Puppet Class: fail2ban::config
- Defined in:
- manifests/config.pp
Overview
class fail2ban::config This class should not be included directly; use the main fail2ban class
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'manifests/config.pp', line 3
class fail2ban::config {
include ::fail2ban
# These are for fail2ban.local:
$log_level = $::fail2ban::log_level
$logtarget = $::fail2ban::logtarget
$syslogsocket = $::fail2ban::syslogsocket
$socket = $::fail2ban::socket
$pidfile = $::fail2ban::pidfile
$dbfile = $::fail2ban::dbfile
$dbpurgeage = $::fail2ban::dbpurgeage
# These are for jail.local:
$ignoreip = $::fail2ban::ignoreip
$bantime = $::fail2ban::bantime
$findtime = $::fail2ban::findtime
$maxretry = $::fail2ban::maxretry
$backend = $::fail2ban::backend
$usedns = $::fail2ban::usedns
$destemail = $::fail2ban::destemail
$email_sender = $::fail2ban::email_sender
$mta = $::fail2ban::mta
$protocol = $::fail2ban::protocol
$chain = $::fail2ban::chain
$banaction = $::fail2ban::banaction
$action = $::fail2ban::action
# These are internal to the module
$purge_jail_directory = $::fail2ban::purge_jail_directory
$root_group = $::fail2ban::root_group
file {'/etc/fail2ban/fail2ban.local':
ensure => file,
owner => 'root',
group => $root_group,
mode => '0400',
content => template("${module_name}/fail2ban.local.erb"),
}
# Wheezy doesn't seem to support the jail.d pattern, so we
# use jail.local concat::fragments
if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 1 {
if $purge_jail_directory {
notify {'wheezy_no_purge_jail':
message => 'purging the jail directory on Debian 7 or older is not supported',
}
}
concat { '/etc/fail2ban/jail.local':
owner => 'root',
group => $root_group,
mode => '0644',
}
concat::fragment { 'jail_header':
target => '/etc/fail2ban/jail.local',
content => template("${module_name}/jail.local.erb"),
order => 1,
}
}
# Not wheezy
else {
file { '/etc/fail2ban/jail.d':
ensure => directory,
recurse => true,
purge => $purge_jail_directory,
owner => 'root',
group => $root_group,
mode => '0700',
}
file { '/etc/fail2ban/jail.local':
ensure => file,
owner => 'root',
group => $root_group,
mode => '0400',
content => template("${module_name}/jail.local.erb"),
}
}
# Create the firewall chain
firewallchain {"${chain}:filter:IPv4":
purge => false,
}
firewall {'999 Return to INPUT':
chain => $chain,
jump => 'RETURN',
}
firewall {'000 Check fail2ban':
chain => 'INPUT',
jump => $chain,
}
}
|