fail2ban
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , ,
Tasks:
- banip
- unban
- unbanip
Start using this module
Add this module to your Puppetfile:
mod 'puppet-fail2ban', '5.0.2'
Learn more about managing modules with a PuppetfileDocumentation
fail2ban
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with fail2ban
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Jails available
- Development - Guide for contributing to the module
Overview
This module installs, configures and manages the Fail2ban service.
Module Description
This module handles installing, configuring and running Fail2ban across a range of operating systems and distributions.
Setup
What fail2ban affects
- fail2ban package.
- fail2ban configuration file.
- fail2ban service.
Beginning with fail2ban
Install and configure fail2ban
:
class { 'fail2ban': }
Config file template
You can also manually specify a different configuration template. To do it, use your desired configuration template (e.g. if your template is in your local profile):
class { 'fail2ban':
config_file_template => "profile/fail2ban/etc/fail2ban/jail.conf.epp"
}
Or using Hiera:
fail2ban::config_file_template: "profile/fail2ban/etc/fail2ban/jail.conf.epp"
Usage
Update the fail2ban package.
class { 'fail2ban':
package_ensure => 'latest',
}
Remove the fail2ban package.
class { 'fail2ban':
package_ensure => 'absent',
}
Purge the fail2ban package (All configuration files will be removed).
class { 'fail2ban':
package_ensure => 'purged',
}
Deploy the configuration files from source directory.
class { 'fail2ban':
config_dir_source => "puppet:///modules/profile/fail2ban/etc/fail2ban",
}
Deploy the configuration files from source directory (Unmanaged configuration files will be removed).
class { 'fail2ban':
config_dir_purge => true,
config_dir_source => "puppet:///modules/profile/fail2ban/etc/fail2ban",
}
Deploy the configuration file from source.
class { 'fail2ban':
config_file_source => "puppet:///modules/profile/fail2ban/etc/fail2ban/jail.conf",
}
Deploy the configuration file from string.
class { 'fail2ban':
config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
}
Deploy the configuration file from template.
class { 'fail2ban':
config_file_template => "profile/fail2ban/etc/fail2ban/jail.conf.epp",
}
Deploy the configuration file from custom template (Additional parameters can be defined).
class { 'fail2ban':
config_file_template => "profile/fail2ban/etc/fail2ban/jail.conf.epp",
config_file_options_hash => {
'key' => 'value',
},
}
Deploy additional configuration files from source, string or template.
class { 'fail2ban':
config_file_hash => {
'jail.2nd.conf' => {
config_file_path => '/etc/fail2ban/jail.2nd.conf',
config_file_source => "puppet:///modules/profile/fail2ban/etc/fail2ban/jail.2nd.conf",
},
'jail.3rd.conf' => {
config_file_path => '/etc/fail2ban/jail.3rd.conf',
config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
},
'jail.4th.conf' => {
config_file_path => '/etc/fail2ban/jail.4th.conf',
config_file_template => "profile/fail2ban/etc/fail2ban/jail.4th.conf.epp",
},
},
}
Disable the fail2ban service.
