diff --git a/.travis.yml b/.travis.yml index e888912..dae24e9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ rvm: - 1.8.7 - 1.9.3 - 2.0.0 -script: "bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake spec SPEC_OPTS='--format documentation' && bundle exec rake test" branches: only: master diff --git a/Rakefile b/Rakefile index e18c5cc..b3942b3 100644 --- a/Rakefile +++ b/Rakefile @@ -17,6 +17,7 @@ end PuppetLint.configuration.send("disable_80chars") PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}" PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.relative = true # Forsake support for Puppet 2.6.2 for the benefit of cleaner code. # http://puppet-lint.com/checks/class_parameter_defaults/ diff --git a/manifests/init.pp b/manifests/init.pp index fc7fdda..185274e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -422,18 +422,18 @@ class fail2ban ( ### Managed resources package { $fail2ban::package: - ensure => $fail2ban::manage_package, - noop => $fail2ban::noops, + ensure => $fail2ban::manage_package, + noop => $fail2ban::noops, } service { 'fail2ban': - ensure => $fail2ban::manage_service_ensure, - name => $fail2ban::service, - enable => $fail2ban::manage_service_enable, - hasstatus => $fail2ban::service_status, - pattern => $fail2ban::process, - require => Package[$fail2ban::package], - noop => $fail2ban::noops, + ensure => $fail2ban::manage_service_ensure, + name => $fail2ban::service, + enable => $fail2ban::manage_service_enable, + hasstatus => $fail2ban::service_status, + pattern => $fail2ban::process, + require => Package[$fail2ban::package], + noop => $fail2ban::noops, } if $fail2ban::manage_file_source diff --git a/manifests/jail.pp b/manifests/jail.pp index 9837817..1ceb529 100644 --- a/manifests/jail.pp +++ b/manifests/jail.pp @@ -17,6 +17,7 @@ # If empty, defaults to == $jailname. # $ignoreip - Don't ban a host which matches an address in this list. # $port - The port to filter. It can be an array of ports. +# $protocol - The protocol for this jail's action. # $logpath - The log file to monitor # $maxretry - How many fails are acceptable # $action - The action to take when fail2ban finds $maxretry $filter-matching @@ -32,6 +33,7 @@ define fail2ban::jail ( $filter = '', $ignoreip = '', $port = '', + $protocol = '', $action = '', $logpath = '', $maxretry = '', @@ -80,6 +82,11 @@ define fail2ban::jail ( default => $port, } + $real_protocol = $protocol ? { + '' => undef, + default => $protocol, + } + $array_action = is_array($action) ? { false => $action ? { '' => [], diff --git a/spec/defines/fail2ban_jail_spec.rb b/spec/defines/fail2ban_jail_spec.rb index 4824155..15e1def 100644 --- a/spec/defines/fail2ban_jail_spec.rb +++ b/spec/defines/fail2ban_jail_spec.rb @@ -37,6 +37,7 @@ filter = fail2ban::jail { :name => 'sample1', :port => ['42', '43'], + :protocol => 'udp', :logpath => '/path/to/somelog', :enable => true, :ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ], @@ -56,6 +57,7 @@ enabled = true filter = fail2ban::jail ignoreip = 10.3.2.0/24 192.168.56.0/24 port = 42,43 +protocol = udp action = iptables[name=SSH, port=ssh, protocol=tcp] mail-whois[name=SSH, dest=yourmail@mail.com] logpath = /path/to/somelog diff --git a/templates/concat/jail.local-stanza.erb b/templates/concat/jail.local-stanza.erb index 2849cc5..eda4b21 100644 --- a/templates/concat/jail.local-stanza.erb +++ b/templates/concat/jail.local-stanza.erb @@ -10,6 +10,9 @@ ignoreip = <%= @array_ignoreip * ' ' %> <% if @array_port != [] -%> port = <%= @array_port * ',' %> <% end -%> +<% if @real_protocol -%> +protocol = <%= @real_protocol %> +<% end -%> <% if @array_action != [] -%> action = <%= @array_action.join("\n\t") %> <% end -%>