confdroid/confdroid_fail2ban
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
master
confdroid_fail2ban/doc/puppet_classes/confdroid_fail2ban_3A_3Aparams.html
Jenkins Server fe0d5707d9 Recommit for updates in build 13
2026-03-12 12:34:19 +01:00

1109 lines
30 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Puppet Class: confdroid_fail2ban::params
&mdash; Documentation by YARD 0.9.36
</title>
<link rel="stylesheet" href="../css/style.css" type="text/css" />
<link rel="stylesheet" href="../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "puppet_classes::confdroid_fail2ban::params";
relpath = '../';
</script>
<script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../puppet_class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../_index.html">Index (c)</a> &raquo;
<span class='title'><span class='object_link'>Puppet Classes</span></span>
&raquo;
<span class="title">confdroid_fail2ban::params</span>
</div>
<div id="search">
<a class="full_list_link" id="puppet_class_list_link"
href="../puppet_class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Puppet Class: confdroid_fail2ban::params</h1>
<div class="box_info">
<dl>
<dt>Inherited by:</dt>
<dd>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amain_3A_3Adirs.html" title="puppet_classes::confdroid_fail2ban::main::dirs (puppet_class)">confdroid_fail2ban::main::dirs</a></span><br/>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amain_3A_3Afiles.html" title="puppet_classes::confdroid_fail2ban::main::files (puppet_class)">confdroid_fail2ban::main::files</a></span><br/>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amain_3A_3Aconfig.html" title="puppet_classes::confdroid_fail2ban::main::config (puppet_class)">confdroid_fail2ban::main::config</a></span><br/>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amain_3A_3Ainstall.html" title="puppet_classes::confdroid_fail2ban::main::install (puppet_class)">confdroid_fail2ban::main::install</a></span><br/>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amain_3A_3Aservice.html" title="puppet_classes::confdroid_fail2ban::main::service (puppet_class)">confdroid_fail2ban::main::service</a></span><br/>
<span class='object_link'><a href="confdroid_fail2ban_3A_3Amonitoring_3A_3Atarget.html" title="puppet_classes::confdroid_fail2ban::monitoring::target (puppet_class)">confdroid_fail2ban::monitoring::target</a></span><br/>
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>
manifests/params.pp
</dd>
</dl>
</div>
<h2>Summary</h2>
Class holds all parameters for the confdroid_fail2ban module
<h2>Overview</h2>
<div class="docstring">
<div class="discussion">
<p>confdroid_fail2ban::params.pp Module name: confdroid_fail2ban Author: 12ww1160 (12ww1160@confdroid.com) <code>CRITICAL</code>,<code>ERROR</code>,<code>WARNING</code>,<code>NOTICE</code>,<code>INFO</code> and <code>DEBUG</code>.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>fn_pkg_ensure</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;present&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>which <a href="https://confdroid.com/2017/05/puppet-type-package/">package type</a> to choose, i.e. <code>latest</code> or <code>present</code>.</p>
</div>
</li>
<li>
<span class='name'>fn_reqpackages</span>
<span class='type'>(<tt>Array</tt>)</span>
<em class="default">(defaults to: <tt>[&#39;fail2ban&#39;,&#39;fail2ban-firewalld&#39;,
&#39;fail2ban-sendmail&#39;,&#39;fail2ban-server.noarch&#39;,&#39;whois&#39;]</tt>)</em>
&mdash;
<div class='inline'>
<p>the packages to install.</p>
</div>
</li>
<li>
<span class='name'>fn_manage_config</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to manage the fail2ban configuration files. If set to false, fail2ban will be installed, but the configuration will not be managed.</p>
</div>
</li>
<li>
<span class='name'>fn_enable_service</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;running&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to enable/start or disable/stop the fail2ban service. Valid options are <code>running</code> or <code>stopped</code>.</p>
</div>
</li>
<li>
<span class='name'>fn_loglevel</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;INFO&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the log level output. Valid options are</p>
</div>
</li>
<li>
<span class='name'>fn_logtarget</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;SYSLOG&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. Only one log target can be specified.</p>
</div>
</li>
<li>
<span class='name'>fn_syslogsocket</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the syslog socket file. Only used when logtarget is SYSLOG. auto uses platform.system() to determine predefined paths Valid options: [ auto | FILE ].</p>
</div>
</li>
<li>
<span class='name'>fn_socket</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/run/fail2ban/fail2ban.sock&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the socket file to communicate with the daemon.</p>
</div>
</li>
<li>
<span class='name'>fn_pidfile</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/run/fail2ban/fail2ban.pid&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Set the PID file to store the process ID of the fail2ban server.</p>