class { 'fail2ban':
service_ensure => 'stopped',
}
Jails available
Pre-defined jails
RedHat
- 3proxy
- apache-auth
- apache-badbots
- apache-botsearch
- apache-fakegooglebot
- apache-modsecurity
- apache-nohome
- apache-noscript
- apache-overflows
- apache-shellshock
- assp
- asterisk
- counter-strike
- courier-auth
- courier-smtp
- cyrus-imap
- directadmin
- dovecot
- dropbear
- drupal-auth
- ejabberd-auth
- exim
- exim-spam
- freeswitch
- froxlor-auth
- groupoffice
- gssftpd
- guacamole
- horde
- kerio
- lighttpd-auth
- monit
- mysqld-auth
- nagios
- named-refused
- nginx-botsearch
- nginx-http-auth
- nsd
- openwebmail
- oracleims
- pam-generic
- pass2allow-ftp
- perdition
- php-url-fopen
- portsentry
- postfix
- postfix-rbl
- postfix-sasl
- proftpd
- pure-ftpd
- qmail-rbl
- recidive
- roundcube-auth
- selinux-ssh
- sendmail-auth
- sendmail-reject
- sieve
- sogo-auth
- solid-pop3d
- squid
- squirrelmail
- sshd
- sshd-ddos
- stunnel
- suhosin
- tine20
- uwimap-auth
- vsftpd
- webmin-auth
- wuftpd
- xinetd-fail
Debian
- 3proxy
- apache-auth
- apache-badbots
- apache-botsearch
- apache-fakegooglebot
- apache-modsecurity
- apache-multiport
- apache-nohome
- apache-noscript
- apache-overflows
- apache-shellshock
- assp
- asterisk
- bitwarden
- centreon
- counter-strike
- courierauth
- courier-smtp
- cyrus-imap
- directadmin
- domino-smtp
- dovecot
- dropbear
- drupal-auth
- ejabberd-auth
- exim
- exim-spam
- freeswitch
- froxlor-auth
- groupoffice
- gssftpd
- guacamole
- haproxy-http-auth
- horde
- kerio
- lighttpd-auth
- lighttpd-fastcgi
- mongodb-auth
- monit
- murmur
- mysqld-auth
- nagios
- named-refused
- nginx-botsearch
- nginx-http-auth
- nginx-limit-req
- nsd
- openhab-auth
- openwebmail
- oracleims
- pam-generic
- pass2allow-ftp
- perdition
- php-url-fopen
- phpmyadmin-syslog
- portsentry
- postfix
- postfix-rbl
- postfix-sasl
- proftpd
- pure-ftpd
- qmail-rbl
- recidive
- roundcube-auth
- sasl
- selinux-ssh
- sendmail-auth
- sendmail-reject
- sieve
- screensharing
- slapd
- sogo-auth
- solid-pop3d
- squid
- squirrelmail
- ssh
- ssh-blocklist
- ssh-ddos
- ssh-iptables-ipset4
- ssh-iptables-ipset6
- ssh-route
- stunnel
- suhosin
- tine20
- traefik-auth
- uwimap-auth
- vsftpd
- webmin-auth
- wuftpd
- xinetd-fail
- zoneminder
- znc-adminlog
Suse
- 3proxy
- apache-auth
- apache-badbots
- apache-botsearch
- apache-common
- apache-fakegooglebot
- apache-modsecurity
- apache-nohome
- apache-noscript
- apache-overflows
- apache-pass
- apache-shellshock
- assp
- asterisk
- botsearch-common
- common
- counter-strike
- courier-auth
- courier-smtp
- cyrus-imap
- directadmin
- domino-smtp
- dovecot
- dropbear
- drupal-auth
- ejabberd-auth
- exim-common
- exim-spam
- exim
- freeswitch
- froxlor-auth
- groupoffice
- gssftpd
- guacamole
- haproxy-http-auth
- horde
- ignorecommands
- kerio
- lighttpd-auth
- mongodb-auth
- monit
- murmur
- mysqld-auth
- nagios
- named-refused
- nginx-botsearch
- nginx-http-auth
- nginx-limit-req
- nsd
- openhab
- openwebmail
- oracleims
- pam-generic
- perdition
- php-url-fopen
- phpmyadmin-syslog
- portsentry
- postfix
- proftpd
- pure-ftpd
- qmail
- recidive
- roundcube-auth
- screensharingd
- selinux-common
- selinux-ssh
- sendmail-auth
- sendmail-reject
- sieve
- slapd
- sogo-auth
- solid-pop3d
- squid
- squirrelmail
- sshd
- stunnel
- suhosin
- tine20
- uwimap-auth
- vsftpd
- webmin-auth
- wuftpd
- xinetd-fail
- zoneminder
Custom jails
Users can add their own jails by using this YAML definition:
---
fail2ban::custom_jails:
'nginx-wp-login':
filter_failregex: '<HOST>.*] "POST /wp-login.php'
port: 'http,https'
logpath: '/var/log/nginx/access.log'
maxretry: 3
findtime: 120
bantime: 1200
ignoreip: ['127.0.0.1', '192.168.1.1/24']
'nginx-login':
filter_failregex: '^<HOST> -.*POST /sessions HTTP/1\.." 200'
action: 'iptables-multiport[name=NoLoginFailures, port="http,https"]'
logpath: '/var/log/nginx*/*access*.log'
maxretry: 6
bantime: 600
ignoreip: ['127.0.0.1', '192.168.1.1/24']
Sendmail notifications
Default e-mail notification are defined in /etc/fail2ban/action.d/sendmail-common.conf
. Following configuration will create override config sendmail-common.local
.
fail2ban::sendmail_actions:
actionstart: ''
actionstop: ''
fail2ban::sendmail_config:
dest: root@localhost
sender: fail2ban@localhost
sendername: Fail2Ban
Limitations
Supported OSes and dependencies are given into metadata.json file.
