confdroid/confdroid_fail2ban
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'jenkins' into 'master'

Browse Source 
Jenkins

See merge request !4
This commit is contained in:
12ww1160
2017-08-03 16:39:32 +02:00
parent e1ab8388ba a22f3fb29e
commit da745a199c
21 changed files with 586 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -8,6 +8,16 @@ Changelog of Git Changelog.
<h2> No issue </h2> <h2> No issue </h2>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/3fdfda26d55dc96">3fdfda26d55dc96</a> Jenkins Server <i>2017-08-03 13:10:45</i>
<p>
<h3>recommit for updates in build 6</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/fdf29a4e38ba36a">fdf29a4e38ba36a</a> Arne Teuke <i>2017-08-03 13:09:41</i>
<p>
<h3>added directory control</h3>
</p>
<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/3c581b56cc82cb9">3c581b56cc82cb9</a> Arne Teuke <i>2017-08-03 13:01:25</i> <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/3c581b56cc82cb9">3c581b56cc82cb9</a> Arne Teuke <i>2017-08-03 13:01:25</i>
<p> <p>
<h3>added directory control</h3> <h3>added directory control</h3>

9
README.md
View File

@@ -1,6 +1,6 @@
|Repo Name| version | Build Status| |Repo Name| version | Build Status|
|---|---|---|---| |---|---|---|---|
|`cd_fail2ban`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)| |`cd_fail2ban`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban)](https://jenkins.confdroid.com/job/cd_fail2ban/)|
### Synopsis ### Synopsis
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.
@@ -34,6 +34,13 @@ Fail2Ban is an intrusion prevention software framework that protects computer se
Installation Installation
* install required binaries * install required binaries
Configuration
* manage directory structure (file system permissions, selinux context)
* manage configration files (file system permissions, selinux context, content based on parameters)
Service
* manage service status (running or stopped)
### Repo Structure ### Repo Structure
Repostructure has moved to REPOSTRUCTURE.md in repo. Repostructure has moved to REPOSTRUCTURE.md in repo.

5
REPOSTRUCTURE.md
View File

@@ -31,6 +31,9 @@
| | `-- service.pp | | `-- service.pp
| |-- init.pp | |-- init.pp
| `-- params.pp | `-- params.pp
|-- templates
| |-- fail2ban_conf.erb
| `-- fail2ban_local.erb
|-- tests |-- tests
| `-- UTF_Files | `-- UTF_Files
|-- CHANGELOG.md |-- CHANGELOG.md
@@ -41,4 +44,4 @@
|-- README.md |-- README.md
`-- REPOSTRUCTURE.md `-- REPOSTRUCTURE.md
7 directories, 34 files 8 directories, 36 files

2
doc/_index.html
View File

@@ -132,7 +132,7 @@
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:42 2017 by Generated on Thu Aug 3 16:28:53 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

13
doc/file.README.html
View File

@@ -61,7 +61,7 @@
<p>|Repo Name| version | Build <p>|Repo Name| version | Build
Status| Status|
|---|---|---|---| |---|---|---|---|
|<code>cd_fail2ban</code>| 0.0.0.3 | <a |<code>cd_fail2ban</code>| 0.0.0.4 | <a
href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build
Status</a>/]|</p> Status</a>/]|</p>
@@ -128,6 +128,15 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_fail2ban/blob/master/CHANGELOG.m
<p>Installation <p>Installation
* install required binaries</p> * install required binaries</p>
<p>Configuration
* manage directory structure (file system permissions,
selinux context)
* manage configration files (file system permissions,
selinux context, content based on parameters)</p>
<p>Service
* manage service status (running or stopped)</p>
<h3 id="label-Repo+Structure">Repo Structure</h3> <h3 id="label-Repo+Structure">Repo Structure</h3>
<p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p> <p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p>
@@ -242,7 +251,7 @@ environments.</p>
</div></div> </div></div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

