dinislage/puppet-fail2ban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
899de1a536188de4fd013e84d8862b4f5112711f
puppet-fail2ban/manifests/jail.pp
Javier Bértoli 899de1a536 Remove concat's deprecated setup call
2013-10-27 08:53:22 -03:00

133 lines
3.4 KiB
Puppet
Raw Blame History

# Define: fail2ban::jail
#
# Adds a custom fail2ban jail
# Supported arguments:
# $jailname - The name you want to give the jail.
# If not set, defaults to == $title
# $order - The order in the jail.local file.
# Default 50. Generally you don't need to change it
# $status - enabled / disabled. If disabled, the rule _IS ADDED_ to the
# jail.local file but it will not be active. Compare with the
# next one.
# Defaults to enabled
# $enable - true / false. If false, the rule _IS NOT ADDED_ to the
# jail.local file
# Defaults to true
# $filter - The filter rule to use.
# If empty, defaults to == $jailname.
# $port - The port to filter. It can be an array of ports.
# $logpath - The log file to monitor
# $maxretry - How many fails are acceptable
# $action - The action to take when fail2ban finds $maxretry $filter-matching
# records in $logpath
# $bantime - How much time to apply the ban, in seconds
# $findtime - The counter is set to zero if no match is found within "findtime"
# seconds.
define fail2ban::jail (
$jailname = '',
$order = '',
$status = '',
$filter = '',
$port = '',
$action = '',
$logpath = '',
$maxretry = '',
$bantime = '',
$findtime = '',
$enable = true ) {
include fail2ban
$real_jailname = $jailname ? {
'' => $title,
default => $jailname,
}
# If (concat) order is not defined we find out the right one
$real_order = $order ? {
'' => '50',
default => $order,
}
$real_status = $status ? {
/(?i:disabled)/ => false,
default => true,
}
# If we don't specify a filter, we take as a default the
# jailname as filtername
$real_filter = $filter ? {
'' => $real_jailname,
default => $filter,
}
$array_port = is_array($port) ? {
false => $port ? {
'' => [],
default => [$port],
},
default => $port,
}
$array_action = is_array($action) ? {
false => $action ? {
'' => [],
default => [$action],
},
default => $action,
}
$real_logpath = $logpath ? {
'' => '',
default => $logpath,
}
$real_maxretry = $maxretry ? {
'' => '',
default => $maxretry,
}
$real_bantime = $bantime ? {
'' => '',
default => $bantime,
}
$ensure = bool2ensure($enable)
if ! defined(Concat[$fail2ban::jails_file]) {
concat { $fail2ban::jails_file:
mode => $fail2ban::jails_file_mode,
warn => true,
owner => $fail2ban::jails_file_owner,
group => $fail2ban::jails_file_group,
notify => Service['fail2ban'],
require => Package[$fail2ban::package],
}
concat::fragment{ 'fail2ban_jails_header':
target => $fail2ban::jails_file,
content => template($fail2ban::jails_template_header),
order => 01,
notify => Service['fail2ban'],
}
# The jail.local footer
concat::fragment{ 'fail2ban_jails_footer':
target => $fail2ban::jails_file,
content => template($fail2ban::jails_template_footer),
order => 99,
notify => Service['fail2ban'],
}
}
concat::fragment{ "fail2ban_jail_${name}":
ensure => $ensure,
target => $fail2ban::jails_file,
content => template('fail2ban/concat/jail.local-stanza.erb'),
order => $real_order,
notify => Service['fail2ban'],
}
}
Reference in New Issue View Git Blame Copy Permalink