Development
Bug Report
If you find a bug, have trouble following the documentation or have a question about this module - please create an issue.
Pull Request
If you are able to patch the bug or add the feature yourself - please make a pull request.
Contributors
The list of contributors can be found at: https://github.com/voxpupuli/puppet-fail2ban/graphs/contributors
Reference
Table of Contents
Classes
Public Classes
fail2ban
: Installs, configures and manages the Fail2ban service.fail2ban::install
: == Class: fail2ban::install
Private Classes
fail2ban::config
: Handles the configuration file.fail2ban::service
: Handles the service.
Defined types
fail2ban::define
: == Define: fail2ban::definefail2ban::jail
: Handles the jails.
Data types
Fail2ban::Time
: Describes time format allowed for bantime and findtime The time entries in fail2ban configuration (like findtime or bantime) can be provided
Tasks
Classes
fail2ban
This module installs, configures and manages the Fail2ban service. Main class, includes all other classes.
Parameters
The following parameters are available in the fail2ban
class:
package_ensure
package_name
package_list
config_dir_path
config_dir_purge
config_dir_recurse
config_dir_source
config_file_path
config_file_owner
config_file_group
config_file_mode
config_file_source
config_file_string
config_file_template
config_file_notify
config_file_require
config_file_hash
config_file_options_hash
manage_defaults
manage_firewalld
service_ensure
service_name
service_enable
action
bantime
email
sender
iptables_chain
jails
maxretry
whitelist
custom_jails
banaction
config_file_before
config_dir_filter_path
default_backend
sendmail_config
sendmail_actions
package_ensure
Data type: Enum['absent', 'latest', 'present', 'purged']
Determines if the package should be installed.
Default value: 'present'
package_name
Data type: String[1]
Determines the name of package to manage.
Default value: 'fail2ban'
package_list
Data type: Optional[Array[String]]
Determines if additional packages should be managed.
Default value: undef
config_dir_path
Data type: Stdlib::Absolutepath
Determines if the configuration directory should be managed.
Default value: '/etc/fail2ban'
config_dir_purge
Data type: Boolean
Determines if unmanaged configuration files should be removed.
Default value: false
config_dir_recurse
Data type: Boolean
Determines if the configuration directory should be recursively managed.
Default value: true
config_dir_source
Data type: Optional[String]
Determines the source of a configuration directory.
Default value: undef
config_file_path
Data type: Stdlib::Absolutepath
Determines if the configuration file should be managed.
Default value: '/etc/fail2ban/jail.conf'
config_file_owner
Data type: String[1]
Determines which user should own the configuration file.
Default value: 'root'
config_file_group
Data type: String[1]
Determines which group should own the configuration file.
Default value: 'root'
config_file_mode
Data type: String[1]
Determines the desired permissions mode of the configuration file.
Default value: '0644'
config_file_source
Data type: Optional[String[1]]
Determines the source of a configuration file.
Default value: undef
config_file_string
Data type: Optional[String[1]]
Determines the content of a configuration file.
Default value: undef
config_file_template
Data type: Optional[String[1]]
Determines the content of a configuration file.
Default value: undef
config_file_notify
Data type: String[1]
Determines if the service should be restarted after configuration changes.
Default value: 'Service[fail2ban]'
config_file_require
Data type: String[1]
Determines which package a configuration file depends on.
Default value: 'Package[fail2ban]'
config_file_hash
Data type: Hash[String[1], Any]
Determines which configuration files should be managed via fail2ban::define
.
Default value: {}
config_file_options_hash
Data type: Hash
Determines which parameters should be passed to an ERB template.
Default value: {}
manage_defaults
Data type: Enum['absent', 'present']
Determines whether the file /etc/fail2ban/jail.d/defaults-debian.conf
should be deleted or not.
Default value: 'absent'
manage_firewalld
Data type: Enum['absent', 'present']
Determines whether the file /etc/fail2ban/jail.d/00-firewalld.conf
should be deleted or not.
Default value: 'absent'
service_ensure
Data type: Enum['running', 'stopped']
Determines if the service should be running or not.