13
doc/index.html
View File

@@ -61,7 +61,7 @@
<p>|Repo Name| version | Build <p>|Repo Name| version | Build
Status| Status|
|---|---|---|---| |---|---|---|---|
|<code>cd_fail2ban</code>| 0.0.0.3 | <a |<code>cd_fail2ban</code>| 0.0.0.4 | <a
href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_fail2ban">{Build
Status</a>/]|</p> Status</a>/]|</p>
@@ -128,6 +128,15 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_fail2ban/blob/master/CHANGELOG.m
<p>Installation <p>Installation
* install required binaries</p> * install required binaries</p>
<p>Configuration
* manage directory structure (file system permissions,
selinux context)
* manage configration files (file system permissions,
selinux context, content based on parameters)</p>
<p>Service
* manage service status (running or stopped)</p>
<h3 id="label-Repo+Structure">Repo Structure</h3> <h3 id="label-Repo+Structure">Repo Structure</h3>
<p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p> <p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p>
@@ -242,7 +251,7 @@ environments.</p>
</div></div> </div></div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:42 2017 by Generated on Thu Aug 3 16:28:53 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_fail2ban.html
View File

@@ -139,7 +139,7 @@ class cd_fail2ban {
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

8
doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aconfig.html
View File

@@ -134,8 +134,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
27 27
28 28
29 29
30 30</pre>
31</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/config.pp', line 24</span> <pre class="code"><span class="info file"># File 'manifests/main/config.pp', line 24</span>
@@ -144,9 +143,8 @@ class cd_fail2ban::main::config (
) inherits cd_fail2ban::params { ) inherits cd_fail2ban::params {
if $fn_enable_fail2ban == true {
include cd_fail2ban::main::service include cd_fail2ban::main::service
}
}</pre> }</pre>
</td> </td>
</tr> </tr>
@@ -155,7 +153,7 @@ class cd_fail2ban::main::config (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

36
doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Adirs.html
View File

@@ -216,7 +216,23 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
109 109
110 110
111 111
112</pre> 112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/dirs.pp', line 23</span> <pre class="code"><span class="info file"># File 'manifests/main/dirs.pp', line 23</span>
@@ -310,6 +326,22 @@ class cd_fail2ban::main::dirs (
seltype =&gt; fail2ban_var_lib_t, seltype =&gt; fail2ban_var_lib_t,
seluser =&gt; system_u, seluser =&gt; system_u,
} }
# manage /var/run/fail2bam
file { $fn_var_run_dir:
ensure =&gt; directory,
path =&gt; $fn_var_run_dir,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0755&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; fail2ban_var_run_t,
seluser =&gt; system_u,
}
}</pre> }</pre>
</td> </td>
</tr> </tr>
@@ -318,7 +350,7 @@ class cd_fail2ban::main::dirs (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

74
doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Afiles.html
View File

@@ -133,7 +133,42 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
26 26
27 27
28 28
29</pre> 29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 23</span> <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 23</span>
@@ -144,6 +179,41 @@ class cd_fail2ban::main::files (
require cd_fail2ban::main::dirs require cd_fail2ban::main::dirs
if $fn_manage_config == true {
# manage fail2ban.conf
file { $fn_fail2ban_conf_file:
ensure =&gt; present,
path =&gt; $fn_fail2ban_conf_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0640&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; etc_t,
seluser =&gt; system_u,
content =&gt; template($fn_fail2ban_conf_erb),
notify =&gt; Service[$fn_service],
}
# manage fail2ban.local
file { $fn_fail2ban_local_file:
ensure =&gt; present,
path =&gt; $fn_fail2ban_local_file,
owner =&gt; &#39;root&#39;,
group =&gt; &#39;root&#39;,
mode =&gt; &#39;0640&#39;,
selrange =&gt; s0,
selrole =&gt; object_r,
seltype =&gt; etc_t,
seluser =&gt; system_u,
content =&gt; template($fn_fail2ban_conf_erb),
notify =&gt; Service[$fn_service],
}
}
}</pre> }</pre>
</td> </td>
</tr> </tr>
@@ -152,7 +222,7 @@ class cd_fail2ban::main::files (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Ainstall.html
View File

@@ -159,7 +159,7 @@ class cd_fail2ban::main::install (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

