Version information
Start using this module
Add this module to your Puppetfile:
mod 'csail-sshguard', '0.0.1'Learn more about managing modules with a PuppetfileDocumentation
sshguard
This is the sshguard module and class. It can manage recent versions
of sshguard (new enough to support built-in log tailing rather than
running on a pipe from syslogd) on FreeBSD and Debian/Ubuntu systems.
On FreeBSD, it will require the right firewall class for you depending
on the package name you specify (freebsd::ipfw or freebsd::pf) but
our implementation of freebsd::pf is a non-functional stub so if you
use pf you'll need to roll your own. On Debian systems the sshguard
package enables the firewall automatically.
Class parameters
ensure: has standard Puppet semantics (includingpurgedsupport if your package provider supports it) (defaultpresent)autoupgrade: true if you want to upgrade to the latest version automatically (default false)package: name of the package you want to install (defaultsshguard-ipfwon FreeBSD,sshguardelsewhere)service: name of the service that is used to controlsshguardwatch_logs: array of log files to be scanned for abusive activity (passed as-larguments ofsshguard)safety_thresh: argument tosshguard's-aflagpardon_min_interval: argument tosshguard's-pflagprescribe_interval: argument tosshguard's-sflag (yes, we know it's misspelled)whitelist_file: full path of file where thesshguardwhitelist is stored (default is OS-specific)whitelist_dir: name of the directory wherewhitelist_fileis located, which must be explicitly created on some operating systems (default is OS-specific)whitelist_nets: array of strings listing CIDR blocks to be whitelisted whitelist (default empty)whitelist_hosts: array of strings listing IPv4 hosts to be whitelisted (default empty)
We recommend that you keep a global list of local networks and management
stations in your Hiera data, and use those to populate the whitelist_nets
and whitelist_hosts parameters (which is why they are given separately,
since the latter is a special case of the former).
License
See the file LICENSE.
Contact
Support
None.
Dependencies
- csail/freebsd (>= 0.0.1)
Copyright 2012 Massachusetts Institute of Technology Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that both the above copyright notice and this permission notice appear in all copies, that both the above copyright notice and this permission notice appear in all supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''. M.I.T. DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.