From 183e8370638595be6760c748eefb8c60d0d6ee86 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Thu, 12 Mar 2026 14:17:23 +0100 Subject: [PATCH] Recommit for updates in build 222 --- ...onfdroid_nagios_3A_3Amain_3A_3Aconfig.html | 10 +- ..._nagios_3A_3Amonitoring_3A_3Afail2ban.html | 64 +++++- .../confdroid_nagios_3A_3Aparams.html | 197 +++++++++++++++--- 3 files changed, 236 insertions(+), 35 deletions(-) diff --git a/doc/puppet_classes/confdroid_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/confdroid_nagios_3A_3Amain_3A_3Aconfig.html index 3d2bc44..450d728 100644 --- a/doc/puppet_classes/confdroid_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/confdroid_nagios_3A_3Amain_3A_3Aconfig.html @@ -111,7 +111,11 @@ 13 14 15 -16 +16 +17 +18 +19 +20 
# File 'manifests/main/config.pp', line 6
@@ -126,6 +130,10 @@ class confdroid_nagios::main::config (
   if $ng_enable_target == true {
     include confdroid_nagios::client::target
   }
+
+  if $ng_enable_fail2ban == true {
+    include confdroid_nagios::monitoring::fail2ban
+  }
 }
diff --git a/doc/puppet_classes/confdroid_nagios_3A_3Amonitoring_3A_3Afail2ban.html b/doc/puppet_classes/confdroid_nagios_3A_3Amonitoring_3A_3Afail2ban.html index b03e91a..6dcfcb2 100644 --- a/doc/puppet_classes/confdroid_nagios_3A_3Amonitoring_3A_3Afail2ban.html +++ b/doc/puppet_classes/confdroid_nagios_3A_3Amonitoring_3A_3Afail2ban.html @@ -105,7 +105,38 @@ 7 8 9 -10 +10 +11 +12 +13 +14 +15 +16 +17 +18 +19 +20 +21 +22 +23 +24 +25 +26 +27 +28 +29 +30 +31 +32 +33 +34 +35 +36 +37 +38 +39 +40 +41 
# File 'manifests/monitoring/fail2ban.pp', line 6
@@ -114,6 +145,37 @@ class confdroid_nagios::monitoring::fail2ban (
 
 ) inherits confdroid_nagios::params {
   # we want to  create a nagios jail here
+  if ($ng_nagios_host == $fqdn)  and ($ng_enable_fail2ban == true) {
+    require confdroid_fail2ban
+
+    # create the jail file
+    file { $fn_jail_file:
+      ensure   => file,
+      user     => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template('confdroid_nagios/fail2ban/jail.conf.erb'),
+      notify   => Service['fail2ban'],
+    }
+
+    # create the filter rule
+    file { $fn_filter_file:
+      ensure   => file,
+      user     => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template('confdroid_nagios/fail2ban/filter.conf.erb'),
+      notify   => Service['fail2ban'],
+    }
+  }
 }
diff --git a/doc/puppet_classes/confdroid_nagios_3A_3Aparams.html b/doc/puppet_classes/confdroid_nagios_3A_3Aparams.html index 4f661d0..43f1c8f 100644 --- a/doc/puppet_classes/confdroid_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_nagios_3A_3Aparams.html @@ -3947,19 +3947,6 @@ inherited by all classes except defines.

The alias of the default service group. Default is ‘Linux Services’.

- - -
  • - - ng_use_ssl_auth - - - (String) - - - (defaults to: '0') - -
  • @@ -3973,6 +3960,132 @@ inherited by all classes except defines. (defaults to: false) + — +
    +

    Whether to enable fail2ban monitoring in Nagios. Default is false.

    +
    + +
    • + +
  • + + ng_jail_order + + + (String) + + + (defaults to: '10') + + + — +
    +

    The order number of jails in the jail.d directory. Default is ‘10’.

    +
    + +
    • + +
  • + + ng_jail_enable + + + (Boolean) + + + (defaults to: true) + + + — +
    +

    Whether to enable the monitoring of a specific jail in Nagios. Default is ‘true’.

    +
    + +
    • + +
  • + + ng_fail2ban_logpath + + + (String) + + + (defaults to: '/var/log/httpd/access.log') + + + — +
    +

    The path to the nagios access log to monitor. Default is ‘/var/log/httpd/access.log’.

    +
    + +
    • + +
  • + + ng_fail2ban_maxretry + + + (String) + + + (defaults to: '5') + + + — +
    +

    The maximum number of retries before a host is considered banned in fail2ban. Default is ‘5’.

    +
    + +
    • + +
  • + + ng_fail2ban_bantime + + + (String) + + + (defaults to: '3600') + + + — +
    +

    The time in seconds that a host is banned in fail2ban. Default is ‘3600’.

    +
    + +
    • + +
  • + + ng_fail2ban_ignoreip + + + (String) + + + (defaults to: '127.0.0.1/8 ::1 192.168.1.0/24') + + + — +
    +

    A comma-separated list of IP addresses to ignore in fail2ban. Default is ‘127.0.0.1/8 ::1 192.168.1.0/24’.

    +
    + +
    • + +
  • + + ng_use_ssl_auth + + + (String) + + + (defaults to: '0') + +
    • @@ -3986,20 +4099,6 @@ inherited by all classes except defines. 
     
 
-431
-432
-433
-434
-435
-436
-437
-438
-439
-440
-441
-442
-443
-444
 445
 446
 447
@@ -4321,10 +4420,33 @@ inherited by all classes except defines.
 763
 764
 765
-766
    +766 +767 +768 +769 +770 +771 +772 +773 +774 +775 +776 +777 +778 +779 +780 +781 +782 +783 +784 +785 +786 +787 +788 +789 - 
    # File 'manifests/params.pp', line 431
+        
    # File 'manifests/params.pp', line 445
 
 class confdroid_nagios::params (
 
@@ -4569,13 +4691,16 @@ class confdroid_nagios::params (
   Boolean $ng_enable_swap_check         = true,
 
 # fail2ban
-  Boolean $ng_enable_fail2ban          = false,
+  Boolean $ng_enable_fail2ban           = false,
+  String $ng_jail_order                 = '10',
+  Boolean $ng_jail_enable               = true,
   #String $ng_fail2ban_jail             = 'httpd',
-  #String $ng_fail2ban_log              = '/var/log/secure',
+  String $ng_fail2ban_logpath           = '/var/log/httpd/access.log',
   #String $ng_fail2ban_regex            = 'sshd.*Failed password for',
-  #String $ng_fail2ban_maxretry         = '5',
+  String $ng_fail2ban_maxretry          = '5',
   #String $ng_fail2ban_findtime         = '600',
-  #String $ng_fail2ban_bantime          = '3600',
+  String $ng_fail2ban_bantime           = '3600',
+  String $ng_fail2ban_ignoreip          = '127.0.0.1/8 ::1 192.168.1.0/24'
 
 ) {
 # Default facts
@@ -4659,6 +4784,12 @@ class confdroid_nagios::params (
   $ng_svc_perfdata_file       = "${ng_log_dir}/service-perfdata"
   $ng_debug_file              = "${ng_log_dir}/nagios.debug"
 
+# fail2ban
+  $fn_jail_path               = '/etc/fail2ban/jail.d'
+  $fn_jail_file               = "${fn_jail_path}/${ng_jail_order}-nagios.conf"
+  $fn_filter_path             = '/etc/fail2ban/filter.d'
+  $fn_filter_file             = "${fn_filter_path}/${ng_jail_order}-nagios.conf"
+
 # includes must be last
   include confdroid_nagios::main::config
 }