From 202c50762d6411e0511c62ff0659470b56065613 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Thu, 3 Aug 2017 15:29:17 +0100 Subject: [PATCH 1/2] added controls for main conf/local files --- README.md | 9 ++++- manifests/main/config.pp | 3 +- manifests/main/dirs.pp | 16 ++++++++ manifests/main/files.pp | 35 ++++++++++++++++ manifests/main/service.pp | 3 +- manifests/params.pp | 54 ++++++++++++++++++++----- templates/fail2ban_conf.erb | 77 ++++++++++++++++++++++++++++++++++++ templates/fail2ban_local.erb | 16 ++++++++ 8 files changed, 199 insertions(+), 14 deletions(-) create mode 100644 templates/fail2ban_conf.erb create mode 100644 templates/fail2ban_local.erb diff --git a/README.md b/README.md index aa51431..7889547 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ |Repo Name| version | Build Status| |---|---|---|---| -|`cd_fail2ban`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| +|`cd_fail2ban`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| ### Synopsis Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. @@ -34,6 +34,13 @@ Fail2Ban is an intrusion prevention software framework that protects computer se Installation * install required binaries +Configuration +* manage directory structure (file system permissions, selinux context) +* manage configration files (file system permissions, selinux context, content based on parameters) + +Service +* manage service status (running or stopped) + ### Repo Structure Repostructure has moved to REPOSTRUCTURE.md in repo. diff --git a/manifests/main/config.pp b/manifests/main/config.pp index d332125..39e0312 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -25,7 +25,6 @@ class cd_fail2ban::main::config ( ) inherits cd_fail2ban::params { - if $fn_enable_fail2ban == true { include cd_fail2ban::main::service - } + } diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp index cd5b9ca..f39f30b 100644 --- a/manifests/main/dirs.pp +++ b/manifests/main/dirs.pp @@ -109,4 +109,20 @@ class cd_fail2ban::main::dirs ( seltype => fail2ban_var_lib_t, seluser => system_u, } + + # manage /var/run/fail2bam + + file { $fn_var_run_dir: + ensure => directory, + path => $fn_var_run_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => fail2ban_var_run_t, + seluser => system_u, + } + + } diff --git a/manifests/main/files.pp b/manifests/main/files.pp index edbb472..ee0335b 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -26,4 +26,39 @@ class cd_fail2ban::main::files ( require cd_fail2ban::main::dirs + if $fn_manage_config == true { + + # manage fail2ban.conf + + file { $fn_fail2ban_conf_file: + ensure => present, + path => $fn_fail2ban_conf_file, + owner => 'root', + group => 'root', + mode => '0640', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($fn_fail2ban_conf_erb), + notify => Service[$fn_service], + } + + # manage fail2ban.local + + file { $fn_fail2ban_local_file: + ensure => present, + path => $fn_fail2ban_local_file, + owner => 'root', + group => 'root', + mode => '0640', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($fn_fail2ban_conf_erb), + notify => Service[$fn_service], + } + + } } diff --git a/manifests/main/service.pp b/manifests/main/service.pp index 0c2390e..30d6fb1 100644 --- a/manifests/main/service.pp +++ b/manifests/main/service.pp @@ -27,9 +27,10 @@ class cd_fail2ban::main::service ( require cd_fail2ban::main::files service { $fn_service: - ensure => running, + ensure => $fn_enable_service, hasstatus => true, hasrestart => true, enable => true, } + } diff --git a/manifests/params.pp b/manifests/params.pp index 70c99b5..ed4811e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -23,12 +23,42 @@ # @param [string] pkg_ensure # which [package type](https://confdroid.com/2017/05/puppet-type-package/) # to choose, i.e. `latest` or `present`. +# @param [boolean] fn_manage_config Whether to manage the fail2ban +# configuration files. If set to false, fail2ban will be installed, but the +# configuration will not be managed. +# @param [string] fn_enable_service Whether to enable/start or disable/stop +# the fail2ban service. Valid options are `running` or `stopped`. +# @param [string] fn_loglevel Set the log level output. Valid options are +# `CRITICAL`,`ERROR`,`WARNING`,`NOTICE`,`INFO` and `DEBUG`. +# @param [string] fn_logtarget Set the log target. This could be a file, +# SYSLOG, STDERR or STDOUT. Only one log target can be specified. +# @param [string] fn_syslogsocket Set the syslog socket file. Only used when +# logtarget is SYSLOG. auto uses platform.system() to determine predefined +# paths Valid options: [ auto | FILE ]. +# @param [string] fn_socket Set the socket file to communicate with the daemon. +# @param [string] fn_pidfile Set the PID file to store the process ID of the +# fail2ban server. +# @param [string] fn_dbfile file for the fail2ban persistent data to be stored. +# A value of ":memory:" means database is only stored in memory +# and data is lost when fail2ban is stopped. +# A value of "None" disables the database. +# @param [string] fn_dbpurgeage age in seconds at which bans should be purged +# from the database. ############################################################################## class cd_fail2ban::params ( -$pkg_ensure = 'latest', +$pkg_ensure = 'latest', + +$fn_manage_config = true, +$fn_enable_service = 'running', +$fn_loglevel = 'INFO', +$fn_logtarget = 'SYSLOG', +$fn_syslogsocket = 'auto', +$fn_socket = '/var/run/fail2ban/fail2ban.sock', +$fn_pidfile = '/var/run/fail2ban/fail2ban.pid', +$fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3', +$fn_dbpurgeage = '86400', -$fn_enable_fail2ban = true, ) { @@ -42,18 +72,22 @@ $reqpackages = $::operatingsystem ? { # service -$fn_service = 'fail2ban' +$fn_service = 'fail2ban' # directories -$fn_main_dir = '/etc/fail2ban' -$fn_action_d_dir = "${fn_main_dir}/action.d" -$fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d" -$fn_filter_d_dir = "${fn_main_dir}/filter.d" -$fn_jail_d_dir = "${fn_main_dir}/jail.d" -$fn_var_lib_dir = '/var/lib/fail2ban' - +$fn_main_dir = '/etc/fail2ban' +$fn_action_d_dir = "${fn_main_dir}/action.d" +$fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d" +$fn_filter_d_dir = "${fn_main_dir}/filter.d" +$fn_jail_d_dir = "${fn_main_dir}/jail.d" +$fn_var_lib_dir = '/var/lib/fail2ban' +$fn_var_run_dir = '/var/run/fail2ban' # files +$fn_fail2ban_conf_file = "${fn_main_dir}fail2ban.conf" +$fn_fail2ban_conf_erb = 'cd_fail2ban/fail2ban_conf.erb' +$fn_fail2ban_local_file = "${fn_main_dir}fail2ban.local" +$fn_fail2ban_local_erb = 'cd_fail2ban/fail2ban_local.erb' # includes must be last diff --git a/templates/fail2ban_conf.erb b/templates/fail2ban_conf.erb new file mode 100644 index 0000000..39c53d4 --- /dev/null +++ b/templates/fail2ban_conf.erb @@ -0,0 +1,77 @@ +################################################################################ +########## fail2ban.conf managed by Puppet ########## +########## manual changes will be overwritten !!! ########## +################################################################################ +########## full reference available under ########## +########## https://confdroid.com/2017/08/fail2ban-fail2ban-conf/ ########## +################################################################################ + +# Fail2Ban main configuration file +# +# Comments: use '#' for comment lines and ';' (following a space) for inline comments +# +# Changes: in most of the cases you should not modify this +# file, but provide customizations in fail2ban.local file, e.g.: +# +# [Definition] +# loglevel = DEBUG +# + +[Definition] + +# Option: loglevel +# Notes.: Set the log level output. +# CRITICAL +# ERROR +# WARNING +# NOTICE +# INFO +# DEBUG +# Values: [ LEVEL ] Default: ERROR +# +loglevel = INFO + +# Option: logtarget +# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. +# Only one log target can be specified. +# If you change logtarget from the default value and you are +# using logrotate -- also adjust or disable rotation in the +# corresponding configuration file +# (e.g. /etc/logrotate.d/fail2ban on Debian systems) +# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR +# +logtarget = /var/log/fail2ban.log + +# Option: syslogsocket +# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG +# auto uses platform.system() to determine predefined paths +# Values: [ auto | FILE ] Default: auto +syslogsocket = auto + +# Option: socket +# Notes.: Set the socket file. This is used to communicate with the daemon. Do +# not remove this file when Fail2ban runs. It will not be possible to +# communicate with the server afterwards. +# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock +# +socket = /var/run/fail2ban/fail2ban.sock + +# Option: pidfile +# Notes.: Set the PID file. This is used to store the process ID of the +# fail2ban server. +# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid +# +pidfile = /var/run/fail2ban/fail2ban.pid + +# Options: dbfile +# Notes.: Set the file for the fail2ban persistent data to be stored. +# A value of ":memory:" means database is only stored in memory +# and data is lost when fail2ban is stopped. +# A value of "None" disables the database. +# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3 +dbfile = /var/lib/fail2ban/fail2ban.sqlite3 + +# Options: dbpurgeage +# Notes.: Sets age at which bans should be purged from the database +# Values: [ SECONDS ] Default: 86400 (24hours) +dbpurgeage = 86400 diff --git a/templates/fail2ban_local.erb b/templates/fail2ban_local.erb new file mode 100644 index 0000000..4b7f5bb --- /dev/null +++ b/templates/fail2ban_local.erb @@ -0,0 +1,16 @@ +################################################################################ +########## fail2ban.local managed by Puppet ########## +########## manual changes will be overwritten !!! ########## +################################################################################ +########## full reference available under ########## +########## https://confdroid.com/2017/08/fail2ban-fail2ban-conf/ ########## +################################################################################ + +[Definition] +loglevel = <%= @fn_loglevel %> +logtarget = <%= @fn_logtarget %> +syslogsocket = <%= @fn_syslogsocket %> +socket = <%= @fn_socket %> +pidfile = <%= @fn_pidfile %> +dbfile = <%= @fn_dbfile %> +dbpurgeage = <%= @fn_dbpurgeage %> From a22f3fb29e723615e1dd085e048f839beecd89e6 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 3 Aug 2017 16:28:57 +0200 Subject: [PATCH 2/2] recommit for updates in build 7 --- CHANGELOG.md | 10 + REPOSTRUCTURE.md | 5 +- doc/_index.html | 2 +- doc/file.README.html | 13 +- doc/index.html | 13 +- doc/puppet_classes/cd_fail2ban.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aconfig.html | 8 +- .../cd_fail2ban_3A_3Amain_3A_3Adirs.html | 36 ++- .../cd_fail2ban_3A_3Amain_3A_3Afiles.html | 74 ++++- .../cd_fail2ban_3A_3Amain_3A_3Ainstall.html | 2 +- .../cd_fail2ban_3A_3Amain_3A_3Aservice.html | 8 +- .../cd_fail2ban_3A_3Aparams.html | 270 +++++++++++++++--- doc/top-level-namespace.html | 2 +- 13 files changed, 387 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 929b8c8..9fb548a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+3fdfda26d55dc96 Jenkins Server 2017-08-03 13:10:45 +

