7 @@ class cd_fail2ban::main::service (
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:57 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
@@ -333,6 +333,383 @@ database.</p>
        <div class='inline'>
 <p>age in seconds at which bans should be purged
 from the database.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_ignoreip</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;127.0.0.1/8&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>can be an IP address, a CIDR mask or a DNS host.
 Fail2ban will not ban a
 host which matches an address in this list. Several
 addresses can be
 defined using space (and/or comma) separator.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_ignorecommand</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>External command that will take an
 tagged arguments to ignore, e.g.
 &lt;ip&gt;,and return true if the IP is to be
 ignored. False otherwise.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_bantime</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;600&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>number of seconds that a host is banned.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_findtime</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;600&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>A host is banned if it has generated “maxretry”
 during the last
 &quot;findtime&quot; seconds.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_maxretry</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;5&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>number of failures before a host get banned.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_backend</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>specifies the backend used to get files
 modification. options are
 &quot;pyinotify&quot;, &quot;gamin&quot;, &quot;polling&quot;,
 &quot;systemd&quot; and
 &quot;auto&quot;.
 pyinotify: requires pyinotify (a
 file alteration monitor) to be installed.
 If pyinotify is not installed,
 Fail2ban will use auto.
 gamin: requires Gamin (a file alteration monitor)
 to be installed.
 If Gamin is not installed, Fail2ban will use
 auto.
 polling: uses a polling algorithm which does not require external
 libraries.
 systemd: uses systemd python library to access the systemd
 journal.
 Specifying &quot;logpath&quot; is not valid for this backend.
 See &quot;journalmatch&quot; in the jails associated filter config
 auto:
 will try to use the following backends, in order:
 pyinotify, gamin,
 polling.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_usedns</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;warn&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>specifies if jails should trust hostnames in logs,
 warn when DNS lookups
 are performed, or ignore all hostnames in logs
 yes: if a hostname is
 encountered, a DNS lookup will be performed.
 warn: if a hostname is
 encountered, a DNS lookup will be performed,
 but it will be logged as a
 warning.
 no: if a hostname is encountered, will not be used for banning,
 but it will be logged as info.
 raw: use raw value (no hostname), allow use
 it for no-host filters/actions
 (example user)</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_logencoding</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>specifies the encoding of the log files
 handled by the jail This is used to
 decode the lines from the log file.
 Typical examples: &quot;ascii&quot;,
 &quot;utf-8&quot;
 auto: will use the system locale setting</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_enabled</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;false&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>enables the jails.
 By default all jails are disabled, and it should stay
 this way.
 Enable only relevant to your setup jails in your .local or
 jail.d/*.conf
 true: jail will be enabled and log files will get monitored
 for changes
 false: jail is not enabled</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_filter</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;%(__name__)s&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>defines the filter to use by the jail.
 By default jails have names matching
 their filter name</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_destemail</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;root@localhost&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>Destination email address used solely for the
 interpolations in
 jail.conf,local,d/* configuration files.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_sender</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;root@localhost&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>Sender email address used solely for some actions</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_mta</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;sendmail&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA
 for the mailing.
 Change mta configuration parameter to mail if you want to
 revert to
 conventional &#39;mail&#39;.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_protocol</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;tcp&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>Default protocol.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_chain</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;INPUT&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>Specify chain where jumps would need to be added in
