This is the
sshguard module and class. It can manage recent versions
sshguard (new enough to support built-in log tailing rather than
running on a pipe from
syslogd) on FreeBSD and Debian/Ubuntu systems.
On FreeBSD, it will require the right firewall class for you depending
on the package name you specify (
our implementation of
freebsd::pf is a non-functional stub so if you
pf you'll need to roll your own. On Debian systems the
package enables the firewall automatically.
ensure: has standard Puppet semantics (including
purgedsupport if your package provider supports it) (default
autoupgrade: true if you want to upgrade to the latest version automatically (default false)
package: name of the package you want to install (default
service: name of the service that is used to control
watch_logs: array of log files to be scanned for abusive activity (passed as
safety_thresh: argument to
pardon_min_interval: argument to
prescribe_interval: argument to
-sflag (yes, we know it's misspelled)
whitelist_file: full path of file where the
sshguardwhitelist is stored (default is OS-specific)
whitelist_dir: name of the directory where
whitelist_fileis located, which must be explicitly created on some operating systems (default is OS-specific)
whitelist_nets: array of strings listing CIDR blocks to be whitelisted whitelist (default empty)
whitelist_hosts: array of strings listing IPv4 hosts to be whitelisted (default empty)
We recommend that you keep a global list of local networks and management
stations in your Hiera data, and use those to populate the
whitelist_hosts parameters (which is why they are given separately,
since the latter is a special case of the former).
See the file LICENSE.
- csail/freebsd (>= 0.0.1)
Copyright 2012 Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that both the above copyright notice and this permission notice appear in all copies, that both the above copyright notice and this permission notice appear in all supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''. M.I.T. DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.