</div>
</li>
<li>
<span class='name'>fn_dbfile</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/var/lib/fail2ban/fail2ban.sqlite3&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>file for the fail2ban persistent data to be stored. A value of “:memory:” means database is only stored in memory and data is lost when fail2ban is stopped. A value of “None” disables the database.</p>
</div>
</li>
<li>
<span class='name'>fn_dbpurgeage</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;86400&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>age in seconds at which bans should be purged from the database.</p>
</div>
</li>
<li>
<span class='name'>fn_ignoreip</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;127.0.0.1/8&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>can be an IP address, a CIDR mask or a DNS host. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using space (and/or comma) separator.</p>
</div>
</li>
<li>
<span class='name'>fn_ignorecommand</span>
<span class='type'>(<tt>Optional[String]</tt>)</span>
<em class="default">(defaults to: <tt>undef</tt>)</em>
&mdash;
<div class='inline'>
<p>External command that will take an tagged arguments to ignore, e.g. &lt;ip&gt;,and return true if the IP is to be ignored. False otherwise.</p>
</div>
</li>
<li>
<span class='name'>fn_bantime</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;600&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>number of seconds that a host is banned.</p>
</div>
</li>
<li>
<span class='name'>fn_findtime</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;600&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>A host is banned if it has generated “maxretry” during the last “findtime” seconds.</p>
</div>
</li>
<li>
<span class='name'>fn_maxretry</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;5&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>number of failures before a host get banned.</p>
</div>
</li>
<li>
<span class='name'>fn_backend</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>specifies the backend used to get files modification. options are “pyinotify”, “gamin”, “polling”, “systemd” and “auto”. pyinotify: requires pyinotify (a file alteration monitor) to be installed. If pyinotify is not installed, Fail2ban will use auto. gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin is not installed, Fail2ban will use auto. polling: uses a polling algorithm which does not require external libraries. systemd: uses systemd python library to access the systemd journal. Specifying “logpath” is not valid for this backend. See “journalmatch” in the jails associated filter config auto: will try to use the following backends, in order: pyinotify, gamin, polling.</p>
</div>
</li>
<li>
<span class='name'>fn_usedns</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;warn&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>specifies if jails should trust hostnames in logs, warn when DNS lookups are performed, or ignore all hostnames in logs yes: if a hostname is encountered, a DNS lookup will be performed. warn: if a hostname is encountered, a DNS lookup will be performed, but it will be logged as a warning. no: if a hostname is encountered, will not be used for banning, but it will be logged as info. raw: use raw value (no hostname), allow use it for no-host filters/actions (example user)</p>
</div>
</li>
<li>
<span class='name'>fn_logencoding</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;auto&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>specifies the encoding of the log files handled by the jail This is used to decode the lines from the log file. Typical examples: “ascii”, “utf-8” auto: will use the system locale setting</p>
</div>
</li>
<li>
<span class='name'>fn_enabled</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>enables the jails. By default all jails are disabled, and it should stay this way. Enable only relevant to your setup jails in your .local or jail.d/*.conf true: jail will be enabled and log files will get monitored for changes false: jail is not enabled</p>
</div>
</li>
<li>
<span class='name'>fn_filter</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;%(__name__)s&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>defines the filter to use by the jail. By default jails have names matching their filter name</p>
</div>
</li>
<li>
<span class='name'>fn_destemail</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;root@localhost&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Destination email address used solely for the interpolations in jail.confconf.localconf.local.d/* configuration files.</p>
</div>
</li>
<li>
<span class='name'>fn_mta</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;sendmail&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the mailing. Change mta configuration parameter to mail if you want to revert to conventional mail.</p>
</div>
</li>
<li>
<span class='name'>fn_protocol</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;tcp&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Default protocol.</p>
