OP#490 add jail

templates/fail2ban/filter.conf.erb

@@ -0,0 +1,8 @@
+###############################################################################
+##########    parameterized nagios filter created by Puppet          ##########
+##########      manual changes will be overwritten !!!               ##########
+###############################################################################
+
+[Definition]
+failregex = ^<HOST> - \S+ \[\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2} [+-]\d{4}\] "(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \S+ HTTP/\d\.\d" 401
+ignoreregex =

templates/fail2ban/jail.conf.erb

@@ -0,0 +1,13 @@
+###############################################################################
+##########    parameterized nagios jail created by Puppet            ##########
+##########      manual changes will be overwritten !!!               ##########
+###############################################################################
+
+[nagios-auth]
+enabled = <%= @ng_jail_enable %>
+port = http,https
+filter = nagios-auth
+logpath = <%= @ng_fail2ban_logpath %>
+maxretry = <%= @ng_fail2ban_maxretry %>
+bantime = <%= @ng_fail2ban_bantime %>
+ignoreip = <%= @ng_fail2ban_ignoreip %>

templates/httpd/forward_conf.erb

@@ -1,96 +0,0 @@
-<VirtualHost *:<%= @ng_http_port %>>
-    ServerAdmin root@localhost
-    DocumentRoot /var/www/html
-    ServerName www.<%= @ng_webserver_name %>/nagios
-    ServerAlias <%= @ng_webserver_name %>
-<% if @ng_use_https == true -%>
-    Redirect permanent / https://<%= @ng_webserver_name %>/
-<% end -%>
-<% if @ng_use_https != true -%>
-
-ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
-
-<Directory "/usr/lib64/nagios/cgi-bin/">
-<% if @ng_use_https == true -%>
-   SSLRequireSSL
-<% else -%>
-#  SSLRequireSSL
-<% end -%>
-   Options ExecCGI
-   AllowOverride None
-   <IfVersion >= 2.3>
-      <RequireAll>
-         Require all granted
-<% unless @ng_required_hosts.empty? -%>
-    Require host <%= @ng_required_hosts %>
-<% end -%>
-<% unless @ng_required_ips.empty? -%>
-         Require ip <%= @ng_required_ips %>
-<% end -%>
-         AuthName "Nagios Access"
-         AuthType Basic
-         AuthUserFile /etc/nagios/passwd
-         Require valid-user
-      </RequireAll>
-   </IfVersion>
-   <IfVersion < 2.3>
-      Order allow,deny
-<% unless @ng_required_hosts.empty? -%>
-      Allow from <%= @ng_required_hosts %>
-<% end -%>
-<% unless @ng_required_ips.empty? -%>
-         Allow from <%= @ng_required_ips %>
-<% end -%>
-      AuthName "Nagios Access"
-      AuthType Basic
-      AuthUserFile /etc/nagios/passwd
-      Require valid-user
-   </IfVersion>
-</Directory>
-
-Alias /nagios "/usr/share/nagios/html"
-
-<Directory "/usr/share/nagios/html">
-<% if @ng_use_https == true -%>
-   SSLRequireSSL
-<% else -%>
-#  SSLRequireSSL
-<% end -%>
-   Options None
-   AllowOverride None
-   <IfVersion >= 2.3>
-      <RequireAll>
-         Require all granted
-<% unless @ng_required_hosts.empty? -%>
-    Require host <%= @ng_required_hosts %>
-<% end -%>
-<% unless @ng_required_ips.empty? -%>
-         Require ip <%= @ng_required_ips %>
-<% end -%>
-         AuthName "Nagios Access"
-         AuthType Basic
-         AuthUserFile /etc/nagios/passwd
-         Require valid-user
-      </RequireAll>
-   </IfVersion>
-   <IfVersion < 2.3>
-      Order allow,deny
-<% unless @ng_required_hosts.empty? -%>
-      Allow from <%= @ng_required_hosts %>
-<% end -%>
-<% unless @ng_required_ips.empty? -%>
-         Allow from <%= @ng_required_ips %>
-<% end -%>
-      AuthName "Nagios Access"
-      AuthType Basic
-      AuthUserFile /etc/nagios/passwd
-      Require valid-user
-   </IfVersion>
-</Directory>
-<% end -%>
-    <Directory />
-    AllowOverride All
-    </Directory>
-    ErrorLog /var/log/httpd/<%= @ng_webserver_name %>-error_log
-    CustomLog /var/log/httpd/<%= @ng_webserver_name %>-access_log common
-</VirtualHost>

