Recommit for updates in build 222

doc/puppet_classes/confdroid_nagios_3A_3Amain_3A_3Aconfig.html

@@ -111,7 +111,11 @@
 13
 14
 15
-16</pre>
+16
+17
+18
+19
+20</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/config.pp', line 6</span>
@@ -126,6 +130,10 @@ class confdroid_nagios::main::config (
   if $ng_enable_target == true {
     include confdroid_nagios::client::target
   }
+
+  if $ng_enable_fail2ban == true {
+    include confdroid_nagios::monitoring::fail2ban
+  }
 }</pre>
       </td>
     </tr>

doc/puppet_classes/confdroid_nagios_3A_3Amonitoring_3A_3Afail2ban.html

@@ -105,7 +105,38 @@
 7
 8
 9
-10</pre>
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/monitoring/fail2ban.pp', line 6</span>
@@ -114,6 +145,37 @@ class confdroid_nagios::monitoring::fail2ban (
 
 ) inherits confdroid_nagios::params {
   # we want to  create a nagios jail here
+  if ($ng_nagios_host == $fqdn)  and ($ng_enable_fail2ban == true) {
+    require confdroid_fail2ban
+
+    # create the jail file
+    file { $fn_jail_file:
+      ensure   =&gt; file,
+      user     =&gt; &#39;root&#39;,
+      group    =&gt; &#39;root&#39;,
+      mode     =&gt; &#39;0644&#39;,
+      selrange =&gt; s0,
+      selrole  =&gt; object_r,
+      seltype  =&gt; etc_t,
+      seluser  =&gt; system_u,
+      content  =&gt; template(&#39;confdroid_nagios/fail2ban/jail.conf.erb&#39;),
+      notify   =&gt; Service[&#39;fail2ban&#39;],
+    }
+
+    # create the filter rule
+    file { $fn_filter_file:
+      ensure   =&gt; file,
+      user     =&gt; &#39;root&#39;,
+      group    =&gt; &#39;root&#39;,
+      mode     =&gt; &#39;0644&#39;,
+      selrange =&gt; s0,
+      selrole  =&gt; object_r,
+      seltype  =&gt; etc_t,
+      seluser  =&gt; system_u,
+      content  =&gt; template(&#39;confdroid_nagios/fail2ban/filter.conf.erb&#39;),
+      notify   =&gt; Service[&#39;fail2ban&#39;],
+    }
+  }
 }</pre>
       </td>
     </tr>

doc/puppet_classes/confdroid_nagios_3A_3Aparams.html

@@ -3947,19 +3947,6 @@ inherited by all classes except defines.
 <p>The alias of the default service group. Default is ‘Linux Services’.</p>
 </div>
       
-    </li>
-  
-    <li>
-      
-        <span class='name'>ng_use_ssl_auth</span>
-      
-      
-        <span class='type'>(<tt>String</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>&#39;0&#39;</tt>)</em>
-      
-      
     </li>
   
     <li>
@@ -3973,6 +3960,132 @@ inherited by all classes except defines.
         <em class="default">(defaults to: <tt>false</tt>)</em>
       
       
+        &mdash;
+        <div class='inline'>
+<p>Whether to enable fail2ban monitoring in Nagios. Default is false.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_jail_order</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;10&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>The order number of jails in the jail.d directory. Default is ‘10’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_jail_enable</span>
+      
+      
+        <span class='type'>(<tt>Boolean</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>true</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>Whether to enable the monitoring of a specific jail in Nagios. Default is ‘true’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_fail2ban_logpath</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;/var/log/httpd/access.log&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>The path to the nagios access log to monitor. Default is ‘/var/log/httpd/access.log’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_fail2ban_maxretry</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;5&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>The maximum number of retries before a host is considered banned in fail2ban. Default is ‘5’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_fail2ban_bantime</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;3600&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>The time in seconds that a host is banned in fail2ban. Default is ‘3600’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_fail2ban_ignoreip</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;127.0.0.1/8 ::1 192.168.1.0/24&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>A comma-separated list of IP addresses to ignore in fail2ban. Default is ‘127.0.0.1/8 ::1 192.168.1.0/24’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ng_use_ssl_auth</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;0&#39;</tt>)</em>
+      
+      
     </li>
   
 </ul>
@@ -3986,20 +4099,6 @@ inherited by all classes except defines.
         <pre class="lines">
 
 
-431
-432
-433
-434
-435
-436
-437
-438
-439
-440
-441
-442
-443
-444
 445
 446
 447
@@ -4321,10 +4420,33 @@ inherited by all classes except defines.
 763
 764
 765
-766</pre>
+766
+767
+768
+769
+770
+771
+772
+773
+774
+775
+776
+777
+778
+779
+780
+781
+782
+783
+784
+785
+786
+787
+788
+789</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 431</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 445</span>
 
 class confdroid_nagios::params (
 
@@ -4569,13 +4691,16 @@ class confdroid_nagios::params (
   Boolean $ng_enable_swap_check         = true,
 
 # fail2ban
-  Boolean $ng_enable_fail2ban          = false,
+  Boolean $ng_enable_fail2ban           = false,
+  String $ng_jail_order                 = &#39;10&#39;,
+  Boolean $ng_jail_enable               = true,
   #String $ng_fail2ban_jail             = &#39;httpd&#39;,
-  #String $ng_fail2ban_log              = &#39;/var/log/secure&#39;,
+  String $ng_fail2ban_logpath           = &#39;/var/log/httpd/access.log&#39;,
   #String $ng_fail2ban_regex            = &#39;sshd.*Failed password for&#39;,
-  #String $ng_fail2ban_maxretry         = &#39;5&#39;,
+  String $ng_fail2ban_maxretry          = &#39;5&#39;,
   #String $ng_fail2ban_findtime         = &#39;600&#39;,
-  #String $ng_fail2ban_bantime          = &#39;3600&#39;,
+  String $ng_fail2ban_bantime           = &#39;3600&#39;,
+  String $ng_fail2ban_ignoreip          = &#39;127.0.0.1/8 ::1 192.168.1.0/24&#39;
 
 ) {
 # Default facts
@@ -4659,6 +4784,12 @@ class confdroid_nagios::params (
   $ng_svc_perfdata_file       = &quot;${ng_log_dir}/service-perfdata&quot;
   $ng_debug_file              = &quot;${ng_log_dir}/nagios.debug&quot;
 
+# fail2ban
+  $fn_jail_path               = &#39;/etc/fail2ban/jail.d&#39;
+  $fn_jail_file               = &quot;${fn_jail_path}/${ng_jail_order}-nagios.conf&quot;
+  $fn_filter_path             = &#39;/etc/fail2ban/filter.d&#39;
+  $fn_filter_file             = &quot;${fn_filter_path}/${ng_jail_order}-nagios.conf&quot;
+
 # includes must be last
   include confdroid_nagios::main::config
 }</pre>