OP#490 add jail

2026-03-12 14:15:13 +01:00
parent eba740c4df
commit a3bab5f482
8 changed files with 83 additions and 226 deletions
--- a/manifests/monitoring/fail2ban.pp
+++ b/manifests/monitoring/fail2ban.pp
@@ -7,4 +7,35 @@ class confdroid_nagios::monitoring::fail2ban (

 ) inherits confdroid_nagios::params {
  # we want to  create a nagios jail here
+  if ($ng_nagios_host == $fqdn)  and ($ng_enable_fail2ban == true) {
+    require confdroid_fail2ban
+
+    # create the jail file
+    file { $fn_jail_file:
+      ensure   => file,
+      user     => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template('confdroid_nagios/fail2ban/jail.conf.erb'),
+      notify   => Service['fail2ban'],
+    }
+
+    # create the filter rule
+    file { $fn_filter_file:
+      ensure   => file,
+      user     => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template('confdroid_nagios/fail2ban/filter.conf.erb'),
+      notify   => Service['fail2ban'],
+    }
+  }
 }