+

recommit for updates in build 6

+ +

+fdf29a4e38ba36a Arne Teuke 2017-08-03 13:09:41 +

+

added directory control

+ +

3c581b56cc82cb9 Arne Teuke 2017-08-03 13:01:25

added directory control

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 752e395..3ce4a87 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -31,6 +31,9 @@ | | `-- service.pp | |-- init.pp | `-- params.pp +|-- templates +| |-- fail2ban_conf.erb +| `-- fail2ban_local.erb |-- tests | `-- UTF_Files |-- CHANGELOG.md @@ -41,4 +44,4 @@ |-- README.md `-- REPOSTRUCTURE.md -7 directories, 34 files +8 directories, 36 files diff --git a/doc/_index.html b/doc/_index.html index fb70178..b21ade1 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -132,7 +132,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 7fc480b..1a1160e 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -61,7 +61,7 @@

|Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.3 | cd_fail2ban| 0.0.0.4 | {Build Status/]|

@@ -128,6 +128,15 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_fail2ban/blob/master/CHANGELOG.m

Installation * install required binaries

+

Configuration +* manage directory structure (file system permissions, +selinux context) +* manage configration files (file system permissions, +selinux context, content based on parameters)

+ +

Service +* manage service status (running or stopped)

+

Repo Structure

Repostructure has moved to REPOSTRUCTURE.md in repo.

@@ -242,7 +251,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index eb53701..e8815cd 100644 --- a/doc/index.html +++ b/doc/index.html @@ -61,7 +61,7 @@

|Repo Name| version | Build Status| |---|---|---|---| -|cd_fail2ban| 0.0.0.3 | cd_fail2ban| 0.0.0.4 | {Build Status/]|

@@ -128,6 +128,15 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_fail2ban/blob/master/CHANGELOG.m

Installation * install required binaries

+

Configuration +* manage directory structure (file system permissions, +selinux context) +* manage configration files (file system permissions, +selinux context, content based on parameters)

+ +

Service +* manage service status (running or stopped)

+

Repo Structure

Repostructure has moved to REPOSTRUCTURE.md in repo.

