diff options
author | Jesse Luehrs <doy@tozt.net> | 2019-02-19 02:36:58 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2019-02-19 02:36:58 -0500 |
commit | 66bdc0aa2a29678f7628270ca50a1ce8fcd205fb (patch) | |
tree | c2cfffdd4f2b2ad3f4d497d3d93c17c2e0d38797 /modules/fail2ban | |
parent | ba115c88c5f93561b6f521d6dc232c7c6d85801b (diff) | |
download | puppet-tozt-66bdc0aa2a29678f7628270ca50a1ce8fcd205fb.tar.gz puppet-tozt-66bdc0aa2a29678f7628270ca50a1ce8fcd205fb.zip |
configure fail2ban separately for each host
since mail isn't going to be running nginx directly
Diffstat (limited to 'modules/fail2ban')
-rw-r--r-- | modules/fail2ban/files/jail.local | 8 | ||||
-rw-r--r-- | modules/fail2ban/files/nginx-botsearch.conf | 3 | ||||
-rw-r--r-- | modules/fail2ban/files/sshd.conf | 3 | ||||
-rw-r--r-- | modules/fail2ban/manifests/jail.pp | 13 |
4 files changed, 19 insertions, 8 deletions
diff --git a/modules/fail2ban/files/jail.local b/modules/fail2ban/files/jail.local index 00329d7..574fe43 100644 --- a/modules/fail2ban/files/jail.local +++ b/modules/fail2ban/files/jail.local @@ -1,10 +1,2 @@ [DEFAULT] bantime = 1d - -[sshd] -enabled = true -ignoreip = 10.19.49.0/24 - -[nginx-botsearch] -enabled = true -logpath = /var/log/nginx/*.log diff --git a/modules/fail2ban/files/nginx-botsearch.conf b/modules/fail2ban/files/nginx-botsearch.conf new file mode 100644 index 0000000..6389ef6 --- /dev/null +++ b/modules/fail2ban/files/nginx-botsearch.conf @@ -0,0 +1,3 @@ +[nginx-botsearch] +enabled = true +logpath = /var/log/nginx/*.log diff --git a/modules/fail2ban/files/sshd.conf b/modules/fail2ban/files/sshd.conf new file mode 100644 index 0000000..8e3b6f6 --- /dev/null +++ b/modules/fail2ban/files/sshd.conf @@ -0,0 +1,3 @@ +[sshd] +enabled = true +ignoreip = 10.19.49.0/24 diff --git a/modules/fail2ban/manifests/jail.pp b/modules/fail2ban/manifests/jail.pp new file mode 100644 index 0000000..4e4ece3 --- /dev/null +++ b/modules/fail2ban/manifests/jail.pp @@ -0,0 +1,13 @@ +define fail2ban::jail($source=undef) { + include fail2ban + + $_source = $source ? { + undef => "puppet:///modules/fail2ban/${name}.conf", + default => $source, + } + + file { "/etc/fail2ban/jail.d/${name}.conf": + source => $_source, + require => Package["fail2ban"]; + } +} |