Forge Home

fail2ban

Puppet module for fail2ban

73,676 downloads

62,243 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.4.0 (latest)
  • 1.3.1
  • 1.3.0
  • 1.2.2
  • 1.2.1
  • 1.2.0
  • 1.1.2
  • 1.1.0
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released May 7th 2014
This version is compatible with:
  • Debian, RedHat, CentOS, Ubuntu

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'netmanagers-fail2ban', '1.4.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add netmanagers-fail2ban
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install netmanagers-fail2ban --version 1.4.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

netmanagers/fail2ban — version 1.4.0 May 7th 2014

Puppet module: fail2ban

This is a Puppet module for fail2ban based on the second generation layout ("NextGen") of Example42 Puppet Modules.

Made by Javier Bértoli / Netmanagers

Official site: http://www.netmanagers.com.ar

Official git repository: http://github.com/netmanagers/puppet-fail2ban

Released under the terms of Apache 2 License.

This module depends on R.I.Pienaar's concat module (https://github.com/ripienaar/puppet-concat).

This module requires functions provided by the Example42 Puppi module (you need it even if you don't use and install Puppi)

For detailed info about the logic and usage patterns of Example42 modules check the DOCS directory on Example42 main modules set.

USAGE - Basic management

  • All parameters can be set using Hiera. See the manifests to see what can be set.

  • Install fail2ban with default settings. No configuration changes are done, and distro defaults are respected.

      class { 'fail2ban': }
    
  • Configure jails using your own jail.local file

      class { 'fail2ban':
        jails_config => 'file',
        jails_source => 'puppet:///path/to/your/jail.local'.
      }
    
  • Configure jails using a template file. An example is provided. In this case, you can enable or disable jails using an array named "jails". See the template "jail.local.erb".

      class { 'fail2ban':
        jails_config   => 'file',
        jails_template => 'fail2ban/jail.local.erb',
        jails          => ['ssh', 'imap'],
      }
    
  • You can configure and set a jail using fail2ban::jail. In this case, stanzas for jail.local are created using R.I.Pienaar's concat module. This method permits you better handling of your jails.

      class { 'fail2ban':
        jails_config   => 'concat',
      }
    
      fail2ban::jail { 'sshd':
        port     => '22',
        logpath  => '/var/log/secure',
        maxretry => '2',
      }
    
  • Install a specific version of fail2ban package

      class { 'fail2ban':
        version => '1.0.1',
      }
    
  • Disable fail2ban service.

      class { 'fail2ban':
        disable => true
      }
    
  • Remove fail2ban package

      class { 'fail2ban':
        absent => true
      }
    
  • Enable auditing without without making changes on existing fail2ban configuration files

      class { 'fail2ban':
        audit_only => true
      }
    
  • Module dry-run: Do not make any change on all the resources provided by the module

      class { 'fail2ban':
        noops => true
      }
    

USAGE - Overrides and Customizations

  • Use custom sources for main config file

      class { 'fail2ban':
        source => [ "puppet:///modules/example42/fail2ban/fail2ban.local-${hostname}" , "puppet:///modules/example42/fail2ban/fail2ban.local" ], 
      }
    
  • Use custom source directory for the whole configuration dir

      class { 'fail2ban':
        source_dir       => 'puppet:///modules/example42/fail2ban/conf/',
        source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir
      }
    
  • Use custom template for main config file. Note that template and source arguments are alternative. In this new version, and following fail2ban recommendations, fail2ban.conf is untouched and fail2ban.local is created instead, overriding parameters.

      class { 'fail2ban':
        template => 'example42/fail2ban/fail2ban.local.erb',
      }
    
  • Automatically include a custom subclass

      class { 'fail2ban':
        my_class => 'example42::my_fail2ban',
      }
    

USAGE - Example42 extensions management

  • Activate puppi (recommended, but disabled by default)

      class { 'fail2ban':
        puppi    => true,
      }
    
  • Activate puppi and use a custom puppi_helper template (to be provided separately with a puppi::helper define ) to customize the output of puppi commands

      class { 'fail2ban':
        puppi        => true,
        puppi_helper => 'myhelper', 
      }
    
  • Activate automatic monitoring (recommended, but disabled by default). This option requires the usage of Example42 monitor and relevant monitor tools modules

      class { 'fail2ban':
        monitor      => true,
        monitor_tool => [ 'nagios' , 'monit' , 'munin' ],
      }
    
  • Activate automatic firewalling. This option requires the usage of Example42 firewall and relevant firewall tools modules

      class { 'fail2ban':       
        firewall      => true,
        firewall_tool => 'iptables',
        firewall_src  => '10.42.0.0/24',
        firewall_dst  => $ipaddress_eth0,
      }
    

CONTINUOUS TESTING

Travis {}[https://travis-ci.org/netmanagers/puppet-fail2ban]