 iptables-* actions.</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_port</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;0:65535&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <h1 id="label-Ports+to+be+banned+Usually+should+be+overridden">Ports to be banned Usually should be overridden</h1>
 <p>in a particular jail</p>
 </div>
    </li>
    <li>
        <span class='name'>fn_fail2ban_agent</span>
        <span class='type'>(<tt>string</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;Fail2Ban/%(fail2ban_version)s&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>Format of user-agent
 <a
 href="https://tools.ietf.org/html/rfc7231#section-5.5.3">tools.ietf.org/html/rfc7231#section-5.5.3</a></p>
 </div>
    </li>
@@ -347,57 +724,90 @@ from the database.</p>
        <pre class="lines">
-48
+104
-49
+105
-50
+106
-51
+107
-52
+108
-53
+109
-54
+110
-55
+111
-56
+112
-57
+113
-58
+114
-59
+115
-60
+116
-61
+117
-62
+118
-63
+119
-64
+120
-65
+121
-66
+122
-67
+123
-68
+124
-69
+125
-70
+126
-71
+127
-72
+128
-73
+129
-74
+130
-75
+131
-76
+132
-77
+133
-78
+134
-79
+135
-80
+136
-81
+137
-82
+138
-83
+139
-84
+140
-85
+141
-86
+142
-87
+143
-88
+144
-89
+145
-90
+146
-91
+147
-92
+148
-93
+149
-94
+150
-95</pre>
+151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 48</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 104</span>
 class cd_fail2ban::params (
@@ -405,6 +815,9 @@ $pkg_ensure             = &#39;latest&#39;,
 $fn_manage_config       = true,
 $fn_enable_service      = &#39;running&#39;,
 # fail2ban.conf/local
 $fn_loglevel            = &#39;INFO&#39;,
 $fn_logtarget           = &#39;SYSLOG&#39;,
 $fn_syslogsocket        = &#39;auto&#39;,
@@ -413,6 +826,25 @@ $fn_pidfile             = &#39;/var/run/fail2ban/fail2ban.pid&#39;,
 $fn_dbfile              = &#39;/var/lib/fail2ban/fail2ban.sqlite3&#39;,
 $fn_dbpurgeage          = &#39;86400&#39;,
 # jail.conf/local
 $fn_ignoreip            = &#39;127.0.0.1/8&#39;,
 $fn_ignorecommand       = &#39;&#39;,
 $fn_bantime             = &#39;600&#39;,
 $fn_findtime            = &#39;600&#39;,
 $fn_maxretry            = &#39;5&#39;,
 $fn_backend             = &#39;auto&#39;,
 $fn_usedns              = &#39;warn&#39;,
 $fn_logencoding         = &#39;auto&#39;,
 $fn_enabled             = &#39;false&#39;,
 $fn_filter              = &#39;%(__name__)s&#39;,
 $fn_destemail           = &#39;root@localhost&#39;,
 $fn_sender              = &#39;root@localhost&#39;,
 $fn_mta                 = &#39;sendmail&#39;,
 $fn_protocol            = &#39;tcp&#39;,
 $fn_chain               = &#39;INPUT&#39;,
 $fn_port                = &#39;0:65535&#39;,
 $fn_fail2ban_agent      = &#39;Fail2Ban/%(fail2ban_version)s&#39;,
 ) {
@@ -420,9 +852,15 @@ $fn_dbpurgeage          = &#39;86400&#39;,
 $reqpackages    = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ =&gt; [&#39;fail2ban&#39;,&#39;fail2ban-firewalld&#39;,
                                        &#39;fail2ban-sendmail&#39;,
-                                        &#39;fail2ban-server.noarch&#39;],
+                                        &#39;fail2ban-server.noarch&#39;,&#39;jwhois&#39;],
  }
 $fn_jail_paths    = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ =&gt; &#39;fedora&#39;,
  }
 # shortcuts
 $fn_os                  = $::operatingsystem
 # service
 $fn_service             = &#39;fail2ban&#39;
@@ -441,6 +879,11 @@ $fn_fail2ban_conf_file  = &quot;${fn_main_dir}/fail2ban.conf&quot;
 $fn_fail2ban_conf_erb   = &#39;cd_fail2ban/fail2ban_conf.erb&#39;
 $fn_fail2ban_local_file = &quot;${fn_main_dir}/fail2ban.local&quot;
 $fn_fail2ban_local_erb  = &#39;cd_fail2ban/fail2ban_local.erb&#39;
 $fn_jail_conf_file      = &quot;${fn_main_dir}/jail.conf&quot;
 $fn_jail_conf_erb       = &#39;cd_fail2ban/jail_conf.erb&#39;
 $fn_jail_local_file     = &quot;${fn_main_dir}/jail.local&quot;
 $fn_jail_local_erb      = &#39;cd_fail2ban/jail_local.erb&#39;
 # includes must be last
@@ -454,7 +897,7 @@ $fn_fail2ban_local_erb  = &#39;cd_fail2ban/fail2ban_local.erb&#39;
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:37 2017 by
+  Generated on Thu Aug  3 18:32:56 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 </div>
      <div id="footer">
-  Generated on Thu Aug  3 16:55:36 2017 by
+  Generated on Thu Aug  3 18:32:55 2017 by
  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
  0.9.9 (ruby-2.0.0).
 </div>
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -60,5 +60,37 @@ class cd_fail2ban::main::files (
      notify    =>  Service[$fn_service],
    }
    # manage  jail.conf
    file { $fn_jail_conf_file:
      ensure    =>  present,
      path      =>  $fn_jail_conf_file,
      owner     =>  'root',
      group     =>  'root',
      mode      =>  '0640',
      selrange  =>  s0,
      selrole   =>  object_r,
      seltype   =>  etc_t,
      seluser   =>  system_u,
      content   =>  template($fn_jail_conf_erb),
      notify    =>  Service[$fn_service],
    }
    # manage  jail.local
    file { $fn_jail_local_file:
      ensure    =>  present,
      path      =>  $fn_jail_local_file,
      owner     =>  'root',
      group     =>  'root',
      mode      =>  '0640',
      selrange  =>  s0,
      selrole   =>  object_r,
      seltype   =>  etc_t,
      seluser   =>  system_u,
      content   =>  template($fn_jail_local_erb),
      notify    =>  Service[$fn_service],
    }
  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -44,13 +44,72 @@
 #   A value of "None" disables the database.
 # @param  [string] fn_dbpurgeage age in seconds at which bans should be purged
 #   from the database.
-##############################################################################
+# @param  [string] fn_ignoreip can be an IP address, a CIDR mask or a DNS host.
