diff options
author | Jesse Luehrs <doy@tozt.net> | 2020-07-05 20:38:23 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2020-07-05 20:38:23 -0400 |
commit | 11d1b816d2e5548ec008f79b2b2c8f718a221d09 (patch) | |
tree | 4b949d27b81e1e570238663a7fa1c28863651154 | |
parent | 381a4252ae8c9384d257350d258508e5d496799f (diff) | |
download | puppet-tozt-11d1b816d2e5548ec008f79b2b2c8f718a221d09.tar.gz puppet-tozt-11d1b816d2e5548ec008f79b2b2c8f718a221d09.zip |
add fail2ban telegraf plugin
-rw-r--r-- | modules/mail/manifests/monitoring.pp | 7 | ||||
-rw-r--r-- | modules/tick/files/plugins/fail2ban.sudoers | 3 | ||||
-rw-r--r-- | modules/tick/manifests/client/plugin/fail2ban.pp | 12 | ||||
-rw-r--r-- | modules/tozt/manifests/monitoring.pp | 1 |
4 files changed, 22 insertions, 1 deletions
diff --git a/modules/mail/manifests/monitoring.pp b/modules/mail/manifests/monitoring.pp index f7f0afd..b473b48 100644 --- a/modules/mail/manifests/monitoring.pp +++ b/modules/mail/manifests/monitoring.pp @@ -81,5 +81,10 @@ class mail::monitoring { include tick::client::base_plugins - class { "tick::client::plugin::tarsnap": } + class { + [ + "tick::client::plugin::fail2ban", + "tick::client::plugin::tarsnap", + ]: + } } diff --git a/modules/tick/files/plugins/fail2ban.sudoers b/modules/tick/files/plugins/fail2ban.sudoers new file mode 100644 index 0000000..c172266 --- /dev/null +++ b/modules/tick/files/plugins/fail2ban.sudoers @@ -0,0 +1,3 @@ +Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * +telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN +Defaults!FAIL2BAN !logfile, !syslog, !pam_session diff --git a/modules/tick/manifests/client/plugin/fail2ban.pp b/modules/tick/manifests/client/plugin/fail2ban.pp new file mode 100644 index 0000000..f41e9b1 --- /dev/null +++ b/modules/tick/manifests/client/plugin/fail2ban.pp @@ -0,0 +1,12 @@ +class tick::client::plugin::fail2ban { + tick::client::plugin { "fail2ban": + opts => { + use_sudo => true, + } + } + + file { "/etc/sudoers.d/telegraf-fail2ban": + source => 'puppet:///modules/tick/plugins/fail2ban.sudoers', + require => Package['sudo']; + } +} diff --git a/modules/tozt/manifests/monitoring.pp b/modules/tozt/manifests/monitoring.pp index a96bdca..e7f0ca2 100644 --- a/modules/tozt/manifests/monitoring.pp +++ b/modules/tozt/manifests/monitoring.pp @@ -86,6 +86,7 @@ class tozt::monitoring { class { [ "tick::client::plugin::certbot", + "tick::client::plugin::fail2ban", "tick::client::plugin::tarsnap", ]: } |