</div>
</li>
<li>
<span class='name'>fn_chain</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;INPUT&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Specify chain where jumps would need to be added in iptables-* actions.</p>
</div>
</li>
<li>
<span class='name'>fn_port</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;0:65535&#39;</tt>)</em>
&mdash;
<div class='inline'>
<h1 id="label-Ports+to+be+banned+Usually+should+be+overridden">Ports to be banned Usually should be overridden</h1>
<p>in a particular jail</p>
</div>
</li>
<li>
<span class='name'>fn_fail2ban_agent</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;Fail2Ban/%(fail2ban_version)s&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Format of user-agent <a href="https://tools.ietf.org/html/rfc7231#section-5.5.3">tools.ietf.org/html/rfc7231#section-5.5.3</a></p>
</div>
</li>
<li>
<span class='name'>fn_banaction</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;iptables-multiport&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Default banning action</p>
</div>
</li>
<li>
<span class='name'>fn_banaction_allports</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;iptables-allports&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Default banning action</p>
</div>
</li>
<li>
<span class='name'>fn_action_</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ban only</p>
</div>
</li>
<li>
<span class='name'>fn_action_mw</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
%(mta)s-whois[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ban &amp; send an e-mail with whois report to the destemail.</p>
</div>
</li>
<li>
<span class='name'>fn_action_mwl</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
%(mta)s-whois-lines[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, logpath=%(logpath)s, chain=&quot;%(chain)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ban &amp; send an e-mail with whois report and relevant log lines</p>
</div>
</li>
<li>
<span class='name'>fn_action_xarf</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
xarf-login-attack[service=%(__name__)s, sender=&quot;%(sender)s&quot;, logpath=%(logpath)s, port=&quot;%(port)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ban &amp; send a xarf e-mail to abuse contact of IP address and include relevant log lines.</p>
</div>
</li>
<li>
<span class='name'>fn_action_cf_mwl</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;cloudflare[cfuser=&quot;%(cfemail)s&quot;, cftoken=&quot;%(cfapikey)s&quot;]
%(mta)s-whois-lines[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, logpath=%(logpath)s, chain=&quot;%(chain)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ban IP on CloudFlare &amp; send an e-mail with whois report and relevant log lines.</p>
</div>
</li>
<li>
<span class='name'>fn_action_blocklist_de</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;blocklist_de[email=&quot;%(sender)s&quot;, service=%(filter)s, apikey=&quot;%(blocklist_de_apikey)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Report block via blocklist.de fail2ban reporting service API</p>
</div>
</li>
<li>
<span class='name'>fn_action_badips</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;badips.py[category=&quot;%(__name__)s&quot;, banaction=&quot;%(banaction)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>String to be be used in config files</p>
</div>
</li>
<li>
<span class='name'>fn_action_badips_report</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;badips[category=&quot;%(__name__)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;</tt>)</em>
&mdash;
<div class='inline'>
<h1 id="label-Report+ban+via+badips.com">Report ban via badips.com</h1>
<p>(uses action.d/badips.conf for reporting only).</p>
</div>
</li>
<li>
<span class='name'>fn_default_action</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;action_&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>Choose default action.</p>
</div>
</li>
<li>
<span class='name'>fn_jail_paths</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;fedora&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>the fail path. defaults to fedora.</p>
</div>
</li>
<li>
<span class='name'>fn_incl_target</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether to include monitoring targets for nagios. If set to true, monitoring targets will be included for the service.</p>
</div>
</li>
<li>
<span class='name'>fn_target_service</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;/etc/nagios/conf.d/fail2ban_service.cfg&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>The path to the nagios service configuration file to be created if fn_incl_target is set to true.</p>
</div>
</li>
<li>
<span class='name'>fn_target_contacts</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;nagiosadmin&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>The nagios contacts to be notified for the service if fn_incl_target is set to true.</p>
</div>
</li>
<li>
