From d33c85b30d815d88dd0f229794e08eb856110ff6 Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Thu, 3 Aug 2017 17:29:36 +0100
Subject: [PATCH] added more file controls

---
 manifests/main/files.pp | 16 ++++++++++++++++
 manifests/params.pp     |  3 ++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index d9888f9..2aff38f 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -76,5 +76,21 @@ class cd_fail2ban::main::files (
       notify    =>  Service[$fn_service],
     }
 
+    # manage  jail.local
+
+    file { $fn_jail_local_file:
+      ensure    =>  present,
+      path      =>  $fn_jail_local_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_jail_local_erb),
+      notify    =>  Service[$fn_service],
+    }
+
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 8977173..345ae4a 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -173,7 +173,8 @@ $fn_fail2ban_local_file = "${fn_main_dir}/fail2ban.local"
 $fn_fail2ban_local_erb  = 'cd_fail2ban/fail2ban_local.erb'
 $fn_jail_conf_file      = "${fn_main_dir}/jail.conf"
 $fn_jail_conf_erb       = 'cd_fail2ban/jail_conf.erb'
-
+$fn_jail_local_file     = "${fn_main_dir}/jail.local"
+$fn_jail_local_erb      = 'cd_fail2ban/jail_local.erb'
 
 
 # includes must be last