finalized jail.local

manifests/params.pp

@@ -105,46 +105,65 @@
 # @param  [string] fn_action_ ban only
 # @param  [string]  fn_action_mw ban & send an e-mail with whois report to the
 #   destemail.
+# @param  [string] fn_action_mwl ban & send an e-mail with whois report and
+#   relevant log lines
+# @param [string] fn_action_xarf ban & send a xarf e-mail to abuse contact of
+#   IP address and include relevant log lines.
+# @param  [string]  fn_action_cf_mwl ban IP on CloudFlare & send an e-mail with
+#   whois report and relevant log lines.
+# @param  [string] fn_action_blocklist_de Report block via blocklist.de fail2ban
+#   reporting service API
+#  @param  [string] Report ban via badips.com, and use as blacklist
+# @param  [string]  fn_action_badips_report # Report ban via badips.com
+#   (uses action.d/badips.conf for reporting only).
+# @param  [string]  fn_default_action Choose default action.
 ###############################################################################
 class cd_fail2ban::params (
 
-$pkg_ensure             = 'latest',
+$pkg_ensure                 = 'latest',
 
-$fn_manage_config       = true,
-$fn_enable_service      = 'running',
+$fn_manage_config           = true,
+$fn_enable_service          = 'running',
 
 # fail2ban.conf/local
 
-$fn_loglevel            = 'INFO',
-$fn_logtarget           = 'SYSLOG',
-$fn_syslogsocket        = 'auto',
-$fn_socket              = '/var/run/fail2ban/fail2ban.sock',
-$fn_pidfile             = '/var/run/fail2ban/fail2ban.pid',
-$fn_dbfile              = '/var/lib/fail2ban/fail2ban.sqlite3',
-$fn_dbpurgeage          = '86400',
+$fn_loglevel                = 'INFO',
+$fn_logtarget               = 'SYSLOG',
+$fn_syslogsocket            = 'auto',
+$fn_socket                  = '/var/run/fail2ban/fail2ban.sock',
+$fn_pidfile                 = '/var/run/fail2ban/fail2ban.pid',
+$fn_dbfile                  = '/var/lib/fail2ban/fail2ban.sqlite3',
+$fn_dbpurgeage              = '86400',
 
 # jail.conf/local
-$fn_ignoreip            = '127.0.0.1/8',
-$fn_ignorecommand       = '',
-$fn_bantime             = '600',
-$fn_findtime            = '600',
-$fn_maxretry            = '5',
-$fn_backend             = 'auto',
-$fn_usedns              = 'warn',
-$fn_logencoding         = 'auto',
-$fn_enabled             = 'false',
-$fn_filter              = '%(__name__)s',
-$fn_destemail           = 'root@localhost',
-$fn_sender              = 'root@localhost',
-$fn_mta                 = 'sendmail',
-$fn_protocol            = 'tcp',
-$fn_chain               = 'INPUT',
-$fn_port                = '0:65535',
-$fn_fail2ban_agent      = 'Fail2Ban/%(fail2ban_version)s',
-$fn_banaction           = 'iptables-multiport',
-$fn_banaction_allports  = 'iptables-allports',
-$fn_action_             = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]',
-$fn_action_mw           = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]',
+$fn_ignoreip                = '127.0.0.1/8',
+$fn_ignorecommand           = '',
+$fn_bantime                 = '600',
+$fn_findtime                = '600',
+$fn_maxretry                = '5',
+$fn_backend                 = 'auto',
+$fn_usedns                  = 'warn',
+$fn_logencoding             = 'auto',
+$fn_enabled                 = 'false',
+$fn_filter                  = '%(__name__)s',
+$fn_destemail               = 'root@localhost',
+$fn_sender                  = 'root@localhost',
+$fn_mta                     = 'sendmail',
+$fn_protocol                = 'tcp',
+$fn_chain                   = 'INPUT',
+$fn_port                    = '0:65535',
+$fn_fail2ban_agent          = 'Fail2Ban/%(fail2ban_version)s',
+$fn_banaction               = 'iptables-multiport',
+$fn_banaction_allports      = 'iptables-allports',
+$fn_action_                 = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]',
+$fn_action_mw               = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s,  sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]',
+$fn_action_mwl              = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
+$fn_action_xarf             = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]',
+$fn_action_cf_mwl           = 'cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
+$fn_action_blocklist_de     = 'blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]',
+$fn_action_badips           = 'badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]',
+$fn_action_badips_report    = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
+$fn_default_action          = 'action_',
 
 ) {