Defined Type: fail2ban::filter

Defined in:
manifests/filter.pp

Overview

Configure a filter for fail2ban.

Creates a file /etc/fail2ban/filter.d/<name>.conf to configure the filter, which can subsequently be referenced by a jail's configuration.

Examples:

to define a filter

::fail2ban::filter{'myfilter':
   failregexes => ['^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \S*(, referer: \S+)?\s*$'],
   ensure => present,
   ignoreregexes => ['bogus_error', 'just_kidding'],
   includes_before => ['myincludefile.conf', 'otherincludefile.conf'],
   includes_after  => ['cleanupfile.conf'],
   additional_defs   => ['foo = 2718', 'entropy_seed = 2917384297'],
 }

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Whether to add or remove this filter.

  • failregexes (Array[String])

    An array of regexes to match against lines in the log file. Successful match indicates a potential break-in attempt.

  • ignoreregexes (Array[String]) (defaults to: [])

    An array of regexes to match against lines in the log file. Lines matching any of these regexes are ignored.

  • includes_before (Array[String]) (defaults to: [])

    An array of files to include prior to the main definition of this filter.

  • includes_after (Array[String]) (defaults to: [])

    An array of files to include after the main definition of this filter.

  • additional_defs (Array[String]) (defaults to: [])

    An array of additional definition lines to include in this filter's config file.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'manifests/filter.pp', line 21

define fail2ban::filter (
  Array[String] $failregexes,
  Enum['present', 'absent'] $ensure = 'present',
  Array[String] $ignoreregexes = [],
  Array[String] $includes_before = [],
  Array[String] $includes_after = [],
  Array[String] $additional_defs = []
  ) {

  include ::fail2ban::config

  file { "/etc/fail2ban/filter.d/${name}.conf":
    ensure  => $ensure,
    content => template("${module_name}/filter.erb"),
    owner   => 'root',
    group   => $::fail2ban::config::root_group,
    mode    => '0644',
    require => Class['::fail2ban::config'],
    notify  => Class['::fail2ban::service'],
  }

}