Default value: 'running'
service_name
Data type: String[1]
Determines the name of service to manage.
Default value: 'fail2ban'
service_enable
Data type: Boolean
Determines if the service should be enabled at boot.
Default value: true
action
Data type: String[1]
Determines how banned ip addresses should be reported.
Default value: 'action_mb'
bantime
Data type: Fail2ban::Time
Determines how many time (second or hour or week) ip addresses will be banned.
Default value: 432000
email
Data type: String[1]
Determines which email address should be notified about restricted hosts and suspicious logins.
Default value: "fail2ban@${facts['networking']['domain']}"
sender
Data type: String[1]
Determines which email address should notify about restricted hosts and suspicious logins.
Default value: "fail2ban@${facts['networking']['fqdn']}"
iptables_chain
Data type: String[1]
Determines chain where jumps will to be added in iptables-* actions.
Default value: 'INPUT'
jails
Data type: Array[String[1]]
Determines which services should be protected by Fail2ban.
Default value: ['ssh', 'ssh-ddos']
maxretry
Data type: Integer[0]
Determines the number of failed login attempts needed to block a host.
Default value: 3
whitelist
Data type: Array
Determines which ip addresses will not be reported
Default value: ['127.0.0.1/8', '192.168.56.0/24']
custom_jails
Data type: Hash[String, Hash]
Determines which custom jails should be included
Default value: {}
banaction
Data type: String[1]
Determines which action to perform when performing a global ban (not overridden in a specific jail).
Default value: 'iptables-multiport'
config_file_before
Data type: String[1]
config_dir_filter_path
Data type: Stdlib::Absolutepath
Default value: '/etc/fail2ban/filter.d'
default_backend
Data type: Enum['pyinotify', 'gamin', 'polling', 'systemd', 'auto']
Default value: 'auto'
sendmail_config
Data type: Hash
Default value: {}
sendmail_actions
Data type: Hash
Default value: {}
fail2ban::install
== Class: fail2ban::install
Defined types
fail2ban::define
== Define: fail2ban::define
Parameters
The following parameters are available in the fail2ban::define
defined type:
config_file_path
config_file_owner
config_file_group
config_file_mode
config_file_source
config_file_string
config_file_template
config_file_notify
config_file_require
config_file_options_hash
config_file_path
Data type: Stdlib::Absolutepath
Default value: "${fail2ban::config_dir_path}/${title}"
config_file_owner
Data type: String
Default value: $fail2ban::config_file_owner
config_file_group
Data type: String
Default value: $fail2ban::config_file_group
config_file_mode
Data type: String
Default value: $fail2ban::config_file_mode
config_file_source
Data type: Optional[String]
Default value: undef
config_file_string
Data type: Optional[String]
Default value: undef
config_file_template
Data type: Optional[String]
Default value: undef
config_file_notify
Data type: String
Default value: $fail2ban::config_file_notify
config_file_require
Data type: String
Default value: $fail2ban::config_file_require
config_file_options_hash
Data type: Hash
Default value: $fail2ban::config_file_options_hash
fail2ban::jail
Handles the jails.
Parameters
The following parameters are available in the fail2ban::jail
defined type:
filter_includes
filter_failregex
filter_ignoreregex
filter_maxlines
filter_datepattern
filter_additional_config
enabled
action
filter
logpath
maxretry
findtime
bantime
port
backend
journalmatch
ignoreip
config_dir_filter_path
config_file_owner
config_file_group
config_file_mode
config_file_source
config_file_notify
config_file_require
filter_includes
Data type: Optional[String]
Default value: undef
filter_failregex
Data type: Optional[String]
Default value: undef
filter_ignoreregex
Data type: Optional[String]
Default value: undef
filter_maxlines
Data type: Optional[Integer]
Default value: undef
filter_datepattern
Data type: Optional[String]
Default value: undef
filter_additional_config
Data type: Any
Default value: undef
enabled
Data type: Boolean
Default value: true
action
Data type: Optional[String]
Default value: undef
filter
Data type: String
Default value: $title
logpath
Data type: Optional[String[1]]
Default value: undef
maxretry
Data type: Integer
Default value: $fail2ban::maxretry
findtime
Data type: Optional[Fail2ban::Time]
Default value: undef
bantime
Data type: Fail2ban::Time
Default value: $fail2ban::bantime
port
Data type: Optional[String]
Default value: undef
backend
Data type: Optional[String]
Default value: undef
journalmatch
Data type: Optional[String[1]]
Default value: undef
ignoreip
Data type: Array[Stdlib::IP::Address]
Default value: []
config_dir_filter_path
Data type: Stdlib::Absolutepath
Default value: $fail2ban::config_dir_filter_path
config_file_owner
Data type: Optional[String]
Default value: $fail2ban::config_file_owner
config_file_group
Data type: Optional[String]
Default value: $fail2ban::config_file_group
config_file_mode
Data type: Optional[String]
Default value: $fail2ban::config_file_mode
config_file_source
Data type: Optional[String]
Default value: $fail2ban::config_file_source
config_file_notify
Data type: Optional[String]
Default value: $fail2ban::config_file_notify
config_file_require
Data type: Optional[String]
Default value: $fail2ban::config_file_require
Data types
Fail2ban::Time
Describes time format allowed for bantime and findtime The time entries in fail2ban configuration (like findtime or bantime) can be provided as integer in seconds or as string using special abbreviation format (e. g. 600 is the same as 10m).