<span class='name'>fn_procs_allowed</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;1:1&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>The allowed number of fail2ban processes for the nagios check. Default is 1:1, which means exactly one process should be running.</p>
</div>
</li>
</ul>
</div><div class="method_details_list">
<table class="source_code">
<tr>
<td>
<pre class="lines">
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 113</span>
class confdroid_fail2ban::params (
# installation
String $fn_pkg_ensure = &#39;present&#39;,
Array $fn_reqpackages = [&#39;fail2ban&#39;,&#39;fail2ban-firewalld&#39;,
&#39;fail2ban-sendmail&#39;,&#39;fail2ban-server.noarch&#39;,&#39;whois&#39;],
Boolean $fn_manage_config = true,
String $fn_enable_service = &#39;running&#39;,
# fail2ban.conf/local
String $fn_loglevel = &#39;INFO&#39;,
String $fn_logtarget = &#39;SYSLOG&#39;,
String $fn_syslogsocket = &#39;auto&#39;,
String $fn_socket = &#39;/var/run/fail2ban/fail2ban.sock&#39;,
String $fn_pidfile = &#39;/var/run/fail2ban/fail2ban.pid&#39;,
String $fn_dbfile = &#39;/var/lib/fail2ban/fail2ban.sqlite3&#39;,
String $fn_dbpurgeage = &#39;86400&#39;,
# jail.conf/local
String $fn_ignoreip = &#39;127.0.0.1/8&#39;,
Optional[String] $fn_ignorecommand = undef,
String $fn_bantime = &#39;600&#39;,
String $fn_findtime = &#39;600&#39;,
String $fn_maxretry = &#39;5&#39;,
String $fn_backend = &#39;auto&#39;,
String $fn_usedns = &#39;warn&#39;,
String $fn_logencoding = &#39;auto&#39;,
Boolean $fn_enabled = false,
String $fn_filter = &#39;%(__name__)s&#39;,
String $fn_destemail = &#39;root@localhost&#39;,
String $fn_mta = &#39;sendmail&#39;,
String $fn_protocol = &#39;tcp&#39;,
String $fn_chain = &#39;INPUT&#39;,
String $fn_port = &#39;0:65535&#39;,
String $fn_fail2ban_agent = &#39;Fail2Ban/%(fail2ban_version)s&#39;,
String $fn_banaction = &#39;iptables-multiport&#39;,
String $fn_banaction_allports = &#39;iptables-allports&#39;,
String $fn_action_ = &#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]&#39;,
String $fn_action_mw = &#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
%(mta)s-whois[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]&#39;,
String $fn_action_mwl = &#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
%(mta)s-whois-lines[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, logpath=%(logpath)s, chain=&quot;%(chain)s&quot;]&#39;,
String $fn_action_xarf = &#39;%(banaction)s[name=%(__name__)s, bantime=&quot;%(bantime)s&quot;, port=&quot;%(port)s&quot;, protocol=&quot;%(protocol)s&quot;, chain=&quot;%(chain)s&quot;]
xarf-login-attack[service=%(__name__)s, sender=&quot;%(sender)s&quot;, logpath=%(logpath)s, port=&quot;%(port)s&quot;]&#39;,
String $fn_action_cf_mwl = &#39;cloudflare[cfuser=&quot;%(cfemail)s&quot;, cftoken=&quot;%(cfapikey)s&quot;]
%(mta)s-whois-lines[name=%(__name__)s, sender=&quot;%(sender)s&quot;, dest=&quot;%(destemail)s&quot;, logpath=%(logpath)s, chain=&quot;%(chain)s&quot;]&#39;,
String $fn_action_blocklist_de = &#39;blocklist_de[email=&quot;%(sender)s&quot;, service=%(filter)s, apikey=&quot;%(blocklist_de_apikey)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;,
String $fn_action_badips = &#39;badips.py[category=&quot;%(__name__)s&quot;, banaction=&quot;%(banaction)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;,
String $fn_action_badips_report = &#39;badips[category=&quot;%(__name__)s&quot;, agent=&quot;%(fail2ban_agent)s&quot;]&#39;,
String $fn_default_action = &#39;action_&#39;,
String $fn_jail_paths = &#39;fedora&#39;,
# nagios
Boolean $fn_incl_target = false,
String $fn_target_service = &#39;/etc/nagios/conf.d/fail2ban_service.cfg&#39;,
String $fn_target_contacts = &#39;nagiosadmin&#39;,
String $fn_procs_allowed = &#39;1:1&#39;,
) {
# shortcuts
$fqdn = $facts[&#39;networking&#39;][&#39;fqdn&#39;]
$fn_os = $facts[&#39;os&#39;]
$fn_sender = &quot;fail2ban@${fqdn}&quot;
# service
$fn_service = &#39;fail2ban&#39;
# directories
$fn_main_dir = &#39;/etc/fail2ban&#39;
$fn_action_d_dir = &quot;${fn_main_dir}/action.d&quot;
$fn_fail2ban_d_dir = &quot;${fn_main_dir}/fail2ban.d&quot;
$fn_filter_d_dir = &quot;${fn_main_dir}/filter.d&quot;
$fn_jail_d_dir = &quot;${fn_main_dir}/jail.d&quot;
$fn_var_lib_dir = &#39;/var/lib/fail2ban&#39;
$fn_var_run_dir = &#39;/var/run/fail2ban&#39;
# files
$fn_fail2ban_conf_file = &quot;${fn_main_dir}/fail2ban.conf&quot;
$fn_fail2ban_conf_erb = &#39;confdroid_fail2ban/fail2ban_conf.erb&#39;
$fn_fail2ban_local_file = &quot;${fn_main_dir}/fail2ban.local&quot;
$fn_fail2ban_local_erb = &#39;confdroid_fail2ban/fail2ban_local.erb&#39;
$fn_jail_conf_file = &quot;${fn_main_dir}/jail.conf&quot;
$fn_jail_conf_erb = &#39;confdroid_fail2ban/jail_conf.erb&#39;
$fn_jail_local_file = &quot;${fn_main_dir}/jail.local&quot;
$fn_jail_local_erb = &#39;confdroid_fail2ban/jail_local.erb&#39;
$fn_paths_common_file = &quot;${fn_main_dir}/paths-common.conf&quot;
$fn_paths_common_erb = &#39;confdroid_fail2ban/paths_common_conf.erb&#39;
# includes must be last
include confdroid_fail2ban::main::config
}</pre>
</td>
</tr>
</table>
</div>
</div>
<div id="footer">
Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>.
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink