puppet-fail2ban/templates/jail.local.erb

# This file is managed by Puppet. DO NOT EDIT.
[DEFAULT]
ignoreip = <%= scope.lookupvar('fail2ban::ignoreip') %>
bantime  = <%= scope.lookupvar('fail2ban::bantime') %>
findtime = <%= scope.lookupvar('fail2ban::findtime') %>
maxretry = <%= scope.lookupvar('fail2ban::maxretry') %>
backend  = <%= scope.lookupvar('fail2ban::backend') %>

[imap-iptables]
enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "imap" %>
filter   = dovecot
action   = iptables[name=IMAP, port=imap, protocol=tcp]
<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
           sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
<% end -%>
logpath  = /var/log/maillog
maxretry = 5

[pop3-iptables]
enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "pop3" %>
filter   = mail
action   = iptables[name=POP3, port=pop3, protocol=tcp]
<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
           sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
<% end -%>
logpath  = /var/log/maillog
maxretry = 5

[ssh-iptables]
enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "ssh" %>
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
           sendmail-whois[name=SSH, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
<% end -%>
<% if @operatingsystem == "Debian" -%>
logpath  = /var/log/auth.log
<% else -%>
logpath  = /var/log/secure
<% end -%>
maxretry = 5

[vsftpd-iptables]
enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "vsftpd" %>
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
           sendmail-whois[name=VSFTPD, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
<% end -%>
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800