Puppet Class: fail2ban::config
- Defined in:
- manifests/config.pp
Summary
Configure fail2ban serviceOverview
fail2ban/manifests/config.pp
This class should not be included directly. Users must use the fail2ban class.
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'manifests/config.pp', line 10
class fail2ban::config {
$ignoreip = $fail2ban::ignoreip
$bantime = $fail2ban::bantime
$findtime = $fail2ban::findtime
$maxretry = $fail2ban::maxretry
$ignorecommand = $fail2ban::ignorecommand
$backend = $fail2ban::backend
$destemail = $fail2ban::destemail
$banaction = $fail2ban::banaction
$chain = $fail2ban::chain
$port = $fail2ban::port
$mta = $fail2ban::mta
$protocol = $fail2ban::protocol
$action = $fail2ban::action
$usedns = $fail2ban::usedns
$persistent_bans = $fail2ban::persistent_bans
case $facts['os']['family'] {
'Debian': {
$jail_template_name = "${module_name}/debian/jail.conf.erb"
$before_include = 'iptables-common.conf'
}
'RedHat': { $jail_template_name = "${module_name}/rhel/jail.conf.erb" }
default: { fail("Unsupported Operating System family: ${facts['os']['family']}") }
}
if $fail2ban::purge_jail_dot_d {
file { '/etc/fail2ban/jail.d':
ensure => directory,
recurse => true,
purge => true,
}
}
if $persistent_bans {
file { '/etc/fail2ban/persistent.bans':
ensure => 'present',
replace => 'no',
mode => '0644',
}
}
file { '/etc/fail2ban/action.d/iptables-multiport.conf':
ensure => present,
owner => 'root',
group => 0,
mode => '0644',
content => template('fail2ban/iptables-multiport.erb'),
}
file { '/etc/fail2ban/jail.conf':
ensure => present,
owner => 'root',
group => 0,
mode => '0644',
content => template($jail_template_name),
}
if $fail2ban::rm_jail_local {
file { '/etc/fail2ban/jail.local':
ensure => absent,
}
}
}
|