8
doc/puppet_classes/cd_fail2ban_3A_3Amain_3A_3Aservice.html
View File

@@ -139,7 +139,8 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
32 32
33 33
34 34
35</pre> 35
36</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/main/service.pp', line 23</span> <pre class="code"><span class="info file"># File 'manifests/main/service.pp', line 23</span>
@@ -151,11 +152,12 @@ class cd_fail2ban::main::service (
require cd_fail2ban::main::files require cd_fail2ban::main::files
service { $fn_service: service { $fn_service:
ensure =&gt; running, ensure =&gt; $fn_enable_service,
hasstatus =&gt; true, hasstatus =&gt; true,
hasrestart =&gt; true, hasrestart =&gt; true,
enable =&gt; true, enable =&gt; true,
} }
}</pre> }</pre>
</td> </td>
</tr> </tr>
@@ -164,7 +166,7 @@ class cd_fail2ban::main::service (
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:55 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

254
doc/puppet_classes/cd_fail2ban_3A_3Aparams.html
View File

@@ -126,7 +126,9 @@ for more details.</p>
<p>You should have received a copy of the GNU General Public License <p>You should have received a copy of the GNU General Public License
along along
with this program. If not, see <a with this program. If not, see <a
href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p> href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.
<code>CRITICAL</code>,<code>ERROR</code>,<code>WARNING</code>,<code>NOTICE</code>,<code>INFO</code>
and <code>DEBUG</code>.</p>
</div> </div>
</div> </div>
@@ -156,15 +158,183 @@ to choose, i.e. <code>latest</code> or <code>present</code>.</p>
<li> <li>
<span class='name'>fn_enable_fail2ban</span> <span class='name'>fn_manage_config</span>
<span class='type'>(<tt>Any</tt>)</span> <span class='type'>(<tt>boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em> <em class="default">(defaults to: <tt>true</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to manage the fail2ban
configuration files. If set to false,
fail2ban will be installed, but the
configuration will not be managed.</p>
</div>
</li>
<li>
<span class='name'>fn_enable_service</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;running&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to enable/start or disable/stop
the fail2ban service. Valid options
are <code>running</code> or <code>stopped</code>.</p>
</div>
</li>
<li>
<span class='name'>fn_loglevel</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;INFO&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the log level output. Valid options are</p>
</div>
</li>
<li>
<span class='name'>fn_logtarget</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;SYSLOG&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the log target. This could be a file,
SYSLOG, STDERR or STDOUT. Only
one log target can be specified.</p>
</div>
</li>
<li>
<span class='name'>fn_syslogsocket</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the syslog socket file. Only used when
logtarget is SYSLOG. auto uses
platform.system() to determine predefined
paths Valid options: [ auto |
FILE ].</p>
</div>
</li>
<li>
<span class='name'>fn_socket</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/run/fail2ban/fail2ban.sock&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the socket file to communicate with the daemon.</p>
</div>
</li>
<li>
<span class='name'>fn_pidfile</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/run/fail2ban/fail2ban.pid&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the PID file to store the process ID of the
fail2ban server.</p>
</div>
</li>
<li>
<span class='name'>fn_dbfile</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/lib/fail2ban/fail2ban.sqlite3&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>file for the fail2ban persistent data to be stored.
A value of
&quot;:memory:&quot; means database is only stored in memory
and data is
lost when fail2ban is stopped.
A value of &quot;None&quot; disables the
database.</p>
</div>
</li>
<li>
<span class='name'>fn_dbpurgeage</span>
<span class='type'>(<tt>string</tt>)</span>
<em class="default">(defaults to: <tt>&#39;86400&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>age in seconds at which bans should be purged
from the database.</p>
</div>
</li> </li>
</ul> </ul>
@@ -177,27 +347,6 @@ to choose, i.e. <code>latest</code> or <code>present</code>.</p>
<pre class="lines"> <pre class="lines">
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48 48
49 49
50 50
@@ -212,16 +361,59 @@ to choose, i.e. <code>latest</code> or <code>present</code>.</p>
59 59
60 60
61 61
62</pre> 62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 27</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 48</span>
class cd_fail2ban::params ( class cd_fail2ban::params (
$pkg_ensure = &#39;latest&#39;, $pkg_ensure = &#39;latest&#39;,
$fn_enable_fail2ban = true, $fn_manage_config = true,
$fn_enable_service = &#39;running&#39;,
$fn_loglevel = &#39;INFO&#39;,
$fn_logtarget = &#39;SYSLOG&#39;,
$fn_syslogsocket = &#39;auto&#39;,
$fn_socket = &#39;/var/run/fail2ban/fail2ban.sock&#39;,
$fn_pidfile = &#39;/var/run/fail2ban/fail2ban.pid&#39;,
$fn_dbfile = &#39;/var/lib/fail2ban/fail2ban.sqlite3&#39;,
$fn_dbpurgeage = &#39;86400&#39;,
) { ) {
@@ -244,9 +436,13 @@ $fn_fail2ban_d_dir = &quot;${fn_main_dir}/fail2ban.d&quot;
$fn_filter_d_dir = &quot;${fn_main_dir}/filter.d&quot; $fn_filter_d_dir = &quot;${fn_main_dir}/filter.d&quot;
$fn_jail_d_dir = &quot;${fn_main_dir}/jail.d&quot; $fn_jail_d_dir = &quot;${fn_main_dir}/jail.d&quot;
$fn_var_lib_dir = &#39;/var/lib/fail2ban&#39; $fn_var_lib_dir = &#39;/var/lib/fail2ban&#39;
$fn_var_run_dir = &#39;/var/run/fail2ban&#39;
# files # files
$fn_fail2ban_conf_file = &quot;${fn_main_dir}fail2ban.conf&quot;
$fn_fail2ban_conf_erb = &#39;cd_fail2ban/fail2ban_conf.erb&#39;
$fn_fail2ban_local_file = &quot;${fn_main_dir}fail2ban.local&quot;
$fn_fail2ban_local_erb = &#39;cd_fail2ban/fail2ban_local.erb&#39;
# includes must be last # includes must be last
@@ -260,7 +456,7 @@ $fn_var_lib_dir = &#39;/var/lib/fail2ban&#39;
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