Abbreviation tokens:
years?, yea?, yy? months?, mon? weeks?, wee?, ww? days?, da, dd? hours?, hou?, hh? minutes?, min?, mm? seconds?, sec?, ss?
The question mark (?) means the optional character, so day as well as days can be used.
You can combine multiple tokens in format (separated with space resp. without separator), e. g.: 1y 6mo or 1d12h30m. Note that tokens m as well as mm means minutes, for month use abbreviation mo or mon.
The time format can be tested using fail2ban-client:
fail2ban-client --str2sec 1d12h
Alias of Variant[Integer[0], Pattern['^\d.*$']]
Tasks
banip
Ban IPs in a jail
Supports noop? false
Parameters
jail
Data type: String[1]
The jail to operate on
ips
Data type: Array[Stdlib::IP::Address]
IP addresses to ban
unban
Unban IP in all jails and database
Supports noop? false
Parameters
ips
Data type: Array[Stdlib::IP::Address]
IP addresses to unban
unbanip
Unban IP in a jail
Supports noop? false
Parameters
jail
Data type: String[1]
The jail to operate on
ips
Data type: Array[Stdlib::IP::Address]
IP addresses to unban
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v5.0.2 (2024-09-19)
Fixed bugs:
v5.0.1 (2024-09-18)
Fixed bugs:
- modulesync 9.3.0 - fix release process #220 (bastelfreak)
v5.0.0 (2024-09-16)
Breaking changes:
- Move description of parameters from README to puppet-strings. #219 (Dan33l)
- Drop CentOS 8 support #217 (Dan33l)
- remove support for debian 10 #208 (TheMeier)
- Drop Puppet 6 support #194 (bastelfreak)
Implemented enhancements:
- Add support for Ubuntu 24.04 (noble) #215 (amateo)
- Add tasks to ban/unban IP addresses in jails #209 (smortex)
- bump puppet extlib version \< 8.0.0 #202 (sandwitch)
- Add Puppet 8 support #198 (bastelfreak)
- Add support for Debian 12 #197 (cFire)
- Allow puppetlabs-stdlib 9.x #196 (smortex)
Fixed bugs:
- Use actual Debian 11 configuration #191 (smortex)
logpath
is not required whenjournalmatch
in provided #190 (smortex)
v4.2.0 (2022-11-10)
Implemented enhancements:
- Add support for Ubuntu 22.04 #178 (grant-veepshosting)
Closed issues:
- Template for Rocky Linux 8 #183
v4.1.0 (2022-04-12)
Implemented enhancements:
- Consolidate jail.conf.epp for RedHat osfamily #177 (traylenator)
- Support CentOS/RHEL/Alma/Rocky 9 #176 (traylenator)
- Allow puppet/extlib 6.x #174 (bastelfreak)
- Add AlmaLinux & Rocky config, identical to CentOS #163 (vollmerk)
- Initial support for openSUSE #158 (mattqm)
Fixed bugs:
v4.0.0 (2021-12-13)
Breaking changes:
- Drop support for Debian 8, 9; Ubuntu 16.04; RedHat 6; CentOS 6 (EOL) #167 (smortex)
- Drop support of Puppet 5 (EOL) #166 (smortex)
Implemented enhancements:
Closed issues:
- "no directory /var/run/fail2ban to contain the socket file" #35
Merged pull requests:
v3.3.0 (2020-08-15)
Merged pull requests:
v3.2.0 (2020-05-05)
Implemented enhancements:
- Add parameters manage_defaults, manage_firewalld #147 (dhoppe)
- Support overriding service notifications (#143) #144 (deric)
Closed issues:
Merged pull requests:
v3.1.0 (2020-04-22)
Implemented enhancements:
- Add support for multiple data types #140 (dhoppe)
- Add default_backend param defaulting to "auto" #130 (brunoleon)
Closed issues:
v3.0.0 (2020-04-21)
Breaking changes:
- Remove any lsb facts usage #135 (neomilium)
- drop Ubuntu 14.04 support #121 (bastelfreak)
- modulesync 2.7.0 and drop puppet 4 #110 (bastelfreak)