 #   Fail2ban will not ban a host which matches an address in this list. Several
 #   addresses can be defined using space (and/or comma) separator.
 # @param  [string] fn_ignorecommand External command that will take an
 #   tagged arguments to ignore, e.g. <ip>,and return true if the IP is to be
 #   ignored. False otherwise.
 # @param  [string] fn_bantime number of seconds that a host is banned.
 # @param  [string] fn_findtime A host is banned if it has generated "maxretry"
 #   during the last "findtime" seconds.
 # @param  [string] fn_maxretry number of failures before a host get banned.
 # @param  [string] fn_backend specifies the backend used to get files
 #   modification. options are "pyinotify", "gamin", "polling", "systemd" and
 #   "auto".
 #   pyinotify: requires pyinotify (a file alteration monitor) to be installed.
 #              If pyinotify is not installed, Fail2ban will use auto.
 #   gamin:     requires Gamin (a file alteration monitor) to be installed.
 #              If Gamin is not installed, Fail2ban will use auto.
 #   polling:   uses a polling algorithm which does not require external libraries.
 #   systemd:   uses systemd python library to access the systemd journal.
 #              Specifying "logpath" is not valid for this backend.
 #              See "journalmatch" in the jails associated filter config
 #   auto:      will try to use the following backends, in order:
 #              pyinotify, gamin, polling.
 # @param  [string] fn_usedns specifies if jails should trust hostnames in logs,
 #   warn when DNS lookups are performed, or ignore all hostnames in logs
 #   yes:   if a hostname is encountered, a DNS lookup will be performed.
 #   warn:  if a hostname is encountered, a DNS lookup will be performed,
 #        but it will be logged as a warning.
 #   no:    if a hostname is encountered, will not be used for banning,
 #        but it will be logged as info.
 #   raw:   use raw value (no hostname), allow use it for no-host filters/actions
 #   (example user)
 # @param  [string] fn_logencoding specifies the encoding of the log files
 #   handled by the jail This is used to decode the lines from the log file.
 #   Typical examples:  "ascii", "utf-8"
 #   auto:   will use the system locale setting
 # @param  [string] fn_enabled enables the jails.
 #   By default all jails are disabled, and it should stay this way.
 #   Enable only relevant to your setup jails in your .local or jail.d/*.conf
 #   true:  jail will be enabled and log files will get monitored for changes
 #   false: jail is not enabled
 # @param  [string]  fn_filter defines the filter to use by the jail.
 #   By default jails have names matching their filter name
 # @param  [string]  fn_destemail Destination email address used solely for the
 #   interpolations in jail.{conf,local,d/*} configuration files.
 # @param  [string] fn_sender Sender email address used solely for some actions
 # @param  [string] fn_mta E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA
 #   for the mailing. Change mta configuration parameter to mail if you want to
 #   revert to conventional 'mail'.
 # @param  [string]  fn_protocol Default protocol.
 # @param  [string] fn_chain Specify chain where jumps would need to be added in
 #   iptables-* actions.
 # @param  [string]  fn_port # Ports to be banned Usually should be overridden
 #   in a particular jail
 # @param  [string] fn_fail2ban_agent Format of user-agent
 #   https://tools.ietf.org/html/rfc7231#section-5.5.3
 ###############################################################################
 class cd_fail2ban::params (
 $pkg_ensure             = 'latest',
 $fn_manage_config       = true,
 $fn_enable_service      = 'running',
 # fail2ban.conf/local
 $fn_loglevel            = 'INFO',
 $fn_logtarget           = 'SYSLOG',
 $fn_syslogsocket        = 'auto',
@@ -59,6 +118,25 @@ $fn_pidfile             = '/var/run/fail2ban/fail2ban.pid',
 $fn_dbfile              = '/var/lib/fail2ban/fail2ban.sqlite3',
 $fn_dbpurgeage          = '86400',
 # jail.conf/local
 $fn_ignoreip            = '127.0.0.1/8',
 $fn_ignorecommand       = '',
 $fn_bantime             = '600',
 $fn_findtime            = '600',
 $fn_maxretry            = '5',
 $fn_backend             = 'auto',
 $fn_usedns              = 'warn',
 $fn_logencoding         = 'auto',
 $fn_enabled             = 'false',
 $fn_filter              = '%(__name__)s',
 $fn_destemail           = 'root@localhost',
 $fn_sender              = 'root@localhost',
 $fn_mta                 = 'sendmail',
 $fn_protocol            = 'tcp',
 $fn_chain               = 'INPUT',
 $fn_port                = '0:65535',
 $fn_fail2ban_agent      = 'Fail2Ban/%(fail2ban_version)s',
 ) {
@@ -66,9 +144,15 @@ $fn_dbpurgeage          = '86400',
 $reqpackages    = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld',
                                        'fail2ban-sendmail',
-                                        'fail2ban-server.noarch'],
+                                        'fail2ban-server.noarch','jwhois'],
  }
 $fn_jail_paths    = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => 'fedora',
  }
 # shortcuts
 $fn_os                  = $::operatingsystem
 # service
 $fn_service             = 'fail2ban'
@@ -87,6 +171,11 @@ $fn_fail2ban_conf_file  = "${fn_main_dir}/fail2ban.conf"
 $fn_fail2ban_conf_erb   = 'cd_fail2ban/fail2ban_conf.erb'
 $fn_fail2ban_local_file = "${fn_main_dir}/fail2ban.local"
 $fn_fail2ban_local_erb  = 'cd_fail2ban/fail2ban_local.erb'
 $fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
 $fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
 $fn_jail_local_file     = "${fn_main_dir}/jail.local"
