Defined Type: fail2ban::jail
- Defined in:
- manifests/jail.pp
Summary
Setup a fail2ban jail to reduce effectiveness of bruteforce.Overview
fail2ban/manifests/jail.pp
-
Copyright (C) 2014-2018 gabster@lelutin.ca
Jails are the top level of fail2ban configuration; what you'll be using most often to setup protection of a service from bruteforce attempts or pesky attack traffic. They rely on a filter to find out IPs that are doing mischief, and then use an action to ban (and subsequently unban) IPs.
Most parameters of this defined type are used for overriding what has been set in the global context in jail.conf/jail.local (see parameters to the fail2ban class). They are not mandatory if you can reuse the global values.
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'manifests/jail.pp', line 73
define fail2ban::jail (
Enum['present','absent'] $ensure = 'present',
Boolean $enabled = true,
# Params that override default settings for a particular jail
Optional[Fail2ban::Port] $port = undef,
Optional[String] $filter = undef,
Optional[String] $logpath = undef,
Optional[Fail2ban::Protocol] $protocol = undef,
Optional[Integer] $maxretry = undef,
Optional[Integer] $findtime = undef,
Optional[String] $ignorecommand = undef,
Optional[String] $action = undef,
Optional[Fail2ban::Usedns] $usedns = undef,
Optional[String] $banaction = undef,
Optional[Integer] $bantime = undef,
Array[String, 0] $ignoreip = [],
Optional[Fail2ban::Backend] $backend = undef,
Hash[String, String] $additional_options = {},
) {
include fail2ban::config
if $backend == 'systemd' {
if $logpath {
fail('logpath must not be set when $backend is \'systemd\'')
}
}
else {
if $logpath == false {
fail('logpath must be set unless $backend is \'systemd\'')
}
}
if $port == 'all' {
$portrange = '1:65535'
}
else
{
$portrange = $port
}
file { "/etc/fail2ban/jail.d/${name}.conf":
ensure => $ensure,
content => template('fail2ban/jail.erb'),
owner => 'root',
group => 0,
mode => '0644',
notify => Class['fail2ban::service']
}
}
|