101 lines
2.6 KiB
Ruby
101 lines
2.6 KiB
Ruby
require File.join(File.dirname(__FILE__), '..', 'spec_helper.rb')
|
|
|
|
describe 'fail2ban::jail' do
|
|
|
|
let(:title) { 'fail2ban::jail' }
|
|
let(:node) { 'rspec.example42.com' }
|
|
let(:facts) do
|
|
{
|
|
:ipaddress => '10.42.42.42',
|
|
:jails_file => '/etc/fail2ban/jail.local',
|
|
:concat_basedir => '/var/lib/puppet/concat'
|
|
}
|
|
end
|
|
|
|
describe 'Test jail.local is created with no options' do
|
|
let(:params) do
|
|
{
|
|
:name => 'sample1',
|
|
}
|
|
end
|
|
let(:expected) do
|
|
"##################
|
|
[fail2ban::jail]
|
|
enabled = true
|
|
filter = fail2ban::jail
|
|
|
|
"
|
|
end
|
|
|
|
it 'should create a named jail, enabled and with a filter of the same name' do
|
|
should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected)
|
|
end
|
|
end
|
|
|
|
describe 'Test jail.local is created with all options' do
|
|
let(:params) do
|
|
{
|
|
:name => 'sample1',
|
|
:port => ['42', '43'],
|
|
:logpath => '/path/to/somelog',
|
|
:enable => true,
|
|
:ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
|
|
:findtime => '9000',
|
|
:maxretry => '5',
|
|
:bantime => '3600',
|
|
:action => [
|
|
'iptables[name=SSH, port=ssh, protocol=tcp]',
|
|
'mail-whois[name=SSH, dest=yourmail@mail.com]',
|
|
],
|
|
}
|
|
end
|
|
let(:expected) do
|
|
"##################
|
|
[fail2ban::jail]
|
|
enabled = true
|
|
filter = fail2ban::jail
|
|
ignoreip = 10.3.2.0/24 192.168.56.0/24
|
|
port = 42,43
|
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
mail-whois[name=SSH, dest=yourmail@mail.com]
|
|
logpath = /path/to/somelog
|
|
maxretry = 5
|
|
bantime = 3600
|
|
findtime = 9000
|
|
|
|
"
|
|
end
|
|
|
|
it 'should create a customized jail, with own actions parsing a single log file' do
|
|
should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected)
|
|
end
|
|
end
|
|
describe 'Test jail.local is created with multiple logpaths' do
|
|
let(:params) do
|
|
{
|
|
:name => 'title_sample2',
|
|
:jailname => 'sample2',
|
|
:port => '44',
|
|
:logpath => [ '/path/to/somelog_1', '/path/to/somelog_2' ],
|
|
:bantime => '3003',
|
|
}
|
|
end
|
|
let(:expected) do
|
|
"##################
|
|
[sample2]
|
|
enabled = true
|
|
filter = sample2
|
|
port = 44
|
|
logpath = /path/to/somelog_1
|
|
/path/to/somelog_2
|
|
bantime = 3003
|
|
|
|
"
|
|
end
|
|
|
|
it 'should create a customized jail, with own actions parsing a single log file' do
|
|
should contain_concat__fragment('fail2ban_jail_title_sample2').with_target('/etc/fail2ban/jail.local').with_content(expected)
|
|
end
|
|
end
|
|
end
|