 $fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
 # includes must be last
--- a/templates/jail_conf.erb
+++ b/templates/jail_conf.erb
@@ -0,0 +1,863 @@
 ################################################################################
 ##########                  jail.conf managed by Puppet               ##########
 ##########            manual changes will be overwritten !!!          ##########
 ################################################################################
 ##########              full reference available under                ##########
 ##########   https://confdroid.com/2017/08/fail2ban-jail-conf/        ##########
 ################################################################################
 #
 # WARNING: heavily refactored in 0.9.0 release.  Please review and
 #          customize settings for your setup.
 #
 # Changes:  in most of the cases you should not modify this
 #           file, but provide customizations in jail.local file,
 #           or separate .conf files under jail.d/ directory, e.g.:
 #
 # HOW TO ACTIVATE JAILS:
 #
 # YOU SHOULD NOT MODIFY THIS FILE.
 #
 # It will probably be overwritten or improved in a distribution update.
 #
 # Provide customizations in a jail.local file or a jail.d/customisation.local.
 # For example to change the default bantime for all jails and to enable the
 # ssh-iptables jail the following (uncommented) would appear in the .local file.
 # See man 5 jail.conf for details.
 #
 # [DEFAULT]
 # bantime = 3600
 #
 # [sshd]
 # enabled = true
 #
 # See jail.conf(5) man page for more information
 # Comments: use '#' for comment lines and ';' (following a space) for inline comments
 [INCLUDES]
 #before = paths-distro.conf
 before = paths-fedora.conf
 # The DEFAULT allows a global definition of the options. They can be overridden
 # in each jail afterwards.
 [DEFAULT]
 #
 # MISCELLANEOUS OPTIONS
 #
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 # ban a host which matches an address in this list. Several addresses can be
 # defined using space (and/or comma) separator.
 ignoreip = 127.0.0.1/8
 # External command that will take an tagged arguments to ignore, e.g. <ip>,
 # and return true if the IP is to be ignored. False otherwise.
 #
 # ignorecommand = /path/to/command <ip>
 ignorecommand =
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600
 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
 findtime  = 600
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 5
 # "backend" specifies the backend used to get files modification.
 # Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
 # This option can be overridden in each jail as well.
 #
 # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
 #              If pyinotify is not installed, Fail2ban will use auto.
 # gamin:     requires Gamin (a file alteration monitor) to be installed.
 #              If Gamin is not installed, Fail2ban will use auto.
 # polling:   uses a polling algorithm which does not require external libraries.
 # systemd:   uses systemd python library to access the systemd journal.
 #              Specifying "logpath" is not valid for this backend.
 #              See "journalmatch" in the jails associated filter config
 # auto:      will try to use the following backends, in order:
 #              pyinotify, gamin, polling.
 #
 # Note: if systemd backend is chosen as the default but you enable a jail
 #       for which logs are present only in its own log files, specify some other
 #       backend for that jail (e.g. polling) and provide empty value for
 #       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
 backend = auto
 # "usedns" specifies if jails should trust hostnames in logs,
 #   warn when DNS lookups are performed, or ignore all hostnames in logs
 #
 # yes:   if a hostname is encountered, a DNS lookup will be performed.
 # warn:  if a hostname is encountered, a DNS lookup will be performed,
 #        but it will be logged as a warning.
 # no:    if a hostname is encountered, will not be used for banning,
 #        but it will be logged as info.
 # raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
 usedns = warn
 # "logencoding" specifies the encoding of the log files handled by the jail
 #   This is used to decode the lines from the log file.
 #   Typical examples:  "ascii", "utf-8"
 #
 #   auto:   will use the system locale setting
 logencoding = auto
 # "enabled" enables the jails.
 #  By default all jails are disabled, and it should stay this way.
 #  Enable only relevant to your setup jails in your .local or jail.d/*.conf
 #
 # true:  jail will be enabled and log files will get monitored for changes
 # false: jail is not enabled
 enabled = false
 # "filter" defines the filter to use by the jail.
 #  By default jails have names matching their filter name
 #
 filter = %(__name__)s
 #
 # ACTIONS
 #
 # Some options used for actions
 # Destination email address used solely for the interpolations in
 # jail.{conf,local,d/*} configuration files.
 destemail = root@localhost
 # Sender email address used solely for some actions
 sender = root@localhost
 # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
 # mailing. Change mta configuration parameter to mail if you want to
 # revert to conventional 'mail'.
 mta = sendmail
 # Default protocol
 protocol = tcp
 # Specify chain where jumps would need to be added in iptables-* actions
 chain = INPUT
 # Ports to be banned
 # Usually should be overridden in a particular jail
 port = 0:65535
 # Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
 fail2ban_agent = Fail2Ban/%(fail2ban_version)s
 #
 # Action shortcuts. To be used to define action parameter
 # Default banning action (e.g. iptables, iptables-new,
 # iptables-multiport, shorewall, etc) It is used to define
 # action_* variables. Can be overridden globally or per
 # section within jail.local file
 banaction = iptables-multiport
 banaction_allports = iptables-allports
 # The simplest action to take: ban only
 action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report to the destemail.