@@ -242,7 +251,7 @@ environments.

diff --git a/doc/puppet_classes/cd_fail2ban.html b/doc/puppet_classes/cd_fail2ban.html index cc1d3a6..d998ea2 100644 --- a/doc/puppet_classes/cd_fail2ban.html +++ b/doc/puppet_classes/cd_fail2ban.html @@ -139,7 +139,7 @@ class cd_fail2ban { diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html index ef6344d..086a584 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html @@ -134,8 +134,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

27 28 29 -30 -31 +30 
# File 'manifests/main/config.pp', line 24
@@ -144,9 +143,8 @@ class cd_fail2ban::main::config (
 
 ) inherits cd_fail2ban::params {
 
-  if $fn_enable_fail2ban == true {
     include cd_fail2ban::main::service
-  }
+
 }
@@ -155,7 +153,7 @@ class cd_fail2ban::main::config ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html index 8bd8578..4adb85a 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html @@ -216,7 +216,23 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

109 110 111 -112 +112 +113 +114 +115 +116 +117 +118 +119 +120 +121 +122 +123 +124 +125 +126 +127 +128 
# File 'manifests/main/dirs.pp', line 23
@@ -310,6 +326,22 @@ class cd_fail2ban::main::dirs (
     seltype   =>  fail2ban_var_lib_t,
     seluser   =>  system_u,
   }
+
+  # manage /var/run/fail2bam
+
+  file { $fn_var_run_dir:
+    ensure    =>  directory,
+    path      =>  $fn_var_run_dir,
+    owner     =>  'root',
+    group     =>  'root',
+    mode      =>  '0755',
+    selrange  =>  s0,
+    selrole   =>  object_r,
+    seltype   =>  fail2ban_var_run_t,
+    seluser   =>  system_u,
+  }
+
+
 }
@@ -318,7 +350,7 @@ class cd_fail2ban::main::dirs ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html index 8fb404a..67c717c 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html @@ -133,7 +133,42 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

26 27 28 -29 +29 +30 +31 +32 +33 +34 +35 +36 +37 +38 +39 +40 +41 +42 +43 +44 +45 +46 +47 +48 +49 +50 +51 +52 +53 +54 +55 +56 +57 +58 +59 +60 +61 +62 +63 +64 
# File 'manifests/main/files.pp', line 23
@@ -144,6 +179,41 @@ class cd_fail2ban::main::files (
 
   require cd_fail2ban::main::dirs
 
+  if $fn_manage_config == true {
+
+    # manage fail2ban.conf
+
+    file { $fn_fail2ban_conf_file:
+      ensure    =>  present,
+      path      =>  $fn_fail2ban_conf_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_fail2ban_conf_erb),
+      notify    =>  Service[$fn_service],
+    }
+
+    # manage fail2ban.local
+
+    file { $fn_fail2ban_local_file:
+      ensure    =>  present,
+      path      =>  $fn_fail2ban_local_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0640',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  etc_t,
+      seluser   =>  system_u,
+      content   =>  template($fn_fail2ban_conf_erb),
+      notify    =>  Service[$fn_service],
+    }
+
+  }
 }
@@ -152,7 +222,7 @@ class cd_fail2ban::main::files ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html index 3737d5f..0abcedc 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html @@ -159,7 +159,7 @@ class cd_fail2ban::main::install ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html index d108ef2..3fdc1a7 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html @@ -139,7 +139,8 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

32 33 34 -35 +35 +36 
# File 'manifests/main/service.pp', line 23
@@ -151,11 +152,12 @@ class cd_fail2ban::main::service (
   require cd_fail2ban::main::files
 
   service { $fn_service:
-    ensure      => running,
+    ensure      => $fn_enable_service,
     hasstatus   => true,
     hasrestart  => true,
     enable      => true,
   }
+
 }
@@ -164,7 +166,7 @@ class cd_fail2ban::main::service ( diff --git a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html index cec7144..00d5aa6 100644 --- a/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html +++ b/doc/puppet_classes/cd_fail2ban_3A_3Aparams.html @@ -126,7 +126,9 @@ for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/.

+href="http://www.gnu.org/licenses">www.gnu.org/licenses/. +CRITICAL,ERROR,WARNING,NOTICE,INFO +and DEBUG.

@@ -156,15 +158,183 @@ to choose, i.e. latest or present.

  • - fn_enable_fail2ban + fn_manage_config - (Any) + (boolean) (defaults to: true) + — +
    +

    Whether to manage the fail2ban +configuration files. If set to false, +fail2ban will be installed, but the +configuration will not be managed.

    +
    + +
    • + +
  • + + fn_enable_service + + + (string) + + + (defaults to: 'running') + + + — +
    +

    Whether to enable/start or disable/stop +the fail2ban service. Valid options +are running or stopped.