2
doc/top-level-namespace.html
View File

@@ -90,7 +90,7 @@
</div> </div>
<div id="footer"> <div id="footer">
Generated on Thu Aug 3 15:10:43 2017 by Generated on Thu Aug 3 16:28:54 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a> <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0). 0.9.9 (ruby-2.0.0).
</div> </div>

3
manifests/main/config.pp
View File

@@ -25,7 +25,6 @@ class cd_fail2ban::main::config (
) inherits cd_fail2ban::params { ) inherits cd_fail2ban::params {
if $fn_enable_fail2ban == true {
include cd_fail2ban::main::service include cd_fail2ban::main::service
}
} }

16
manifests/main/dirs.pp
View File

@@ -109,4 +109,20 @@ class cd_fail2ban::main::dirs (
seltype => fail2ban_var_lib_t, seltype => fail2ban_var_lib_t,
seluser => system_u, seluser => system_u,
} }
# manage /var/run/fail2bam
file { $fn_var_run_dir:
ensure => directory,
path => $fn_var_run_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => fail2ban_var_run_t,
seluser => system_u,
}
} }

35
manifests/main/files.pp
View File

@@ -26,4 +26,39 @@ class cd_fail2ban::main::files (
require cd_fail2ban::main::dirs require cd_fail2ban::main::dirs
if $fn_manage_config == true {
# manage fail2ban.conf
file { $fn_fail2ban_conf_file:
ensure => present,
path => $fn_fail2ban_conf_file,
owner => 'root',
group => 'root',
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($fn_fail2ban_conf_erb),
notify => Service[$fn_service],
}
# manage fail2ban.local
file { $fn_fail2ban_local_file:
ensure => present,
path => $fn_fail2ban_local_file,
owner => 'root',
group => 'root',
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($fn_fail2ban_conf_erb),
notify => Service[$fn_service],
}
}
} }

3
manifests/main/service.pp
View File

@@ -27,9 +27,10 @@ class cd_fail2ban::main::service (
require cd_fail2ban::main::files require cd_fail2ban::main::files
service { $fn_service: service { $fn_service:
ensure => running, ensure => $fn_enable_service,
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
enable => true, enable => true,
} }
} }