- Use custom_jails parameter #100 (kobybr)
Implemented enhancements:
- Add support for CentOS / RedHat 8 #137 (dhoppe)
- allow extlib 5.x #128 (bastelfreak)
- Add Debian10 support #114 (bastelfreak)
- Allow puppet/extlib 4.x and puppetlabs/stdlib 6.x #111 (alexjfisher)
- Add filter options #107 (coreone)
- Add support for journalmatch #95 (cwells)
- Add jail.conf.epp template for bionic #89 (mnencia)
Fixed bugs:
- Template header causes service restart #29
- Fix non namespaced extlib function #131 (neomilium)
- Fixes a template bug with 'ignoreip' so that it 'Inserts the value of… #109 (dwest-galois)
- Replace UTF8 dash and quotes in templates #106 (linuxdaemon)
Closed issues:
- Move templates #132
- Support for RHEL/CentOS 8 #126
- ignoreip in custom jails not populating #120
- Missing directories when using custom jails #117
- custom_jails are not populating the 'ignoreip" values in the custom_jail.conf.epp template #108
- Use of U+2013 (EN DASH) in trusty template causes puppetdb errors #105
- Could not find template 'fail2ban//etc/fail2ban/jail.conf.erb' - CentOS Linux release 7.6.1810 (Core) #102
- Allow use of custom_jails param passed to in main class #99
- Could not find template 'fail2ban/stretch/etc/fail2ban/jail.conf.erb' #88
- Deprecation warnings #28
Merged pull requests:
- Use voxpupuli-acceptance #136 (ekohl)
- update repo links to https #129 (bastelfreak)
- Remove unsupported releases #123 (dhoppe)
- Clean up acceptance spec helper #119 (ekohl)
- depend on extlib 3 & prefix extlib function call #115 (bastelfreak)
v2.4.1 (2018-10-17)
Fixed bugs:
Closed issues:
- SyntaxError on debian stretch epp template #84
- help for load custom jails on debian #74
- Custom jail doesn't work on Debian Wheezy #27
Merged pull requests:
- modulesync 2.1.0 and allow puppet 6.x #91 (bastelfreak)
- allow puppet/extlib 3.x #90 (bastelfreak)
- allow puppetlabs/stdlib 5.x #85 (bastelfreak)
v2.4.0 (2018-08-18)
Implemented enhancements:
Closed issues:
- Debian Stretch #36
v2.3.0 (2018-08-02)
Implemented enhancements:
Fixed bugs:
Closed issues:
- Error: Unknown function: 'default_content' #70
- Unknown function: 'default_content #69
- Typo in variable name #24
Merged pull requests:
v2.2.0 (2018-05-30)
Implemented enhancements:
- Allow banaction to be Puppet managed #65 (saibot94)
- Add ignoreip parameter to jail class and template #60 (leonkoens)
Closed issues:
- Banaction in jail.conf cannot be configured by Puppet #64
- Acceptance tests don't work for CentOS 6 #57
Merged pull requests:
- release 2.2.0 #66 (traylenator)
- Remove docker nodesets #63 (bastelfreak)
- drop EOL OSs; fix puppet version range #62 (bastelfreak)
- Enable acceptance tests for CentOS 6 #54 (traylenator)
v2.1.0 (2018-05-12)
Implemented enhancements:
- Use os structured fact instead of flat lsb facts #43 (traylenator)
- Add configuration option for iptables_chain #42 (brwyatt)
- support a backend parameter for jails #37 (qs5779)
Closed issues:
- Can't change sender email in jail.conf #51
- config_file_ensure is not recognized as parameter #40
- CentOS ssh jail template actually needs "sshd" #34
Merged pull requests:
- Remove config_file_ensure #56 (ekohl)
- Use Puppet 4 datatypes #55 (ekohl)
- sender email variabilized #52 (ryayon)
- Make 'ssh' and 'ssh-ddos' jail names be consistent across operating systems #50 (saibot94)