    +
    + +
    • + +
  • + + fn_loglevel + + + (string) + + + (defaults to: 'INFO') + + + — +
    +

    Set the log level output. Valid options are

    +
    + +
    • + +
  • + + fn_logtarget + + + (string) + + + (defaults to: 'SYSLOG') + + + — +
    +

    Set the log target. This could be a file, +SYSLOG, STDERR or STDOUT. Only +one log target can be specified.

    +
    + +
    • + +
  • + + fn_syslogsocket + + + (string) + + + (defaults to: 'auto') + + + — +
    +

    Set the syslog socket file. Only used when +logtarget is SYSLOG. auto uses +platform.system() to determine predefined +paths Valid options: [ auto | +FILE ].

    +
    + +
    • + +
  • + + fn_socket + + + (string) + + + (defaults to: '/var/run/fail2ban/fail2ban.sock') + + + — +
    +

    Set the socket file to communicate with the daemon.

    +
    + +
    • + +
  • + + fn_pidfile + + + (string) + + + (defaults to: '/var/run/fail2ban/fail2ban.pid') + + + — +
    +

    Set the PID file to store the process ID of the +fail2ban server.

    +
    + +
    • + +
  • + + fn_dbfile + + + (string) + + + (defaults to: '/var/lib/fail2ban/fail2ban.sqlite3') + + + — +
    +

    file for the fail2ban persistent data to be stored. +A value of +":memory:" means database is only stored in memory +and data is +lost when fail2ban is stopped. +A value of "None" disables the +database.

    +
    + +
    • + +
  • + + fn_dbpurgeage + + + (string) + + + (defaults to: '86400') + + + — +
    +

    age in seconds at which bans should be purged +from the database.

    +
    +
    • @@ -177,27 +347,6 @@ to choose, i.e. latest or present.

     
 
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
 48
 49
 50
@@ -212,16 +361,59 @@ to choose, i.e. latest or present.
    
 59
 60
 61
-62
    +62 +63 +64 +65 +66 +67 +68 +69 +70 +71 +72 +73 +74 +75 +76 +77 +78 +79 +80 +81 +82 +83 +84 +85 +86 +87 +88 +89 +90 +91 +92 +93 +94 +95 +96 - 
    # File 'manifests/params.pp', line 27
+        
    # File 'manifests/params.pp', line 48
 
 class cd_fail2ban::params (
 
-$pkg_ensure           = 'latest',
+$pkg_ensure             = 'latest',
+
+$fn_manage_config       = true,
+$fn_enable_service      = 'running',
+$fn_loglevel            = 'INFO',
+$fn_logtarget           = 'SYSLOG',
+$fn_syslogsocket        = 'auto',
+$fn_socket              = '/var/run/fail2ban/fail2ban.sock',
+$fn_pidfile             = '/var/run/fail2ban/fail2ban.pid',
+$fn_dbfile              = '/var/lib/fail2ban/fail2ban.sqlite3',
+$fn_dbpurgeage          = '86400',
 
-$fn_enable_fail2ban   =  true,
 
 ) {
 
@@ -235,18 +427,22 @@ $reqpackages  = $::operatingsystem ? {
 
 
 # service
-$fn_service           = 'fail2ban'
+$fn_service             = 'fail2ban'
 
 # directories
-$fn_main_dir          = '/etc/fail2ban'
-$fn_action_d_dir      = "${fn_main_dir}/action.d"
-$fn_fail2ban_d_dir    = "${fn_main_dir}/fail2ban.d"
-$fn_filter_d_dir      = "${fn_main_dir}/filter.d"
-$fn_jail_d_dir        = "${fn_main_dir}/jail.d"
-$fn_var_lib_dir       = '/var/lib/fail2ban'
-
+$fn_main_dir            = '/etc/fail2ban'
+$fn_action_d_dir        = "${fn_main_dir}/action.d"
+$fn_fail2ban_d_dir      = "${fn_main_dir}/fail2ban.d"
+$fn_filter_d_dir        = "${fn_main_dir}/filter.d"
+$fn_jail_d_dir          = "${fn_main_dir}/jail.d"
+$fn_var_lib_dir         = '/var/lib/fail2ban'
+$fn_var_run_dir         = '/var/run/fail2ban'
 
 # files
+$fn_fail2ban_conf_file  = "${fn_main_dir}fail2ban.conf"
+$fn_fail2ban_conf_erb   = 'cd_fail2ban/fail2ban_conf.erb'
+$fn_fail2ban_local_file = "${fn_main_dir}fail2ban.local"
+$fn_fail2ban_local_erb  = 'cd_fail2ban/fail2ban_local.erb'
 
 # includes must be last
 
@@ -260,7 +456,7 @@ $fn_var_lib_dir       = '/var/lib/fail2ban'
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index deae4d9..0410a43 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@