Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
- Puppet >= 6.0.0 < 8.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'treydock-fail2ban', '2.0.0'Learn more about managing modules with a PuppetfileDocumentation
puppet-module-fail2ban
Table of Contents
- Overview
- Usage - Configuration options
- Reference - Parameter and detailed reference to all options
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- TODO
- Additional Information
Overview
This module manages Fail2ban.
Usage
fail2ban
Install and configure fail2ban with SSH jail.
class { 'fail2ban':
jails => ['sshd'],
}
Configure fail2ban to not ban a local subnet
class { 'fail2ban':
jails => ['sshd'],
default_ignoreip => ['10.0.0.0/8'],
}
Reference
http://treydock.github.io/puppet-module-fail2ban/
Limitations
This module has been tested on:
- CentOS/RedHat 7 x86_64
- CentOS/RedHat 8 x86_64
Reference
Table of Contents
Classes
fail2ban: Manage fail2banfail2ban::config: Private class.fail2ban::install: Private class.fail2ban::service: Private class.
Defined types
fail2ban::jail: Manage jail configs
Resource types
fail2ban_config: Section/setting name to manage from fail2ban.localfail2ban_jail_config: Section/setting name to manage from jail.local
Classes
fail2ban
Manage fail2ban
Examples
Manage fail2ban and add sshd jail
class { 'fail2ban':
jails => ['sshd'],
}
Parameters
The following parameters are available in the fail2ban class:
ensurepackage_ensurepackage_namemanage_reposervice_nameservice_ensureservice_enableservice_hasstatusservice_hasrestartconfig_pathjail_config_pathdefault_ignoreipdefault_bantimedefault_findtimedefault_maxretrylogtargetjails
ensure
Data type: Enum['present', 'absent']
Determines presence of fail2ban.
Default value: 'present'
package_ensure
Data type: String
The ensure property of fail2ban package.
Default value: 'present'
package_name
Data type: String
The fail2ban package name.
Default value: 'fail2ban-server'
manage_repo
Data type: Boolean
Boolean that sets if fail2ban repo is managed. For EL systems this enables management of EPEL repo.
Default value: true
service_name
Data type: String
fail2ban service name.
Default value: 'fail2ban'
service_ensure
Data type: String
fail2ban service ensure property.
Default value: 'running'
service_enable
Data type: Boolean
fail2ban service enable property.
Default value: true
service_hasstatus
Data type: Boolean
fail2ban service hasstatus property.
Default value: true
service_hasrestart
Data type: Boolean
fail2ban service hasrestart property.
Default value: true
config_path
Data type: Stdlib::Absolutepath
Path to fail2ban.local.
Default value: '/etc/fail2ban/fail2ban.local'
jail_config_path
Data type: Stdlib::Absolutepath
Path to jail.local.
Default value: '/etc/fail2ban/jail.local'
default_ignoreip
Data type: Array[String]
Global ignoreip value.
Default value: ['127.0.0.1/8']
default_bantime
Data type: Integer
Global bantime value.
Default value: 600
default_findtime
Data type: Integer
Global findtime value.
Default value: 600
default_maxretry
Data type: Integer
Global maxretry value.
Default value: 5
logtarget
Data type: Variant[Enum['SYSLOG','STDOUT','STDERR'],Stdlib::Absolutepath]
Location of logtarget.
Default value: '/var/log/fail2ban.log'
jails
Data type: Optional[Variant[Array, Hash]]
Array or Hash of jails. Value is passed to fail2ban::jail defined type.
Default value: undef
fail2ban::config
Private class.
fail2ban::install
Private class.
fail2ban::service
Private class.
Defined types
fail2ban::jail
Manage jail configs
Examples
fail2ban::jail { 'sshd': ensure => 'present' }
Parameters
The following parameters are available in the fail2ban::jail defined type:
ensure
Data type: Enum['present', 'absent']
Sets if jail should be enabled or disabled
Default value: 'present'
Resource types
fail2ban_config
Section/setting name to manage from fail2ban.local
Properties
The following properties are available in the fail2ban_config type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
value
The value of the setting to be defined.
Parameters
The following parameters are available in the fail2ban_config type.
name
namevar
Section/setting name to manage from fail2ban.local
provider
The specific backend to use for this fail2ban_config resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
fail2ban_jail_config
Section/setting name to manage from jail.local
Properties
The following properties are available in the fail2ban_jail_config type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
value
The value of the setting to be defined.
Parameters
The following parameters are available in the fail2ban_jail_config type.
name
namevar
Section/setting name to manage from jail.local
provider
The specific backend to use for this fail2ban_jail_config resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v2.0.0 (2021-09-17)
Changed
Added
Fixed
v1.1.1 (2019-05-15)
Fixed
v1.1.0 (2019-05-13)
Added
- Use puppet strings #6 (treydock)
- Use PDK #5 (treydock)
- Use Hiera v5 module data #4 (treydock)
- Support Puppet 5 and 6 and update module dependency ranges #3 (treydock)
1.0.1 (2017-10-30)
Fixed
1.0.0 (2017-10-30)
Added
0.0.1 (2017-10-30)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 4.13.1 <6.0.0)
- puppetlabs/inifile (>= 1.0.0 <4.0.0)
- puppet/epel (>= 2.0.0 <4.0.0)
Copyright (C) 2017 Trey Dockendorf treydock@gmail.com
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.