v2.0.0 (2018-03-30)
Breaking changes:
- modulesync 1.9.0; drop Puppet 3 support, require at least 4.10 #45 (bastelfreak)
Merged pull requests:
- Transfer module to Vox Pupuli #46 (bastelfreak)
1.3.4 (2016-11-30)
Summary
- [Beaker] Add missing dependency for Beaker tests
2016-11-28 Release 1.3.3
Summary
- [Puppet] Fixed support for CentOS & RedHat releases
2016-11-07 Release 1.3.2
Summary
- [Puppet] Fix jails for Ubuntu 16.04.x (Xenial Xerus)
- [Puppet] Remove default jails at Ubuntu 16.04.x (Xenial Xerus)
2016-11-07 Release 1.3.1
Summary
- [Puppet] Fix typo at action_mb
2016-11-07 Release 1.3.0
Summary
- [Puppet] Add support for RedHat 5 (Tikanga), 6 (Santiago) and 7 (Maipo)
- [Puppet] Add support for Ubuntu 16.04.x (Xenial Xerus)
2016-11-06 Release 1.2.2
Summary
- [Rubocop] Fix several Rubocop issues
- [Puppet] Fix version of module puppet/extlib
2016-11-06 Release 1.2.1
Summary
- [General] Update based on dhoppe/modulesync_config
2016-11-05 Release 1.2.0
Summary
- [General] Update based on dhoppe/modulesync_config
- [Rubocop] Fix several Rubocop issues
- [RSpec] Migrate to rspec-puppet-facts
- [Puppet] Use module puppet/extlib instead of local function default_content
- [Markdown] Fix several Markdown issues
- [Readme] Add missing badges
2016-02-07 Release 1.1.1
Summary
- [Travis CI] Fix matrix of tested Puppet and RVM versions (travis-ci/travis-ci #5580)
2016-02-05 Release 1.1.0
Summary
- [Puppet] Add support for Puppet Enterprise
- [Puppet] Switch to scope syntax of Puppet 3
- [Puppet Forge] Add statistics for downloads, modules and releases
- [Travis CI] Add configuration for coverage reports
- [Rubocop] Resolve several rubocop issues
- [Travis CI] Update matrix of tested Puppet and RVM versions
- [Beaker] Update configuration for beaker
- [RSpec] Update configuration for rspec
- [Rubocop] Add configuration for rubocop
- [RSpec] Add configuration for rspec
- [Rake] Update list of rake tasks
- [Gem] Update list of required gems
- [Git] Update list of ignored files/directories
- [Beaker] Update box/box_url because of new point release
2015-08-13 Release 1.0.8
Summary
- [Beaker] Update Beaker environment
- [RSpec] Update RSpec environment
- [Travis CI] Update Travis CI environment
- [Puppet Forge] Update license, version requirement
2015-02-25 Release 1.0.7
Summary
- [Beaker] Update Beaker environment
- [Travis CI] Update Travis CI environment
2015-02-25 Release 1.0.6
Summary
- [Beaker] Update Beaker environment
- [Puppet] Add support for Debian 8.x (Jessie)
2014-12-06 Release 1.0.5
Summary
- [Puppet] Update documentation
- [Rspec] Made some changes to the build environment
2014-12-01 Release 1.0.4
Summary
- [Puppet] Fix duplicate variable declaration GH-3
2014-11-09 Release 1.0.3
Summary
- [Puppet] Switch to top-scope variables
- [Rspec] Enable tests
2014-11-09 Release 1.0.2
Summary
- [Puppet] Amending attributes
2014-11-09 Release 1.0.1
Summary
- [Beaker] Disable test
- [Rspec] Disable tests
2014-11-07 Release 1.0.0
Summary
- Generated from https://github.com/dhoppe/puppet-skeleton-standard
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppet/extlib (>= 3.0.0 < 8.0.0)
- puppetlabs/stdlib (>= 4.25.0 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright 2014 Dennis Hoppe Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.