114 lines
3.4 KiB
Puppet
114 lines
3.4 KiB
Puppet
# Define: fail2ban::filter
|
|
#
|
|
# Adds a custom fail2ban filter
|
|
# Documentation: Manpages & http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
|
|
#
|
|
# Supported arguments:
|
|
# $filtername - The name you want to give the filter.
|
|
# If not set, defaults to == $title
|
|
# filter local file is named after this value, like
|
|
# $name.local. The suffix "local" is automatically added.
|
|
#
|
|
# $filterenable - true / false. If false, the rule _IS NOT ADDED_ to the
|
|
# filter.local file
|
|
# Defaults to true
|
|
#
|
|
# $filtersource - Sets the content of source parameter for the new filter
|
|
# It's mutually exclusive with $template.
|
|
#
|
|
# $filtertemplate - Template to use when defining a new filter
|
|
# It's mutually exclusive with $source.
|
|
#
|
|
# $filterfailregex - command(s) executed when the jail failregexs.
|
|
# Can be an array
|
|
# Used only with $template
|
|
#
|
|
# $filterignoreregex - command(s) executed when the jail ignoreregexs.
|
|
# Can be an array
|
|
# Used only with $template
|
|
#
|
|
# $filterbefore - indicates an filter file that is read before the
|
|
# [Definition] section.
|
|
#
|
|
# $filterafter - indicates an filter file is read after the
|
|
# [Definition] section.
|
|
#
|
|
# $filterdefinitionvars - Variables for the INIT stanza of the filter file.
|
|
# They are tuples in the format
|
|
# "var = value"
|
|
# Can be an array like
|
|
# [ "var1 = value1", "var2 = value2",.., "varN = valueN" ]
|
|
#
|
|
define fail2ban::filter (
|
|
$filtername = '',
|
|
$filtersource = '',
|
|
$filtertemplate = 'fail2ban/filter.local.erb',
|
|
$filterfailregex = '',
|
|
$filterignoreregex = '',
|
|
$filterbefore = '',
|
|
$filterafter = '',
|
|
$filterdefinitionvars = '',
|
|
$filterenable = true ) {
|
|
|
|
include fail2ban
|
|
|
|
$real_filtername = $filtername ? {
|
|
'' => $title,
|
|
default => $filtername,
|
|
}
|
|
|
|
$filter_file = "${fail2ban::data_dir}/filter.d/${real_filtername}.local"
|
|
|
|
$array_failregex = is_array($filterfailregex) ? {
|
|
false => $filterfailregex ? {
|
|
'' => [],
|
|
default => [$filterfailregex],
|
|
},
|
|
default => $filterfailregex,
|
|
}
|
|
|
|
$array_ignoreregex = is_array($filterignoreregex) ? {
|
|
false => $filterignoreregex? {
|
|
'' => [],
|
|
default => [$filterignoreregex],
|
|
},
|
|
default => $filterignoreregex,
|
|
}
|
|
|
|
$array_definitionvars = is_array($filterdefinitionvars) ? {
|
|
false => $filterdefinitionvars? {
|
|
'' => [],
|
|
default => [$filterdefinitionvars],
|
|
},
|
|
default => $filterdefinitionvars,
|
|
}
|
|
|
|
$ensure = bool2ensure($filterenable)
|
|
|
|
$manage_file_source = $filtersource ? {
|
|
'' => undef,
|
|
default => $filtersource,
|
|
}
|
|
|
|
$manage_file_content = $filtertemplate ? {
|
|
'' => undef,
|
|
default => template($filtertemplate),
|
|
}
|
|
|
|
file { "${real_filtername}.local":
|
|
ensure => $fail2ban::manage_file,
|
|
path => $filter_file,
|
|
mode => $fail2ban::config_file_mode,
|
|
owner => $fail2ban::config_file_owner,
|
|
group => $fail2ban::config_file_group,
|
|
require => Package[$fail2ban::package],
|
|
notify => $fail2ban::manage_service_autorestart,
|
|
source => $manage_file_source,
|
|
content => $manage_file_content,
|
|
replace => $fail2ban::manage_file_replace,
|
|
audit => $fail2ban::manage_audit,
|
|
noop => $fail2ban::bool_noops,
|
|
}
|
|
|
|
}
|