38
manifests/params.pp
View File

@@ -23,12 +23,42 @@
# @param [string] pkg_ensure # @param [string] pkg_ensure
# which [package type](https://confdroid.com/2017/05/puppet-type-package/) # which [package type](https://confdroid.com/2017/05/puppet-type-package/)
# to choose, i.e. `latest` or `present`. # to choose, i.e. `latest` or `present`.
# @param [boolean] fn_manage_config Whether to manage the fail2ban
# configuration files. If set to false, fail2ban will be installed, but the
# configuration will not be managed.
# @param [string] fn_enable_service Whether to enable/start or disable/stop
# the fail2ban service. Valid options are `running` or `stopped`.
# @param [string] fn_loglevel Set the log level output. Valid options are
# `CRITICAL`,`ERROR`,`WARNING`,`NOTICE`,`INFO` and `DEBUG`.
# @param [string] fn_logtarget Set the log target. This could be a file,
# SYSLOG, STDERR or STDOUT. Only one log target can be specified.
# @param [string] fn_syslogsocket Set the syslog socket file. Only used when
# logtarget is SYSLOG. auto uses platform.system() to determine predefined
# paths Valid options: [ auto | FILE ].
# @param [string] fn_socket Set the socket file to communicate with the daemon.
# @param [string] fn_pidfile Set the PID file to store the process ID of the
# fail2ban server.
# @param [string] fn_dbfile file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# @param [string] fn_dbpurgeage age in seconds at which bans should be purged
# from the database.
############################################################################## ##############################################################################
class cd_fail2ban::params ( class cd_fail2ban::params (
$pkg_ensure = 'latest', $pkg_ensure = 'latest',
$fn_enable_fail2ban = true, $fn_manage_config = true,
$fn_enable_service = 'running',
$fn_loglevel = 'INFO',
$fn_logtarget = 'SYSLOG',
$fn_syslogsocket = 'auto',
$fn_socket = '/var/run/fail2ban/fail2ban.sock',
$fn_pidfile = '/var/run/fail2ban/fail2ban.pid',
$fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3',
$fn_dbpurgeage = '86400',
) { ) {
@@ -51,9 +81,13 @@ $fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d"
$fn_filter_d_dir = "${fn_main_dir}/filter.d" $fn_filter_d_dir = "${fn_main_dir}/filter.d"
$fn_jail_d_dir = "${fn_main_dir}/jail.d" $fn_jail_d_dir = "${fn_main_dir}/jail.d"
$fn_var_lib_dir = '/var/lib/fail2ban' $fn_var_lib_dir = '/var/lib/fail2ban'
$fn_var_run_dir = '/var/run/fail2ban'
# files # files
$fn_fail2ban_conf_file = "${fn_main_dir}fail2ban.conf"
$fn_fail2ban_conf_erb = 'cd_fail2ban/fail2ban_conf.erb'
$fn_fail2ban_local_file = "${fn_main_dir}fail2ban.local"
$fn_fail2ban_local_erb = 'cd_fail2ban/fail2ban_local.erb'
# includes must be last # includes must be last

77
templates/fail2ban_conf.erb Normal file
View File

@@ -0,0 +1,77 @@
################################################################################
########## fail2ban.conf managed by Puppet ##########
########## manual changes will be overwritten !!! ##########
################################################################################
########## full reference available under ##########
########## https://confdroid.com/2017/08/fail2ban-fail2ban-conf/ ##########
################################################################################
# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = INFO
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# If you change logtarget from the default value and you are
# using logrotate -- also adjust or disable rotation in the
# corresponding configuration file
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
#
logtarget = /var/log/fail2ban.log
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
# auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ] Default: auto
syslogsocket = auto
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400

16
templates/fail2ban_local.erb Normal file
View File

@@ -0,0 +1,16 @@
################################################################################
########## fail2ban.local managed by Puppet ##########
########## manual changes will be overwritten !!! ##########
################################################################################
########## full reference available under ##########
########## https://confdroid.com/2017/08/fail2ban-fail2ban-conf/ ##########
################################################################################
[Definition]
loglevel = <%= @fn_loglevel %>
logtarget = <%= @fn_logtarget %>
syslogsocket = <%= @fn_syslogsocket %>
socket = <%= @fn_socket %>
pidfile = <%= @fn_pidfile %>
dbfile = <%= @fn_dbfile %>
dbpurgeage = <%= @fn_dbpurgeage %>