 action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
 #
 # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
 # to the destemail.
 action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # Report block via blocklist.de fail2ban reporting service API
 #
 # See the IMPORTANT note in action.d/blocklist_de.conf for when to
 # use this action. Create a file jail.d/blocklist_de.local containing
 # [Init]
 # blocklist_de_apikey = {api key from registration]
 #
 action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
 # Report ban via badips.com, and use as blacklist
 #
 # See BadIPsAction docstring in config/action.d/badips.py for
 # documentation for this action.
 #
 # NOTE: This action relies on banaction being present on start and therefore
 # should be last action defined for a jail.
 #
 action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
 #
 # Report ban via badips.com (uses action.d/badips.conf for reporting only)
 #
 action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
 # globally (section [DEFAULT]) or per specific section
 action = %(action_)s
 #
 # JAILS
 #
 #
 # SSH servers
 #
 [sshd]
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [sshd-ddos]
 # This jail corresponds to the standard configuration in Fail2ban.
 # The mail-whois action send a notification e-mail with a whois request
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [dropbear]
 port     = ssh
 logpath  = %(dropbear_log)s
 backend  = %(dropbear_backend)s
 [selinux-ssh]
 port     = ssh
 logpath  = %(auditd_log)s
 #
 # HTTP servers
 #
 [apache-auth]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-badbots]
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
 port     = http,https
 logpath  = %(apache_access_log)s
 bantime  = 172800
 maxretry = 1
 [apache-noscript]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-overflows]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-nohome]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-botsearch]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-fakegooglebot]
 port     = http,https
 logpath  = %(apache_access_log)s
 maxretry = 1
 ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
 [apache-modsecurity]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-shellshock]
 port    = http,https
 logpath = %(apache_error_log)s
 maxretry = 1
 [openhab-auth]
 filter = openhab
 action = iptables-allports[name=NoAuthFailures]
 logpath = /opt/openhab/logs/request.log
 [nginx-http-auth]
 port    = http,https
 logpath = %(nginx_error_log)s
 # To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module`
 # and define `limit_req` and `limit_req_zone` as described in nginx documentation
 # http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
 # or for example see in 'config/filter.d/nginx-limit-req.conf'
 [nginx-limit-req]
 port    = http,https
 logpath = %(nginx_error_log)s
 [nginx-botsearch]
 port     = http,https
 logpath  = %(nginx_error_log)s
 maxretry = 2
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
 [php-url-fopen]
 port    = http,https
 logpath = %(nginx_access_log)s
          %(apache_access_log)s
 [suhosin]
 port    = http,https
 logpath = %(suhosin_log)s
 [lighttpd-auth]
 # Same as above for Apache's mod_auth
 # It catches wrong authentifications
 port    = http,https
 logpath = %(lighttpd_error_log)s
 #
 # Webmail and groupware servers
 #
 [roundcube-auth]
 port     = http,https
 logpath  = %(roundcube_errors_log)s
 [openwebmail]
 port     = http,https
 logpath  = /var/log/openwebmail.log
 [horde]
 port     = http,https
 logpath  = /var/log/horde/horde.log
 [groupoffice]
 port     = http,https
 logpath  = /home/groupoffice/log/info.log
 [sogo-auth]
 # Monitor SOGo groupware server
 # without proxy this would be:
 # port    = 20000
 port     = http,https
 logpath  = /var/log/sogo/sogo.log
 [tine20]
 logpath  = /var/log/tine20/tine20.log
 port     = http,https
 #
 # Web Applications
 #
 #
 [drupal-auth]
 port     = http,https
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [guacamole]
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out
 [monit]
 #Ban clients brute-forcing the monit gui login
 port = 2812
 logpath  = /var/log/monit
 [webmin-auth]
 port    = 10000
 logpath = %(syslog_authpriv)s
 backend = %(syslog_backend)s
 [froxlor-auth]
 port    = http,https
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 #
 # HTTP Proxy servers
 #
 #
 [squid]
 port     =  80,443,3128,8080
 logpath = /var/log/squid/access.log
 [3proxy]
 port    = 3128
 logpath = /var/log/3proxy.log
 #
 # FTP servers
 #
 [proftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
 backend  = %(proftpd_backend)s
 [pure-ftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
 backend  = %(pureftpd_backend)s
 [gssftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [wuftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
 backend  = %(wuftpd_backend)s
 [vsftpd]
 # or overwrite it in jails.local to be
 # logpath = %(syslog_authpriv)s
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(vsftpd_log)s
 #
 # Mail servers
 #
 # ASSP SMTP Proxy Jail
 [assp]
 port     = smtp,465,submission
 logpath  = /root/path/to/assp/logs/maillog.txt
 [courier-smtp]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [postfix-rbl]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 maxretry = 1
 [sendmail-auth]
 port    = submission,465,smtp
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [sendmail-reject]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [qmail-rbl]
 filter  = qmail
 port    = smtp,465,submission
 logpath = /service/qmail/log/main/current
 # dovecot defaults to logging to the mail syslog facility
 # but can be set by syslog_facility in the dovecot configuration.
 [dovecot]
 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [sieve]
 port   = smtp,465,submission
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [solid-pop3d]
 port    = pop3,pop3s
 logpath = %(solidpop3d_log)s
 [exim]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [exim-spam]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [kerio]
 port    = imap,smtp,imaps,465
 logpath = /opt/kerio/mailserver/store/logs/security.log
 #
 # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
 # all relevant ports get banned
 #
 [courier-auth]
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix-sasl]
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [perdition]
 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [squirrelmail]
 port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
 logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
 [cyrus-imap]
 port   = imap3,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [uwimap-auth]
 port   = imap3,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 #
 #
 # DNS servers
 #
 # !!! WARNING !!!
 #   Since UDP is connection-less protocol, spoofing of IP and imitation
 #   of illegal actions is way too simple.  Thus enabling of this filter
 #   might provide an easy way for implementing a DoS against a chosen
 #   victim. See
 #    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
 #   Please DO NOT USE this jail unless you know what you are doing.
 #
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks UDP traffic for DNS requests.