templates/httpd/nagios_ssl_vhost.erb

@@ -1,126 +0,0 @@
-###############################################################################
-#####  virtual_host file created by puppet, changes will be overwritten  ######
-###############################################################################
-
-<VirtualHost *:<%= @ng_https_port %>>
-
-    ServerAdmin root@localhost
-    DocumentRoot /var/www/html
-    ServerName <%= @ng_webserver_name %>
-    ServerAlias <%= @ng_webserver_name %>
-    ErrorLog /var/log/httpd/nagios_ssl_error_log
-#    ErrorLog syslog:local1
-    TransferLog /var/log/httpd/nagios_ssl_transfer_log
-    LogLevel warn
-
-    SSLEngine on
-    SSLProtocol all -SSLv2 -SSLv3
-    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
-
-<% if @ng_enable_certbot == true -%>
-    SSLCertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
-    SSLCertificateKeyFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
-    SSLCACertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
-<% elsif @ng_enable_certbot != true -%>
-    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
-<% end -%>
-    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
-    SSLOptions +StdEnvVars
-    </Files>
-    <Directory "/var/www/cgi-bin">
-    SSLOptions +StdEnvVars
-    </Directory>
-
-ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
-
-<Directory "/usr/lib64/nagios/cgi-bin/">
-<% if @ng_use_https == true -%>
-   SSLRequireSSL
-<% else -%>
-#  SSLRequireSSL
-<% end -%>
-   Options ExecCGI
-   AllowOverride None
-   <IfVersion >= 2.3>
-      <RequireAll>
-         Require all granted
-<% unless @ng_required_hosts.empty? -%>
-    Require host <%= @ng_required_hosts %>
-<% end -%>
-<% unless @source_range.empty? -%>
-         Require ip <%= @source_range %>
-<% end -%>
-         AuthName "Nagios Access"
-         AuthType Basic
-         AuthUserFile /etc/nagios/passwd
-         Require valid-user
-      </RequireAll>
-   </IfVersion>
-   <IfVersion < 2.3>
-      Order allow,deny
-<% unless @ng_required_hosts.empty? -%>
-      Allow from <%= @ng_required_hosts %>
-<% end -%>
-<% unless @source_range.empty? -%>
-         Allow from <%= @source_range %>
-<% end -%>
-      AuthName "Nagios Access"
-      AuthType Basic
-      AuthUserFile /etc/nagios/passwd
-      Require valid-user
-   </IfVersion>
-</Directory>
-
-Alias /nagios "/usr/share/nagios/html"
-
-<Directory "/usr/share/nagios/html">
-<% if @ng_use_https == true -%>
-   SSLRequireSSL
-<% else -%>
-#  SSLRequireSSL
-<% end -%>
-   Options None
-   AllowOverride None
-   <IfVersion >= 2.3>
-      <RequireAll>
-         Require all granted
-<% unless @ng_required_hosts.empty? -%>
-    Require host <%= @ng_required_hosts %>
-<% end -%>
-<% unless @source_range.empty? -%>
-         Require ip <%= @source_range %>
-<% end -%>
-         AuthName "Nagios Access"
-         AuthType Basic
-         AuthUserFile /etc/nagios/passwd
-         Require valid-user
-      </RequireAll>
-   </IfVersion>
-   <IfVersion < 2.3>
-      Order allow,deny
-<% unless @ng_required_hosts.empty? -%>
-      Allow from <%= @ng_required_hosts %>
-<% end -%>
-<% unless @source_range.empty? -%>
-         Allow from <%= @source_range %>
-<% end -%>
-      AuthName "Nagios Access"
-      AuthType Basic
-      AuthUserFile /etc/nagios/passwd
-      Require valid-user
-   </IfVersion>
-</Directory>
-
-RedirectMatch ^/$ https://<%= @ng_webserver_name %>/nagios
-
-    SetEnvIf User-Agent ".*MSIE.*" \
-         nokeepalive ssl-unclean-shutdown \
-         downgrade-1.0 force-response-1.0
-
-
-     CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>