 # [named-refused-udp]
 #
 # filter   = named-refused
 # port     = domain,953
 # protocol = udp
 # logpath  = /var/log/named/security.log
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks TCP traffic for DNS requests.
 [named-refused]
 port     = domain,953
 logpath  = /var/log/named/security.log
 [nsd]
 port     = 53
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 logpath = /var/log/nsd.log
 #
 # Miscellaneous
 #
 [asterisk]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 [freeswitch]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/freeswitch.log
 maxretry = 10
 # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
 # equivalent section:
 # log-warning = 2
 #
 # for syslog (daemon facility)
 # [mysqld_safe]
 # syslog
 #
 # for own logfile
 # [mysqld]
 # log-error=/var/log/mysqld.log
 [mysqld-auth]
 port     = 3306
 logpath  = %(mysql_log)s
 backend  = %(mysql_backend)s
 # Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf')
 [mongodb-auth]
 # change port when running with "--shardsvr" or "--configsvr" runtime operation
 port     = 27017
 logpath  = /var/log/mongodb/mongodb.log
 # Jail for more extended banning of persistent abusers
 # !!! WARNINGS !!!
 # 1. Make sure that your loglevel specified in fail2ban.conf/.local
 #    is not at DEBUG level -- which might then cause fail2ban to fall into
 #    an infinite loop constantly feeding itself with non-informative lines
 # 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
 #    to maintain entries for failed logins for sufficient amount of time
 [recidive]
 logpath  = /var/log/fail2ban.log
 banaction = %(banaction_allports)s
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 # Generic filter for PAM. Has to be used with action which bans all
 # ports such as iptables-allports, shorewall
 [pam-generic]
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = %(banaction_allports)s
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 [xinetd-fail]
 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
 backend   = %(syslog_backend)s
 maxretry  = 2
 # stunnel - need to set port for this
 [stunnel]
 logpath = /var/log/stunnel4/stunnel.log
 [ejabberd-auth]
 port    = 5222
 logpath = /var/log/ejabberd/ejabberd.log
 [counter-strike]
 logpath = /opt/cstrike/logs/L[0-9]*.log
 # Firewall: http://www.cstrike-planet.com/faq/6
 tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
 udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 # consider low maxretry and a long bantime
 # nobody except your own Nagios server should ever probe nrpe
 [nagios]
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
 backend  = %(syslog_backend)s
 maxretry = 1
 [oracleims]
 # see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
 logpath = /opt/sun/comms/messaging64/log/mail.log_current
 banaction = %(banaction_allports)s
 [directadmin]
 logpath = /var/log/directadmin/login.log
 port = 2222
 [portsentry]
 logpath  = /var/lib/portsentry/portsentry.history
 maxretry = 1
 [pass2allow-ftp]
 # this pass2allow example allows FTP traffic after successful HTTP authentication
 port         = ftp,ftp-data,ftps,ftps-data
 # knocking_url variable must be overridden to some secret value in jail.local
 knocking_url = /knocking/
 filter       = apache-pass[knocking_url="%(knocking_url)s"]
 # access log of the website with HTTP auth
 logpath      = %(apache_access_log)s
 blocktype    = RETURN
 returntype   = DROP
 bantime      = 3600
 maxretry     = 1
 findtime     = 1
 [murmur]
 # AKA mumble-server
 port     = 64738
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
 logpath  = /var/log/mumble-server/mumble-server.log
 [screensharingd]
 # For Mac OS Screen Sharing Service (VNC)
 logpath  = /var/log/system.log
 logencoding = utf-8
 [haproxy-http-auth]
 # HAProxy by default doesn't log to file you'll need to set it up to forward
 # logs to a syslog server which would then write them to disk.
 # See "haproxy-http-auth" filter for a brief cautionary note when setting
 # maxretry and findtime.
 logpath  = /var/log/haproxy.log
 [slapd]
 port    = ldap,ldaps
 filter  = slapd
 logpath = /var/log/slapd.log
--- a/templates/jail_local.erb
+++ b/templates/jail_local.erb
@@ -0,0 +1,734 @@
 ################################################################################
 ##########                 jail.local managed by Puppet               ##########
 ##########            manual changes will be overwritten !!!          ##########
 ################################################################################
 ##########              full reference available under                ##########
 ##########   https://confdroid.com/2017/08/fail2ban-jail-conf/        ##########
 ################################################################################
 [INCLUDES]
 before          = paths-<%= @fn_jail_paths %>.conf
 [DEFAULT]
 ignoreip        = <%= @fn_ignoreip %>
 ignorecommand   = <%= @fn_ignorecommand %>
 bantime         = <%= @fn_bantime %>
 findtime        = <%= @fn_findtime %>
 maxretry        = <%= @fn_maxretry %>
 backend         = <%= @fn_backend %>
 usedns          = <%= @fn_usedns %>
 logencoding     = <%= @fn_logencoding %>
 enabled         = <%= @fn_enabled %>
 filter          = <%= @fn_enabled %>
 destemail       = <%= @fn_destemail %>
 sender          = <%= @fn_sender %>
 mta             = <%= @fn_sender %>
 protocol        = <%= @fn_protocol %>
 chain           = <%= @fn_chain %>
 port            = <%= @fn_port %>
 fail2ban_agent  = <%= @fn_fail2ban_agent %>
 #
 # Action shortcuts. To be used to define action parameter
 # Default banning action (e.g. iptables, iptables-new,
 # iptables-multiport, shorewall, etc) It is used to define
 # action_* variables. Can be overridden globally or per
 # section within jail.local file
 banaction = iptables-multiport
 banaction_allports = iptables-allports
 # The simplest action to take: ban only
 action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report to the destemail.
 action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
 #
 # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
 # to the destemail.
 action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # Report block via blocklist.de fail2ban reporting service API
 #
 # See the IMPORTANT note in action.d/blocklist_de.conf for when to
 # use this action. Create a file jail.d/blocklist_de.local containing
 # [Init]
 # blocklist_de_apikey = {api key from registration]
 #
 action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
 # Report ban via badips.com, and use as blacklist
 #
 # See BadIPsAction docstring in config/action.d/badips.py for
 # documentation for this action.
 #
 # NOTE: This action relies on banaction being present on start and therefore
 # should be last action defined for a jail.
 #
 action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
 #
 # Report ban via badips.com (uses action.d/badips.conf for reporting only)
 #
 action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
 # globally (section [DEFAULT]) or per specific section
 action = %(action_)s
 #
 # JAILS
 #
 #
 # SSH servers
 #
 [sshd]
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [sshd-ddos]
 # This jail corresponds to the standard configuration in Fail2ban.
 # The mail-whois action send a notification e-mail with a whois request
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [dropbear]
 port     = ssh
 logpath  = %(dropbear_log)s
 backend  = %(dropbear_backend)s
 [selinux-ssh]
 port     = ssh
 logpath  = %(auditd_log)s
 #
 # HTTP servers
 #
 [apache-auth]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-badbots]
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
 port     = http,https
 logpath  = %(apache_access_log)s
 bantime  = 172800
 maxretry = 1
 [apache-noscript]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-overflows]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-nohome]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-botsearch]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-fakegooglebot]
 port     = http,https
 logpath  = %(apache_access_log)s
 maxretry = 1
 ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
 [apache-modsecurity]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-shellshock]
 port    = http,https
 logpath = %(apache_error_log)s
 maxretry = 1
 [openhab-auth]
 filter = openhab
 action = iptables-allports[name=NoAuthFailures]
 logpath = /opt/openhab/logs/request.log
 [nginx-http-auth]
 port    = http,https
 logpath = %(nginx_error_log)s
 # To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module`
 # and define `limit_req` and `limit_req_zone` as described in nginx documentation
 # http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
 # or for example see in 'config/filter.d/nginx-limit-req.conf'
 [nginx-limit-req]
 port    = http,https
 logpath = %(nginx_error_log)s
 [nginx-botsearch]
 port     = http,https
 logpath  = %(nginx_error_log)s
 maxretry = 2
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
 [php-url-fopen]
 port    = http,https
 logpath = %(nginx_access_log)s
          %(apache_access_log)s
 [suhosin]
 port    = http,https
 logpath = %(suhosin_log)s
 [lighttpd-auth]
 # Same as above for Apache's mod_auth
 # It catches wrong authentifications
 port    = http,https
 logpath = %(lighttpd_error_log)s
 #
 # Webmail and groupware servers
 #
 [roundcube-auth]
 port     = http,https
 logpath  = %(roundcube_errors_log)s
 [openwebmail]
 port     = http,https
 logpath  = /var/log/openwebmail.log
 [horde]
 port     = http,https
 logpath  = /var/log/horde/horde.log
 [groupoffice]
 port     = http,https
 logpath  = /home/groupoffice/log/info.log
 [sogo-auth]
 # Monitor SOGo groupware server
 # without proxy this would be:
 # port    = 20000
 port     = http,https
 logpath  = /var/log/sogo/sogo.log
 [tine20]
 logpath  = /var/log/tine20/tine20.log
 port     = http,https
 #
 # Web Applications
 #
 #
 [drupal-auth]
 port     = http,https
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [guacamole]
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out
 [monit]
 #Ban clients brute-forcing the monit gui login
 port = 2812
 logpath  = /var/log/monit
 [webmin-auth]
 port    = 10000
 logpath = %(syslog_authpriv)s
 backend = %(syslog_backend)s
 [froxlor-auth]
 port    = http,https
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 #
 # HTTP Proxy servers
 #
 #
 [squid]
 port     =  80,443,3128,8080
 logpath = /var/log/squid/access.log
 [3proxy]
 port    = 3128
 logpath = /var/log/3proxy.log
 #
 # FTP servers
 #
 [proftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
 backend  = %(proftpd_backend)s
 [pure-ftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
 backend  = %(pureftpd_backend)s
 [gssftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [wuftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
 backend  = %(wuftpd_backend)s
 [vsftpd]
 # or overwrite it in jails.local to be
 # logpath = %(syslog_authpriv)s
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(vsftpd_log)s
 #
 # Mail servers
 #
 # ASSP SMTP Proxy Jail
 [assp]
 port     = smtp,465,submission
 logpath  = /root/path/to/assp/logs/maillog.txt
 [courier-smtp]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [postfix-rbl]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 maxretry = 1
 [sendmail-auth]
 port    = submission,465,smtp
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [sendmail-reject]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [qmail-rbl]
 filter  = qmail
 port    = smtp,465,submission
 logpath = /service/qmail/log/main/current
 # dovecot defaults to logging to the mail syslog facility
 # but can be set by syslog_facility in the dovecot configuration.
 [dovecot]
 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [sieve]
 port   = smtp,465,submission
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [solid-pop3d]
 port    = pop3,pop3s
 logpath = %(solidpop3d_log)s
 [exim]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [exim-spam]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [kerio]
 port    = imap,smtp,imaps,465
 logpath = /opt/kerio/mailserver/store/logs/security.log
 #
 # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
 # all relevant ports get banned
 #
 [courier-auth]
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix-sasl]
 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [perdition]
 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [squirrelmail]
 port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
 logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
 [cyrus-imap]
 port   = imap3,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [uwimap-auth]
 port   = imap3,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 #
 #
 # DNS servers
 #
 # !!! WARNING !!!
 #   Since UDP is connection-less protocol, spoofing of IP and imitation
 #   of illegal actions is way too simple.  Thus enabling of this filter
 #   might provide an easy way for implementing a DoS against a chosen
 #   victim. See
 #    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
 #   Please DO NOT USE this jail unless you know what you are doing.
 #
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks UDP traffic for DNS requests.
 # [named-refused-udp]
 #
 # filter   = named-refused
 # port     = domain,953
 # protocol = udp
 # logpath  = /var/log/named/security.log
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks TCP traffic for DNS requests.
 [named-refused]
 port     = domain,953
 logpath  = /var/log/named/security.log
 [nsd]
 port     = 53
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 logpath = /var/log/nsd.log
 #
 # Miscellaneous
 #
 [asterisk]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 [freeswitch]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/freeswitch.log
 maxretry = 10
 # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
 # equivalent section:
 # log-warning = 2
 #
 # for syslog (daemon facility)
 # [mysqld_safe]
 # syslog
 #
 # for own logfile
 # [mysqld]
 # log-error=/var/log/mysqld.log
 [mysqld-auth]
 port     = 3306
 logpath  = %(mysql_log)s
 backend  = %(mysql_backend)s
 # Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf')
 [mongodb-auth]
 # change port when running with "--shardsvr" or "--configsvr" runtime operation
 port     = 27017
 logpath  = /var/log/mongodb/mongodb.log
 # Jail for more extended banning of persistent abusers
 # !!! WARNINGS !!!
 # 1. Make sure that your loglevel specified in fail2ban.conf/.local
 #    is not at DEBUG level -- which might then cause fail2ban to fall into
 #    an infinite loop constantly feeding itself with non-informative lines
 # 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
 #    to maintain entries for failed logins for sufficient amount of time
 [recidive]
 logpath  = /var/log/fail2ban.log
 banaction = %(banaction_allports)s
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 # Generic filter for PAM. Has to be used with action which bans all
 # ports such as iptables-allports, shorewall
 [pam-generic]
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = %(banaction_allports)s
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 [xinetd-fail]
 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
 backend   = %(syslog_backend)s
 maxretry  = 2
 # stunnel - need to set port for this
 [stunnel]
 logpath = /var/log/stunnel4/stunnel.log
 [ejabberd-auth]
 port    = 5222
 logpath = /var/log/ejabberd/ejabberd.log
 [counter-strike]
 logpath = /opt/cstrike/logs/L[0-9]*.log
 # Firewall: http://www.cstrike-planet.com/faq/6
 tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
 udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 # consider low maxretry and a long bantime
 # nobody except your own Nagios server should ever probe nrpe
 [nagios]
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
 backend  = %(syslog_backend)s
 maxretry = 1
 [oracleims]
 # see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
 logpath = /opt/sun/comms/messaging64/log/mail.log_current
 banaction = %(banaction_allports)s
 [directadmin]
 logpath = /var/log/directadmin/login.log
 port = 2222
 [portsentry]
 logpath  = /var/lib/portsentry/portsentry.history
 maxretry = 1
 [pass2allow-ftp]
 # this pass2allow example allows FTP traffic after successful HTTP authentication
 port         = ftp,ftp-data,ftps,ftps-data
 # knocking_url variable must be overridden to some secret value in jail.local
 knocking_url = /knocking/
 filter       = apache-pass[knocking_url="%(knocking_url)s"]
 # access log of the website with HTTP auth
 logpath      = %(apache_access_log)s
 blocktype    = RETURN
 returntype   = DROP
 bantime      = 3600
 maxretry     = 1
 findtime     = 1
 [murmur]
 # AKA mumble-server
 port     = 64738
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
 logpath  = /var/log/mumble-server/mumble-server.log
 [screensharingd]
 # For Mac OS Screen Sharing Service (VNC)
 logpath  = /var/log/system.log
 logencoding = utf-8
 [haproxy-http-auth]
 # HAProxy by default doesn't log to file you'll need to set it up to forward
 # logs to a syslog server which would then write them to disk.
 # See "haproxy-http-auth" filter for a brief cautionary note when setting
 # maxretry and findtime.
 logpath  = /var/log/haproxy.log
 [slapd]
 port    = ldap,ldaps
 filter  = slapd
 logpath = /var/log/slapd.log
--- a/tests/UTF_Files
+++ b/tests/UTF_Files
@@ -4,3 +4,4 @@
 ./.yardoc/objects/root.dat: data
 ./doc/css/style.css: HTML document, UTF-8 Unicode text, with very long lines
 ./doc/js/jquery.js: HTML document, UTF-8 Unicode text, with very long lines
 ./doc/puppet_classes/cd_fail2ban_3A_3Aparams.html: HTML document, UTF-8 Unicode text