actually, let's make this shared again

author: Jesse Luehrs <doy@tozt.net> 2018-11-13 00:19:06 -0500
committer: Jesse Luehrs <doy@tozt.net> 2018-11-13 00:19:06 -0500
commit: bf33ac997636c4b6c199cfff1e171ffaff437c91 (patch)
tree: 2f3d94f0ad3fddde69fec83c4d65356d60dea479 /modules/fail2ban
parent: b5fe67cdda8f05ffe814a923b1a69f7169b9db5c (diff)
download: puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.tar.gz
puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.zip
2 files changed, 31 insertions, 0 deletions
diff --git a/modules/fail2ban/files/jail.local b/modules/fail2ban/files/jail.local
new file mode 100644
index 0000000..00329d7
--- /dev/null
+++ b/modules/fail2ban/files/jail.local
@@ -0,0 +1,10 @@
+[DEFAULT]
+bantime = 1d
+
+[sshd]
+enabled = true
+ignoreip = 10.19.49.0/24
+
+[nginx-botsearch]
+enabled = true
+logpath = /var/log/nginx/*.log
diff --git a/modules/fail2ban/manifests/init.pp b/modules/fail2ban/manifests/init.pp
new file mode 100644
index 0000000..5ca6483
--- /dev/null
+++ b/modules/fail2ban/manifests/init.pp
@@ -0,0 +1,21 @@
+class fail2ban {
+  package { "fail2ban":
+    ensure => installed;
+  }
+
+  file {
+    "/etc/fail2ban/jail.local":
+      source => "puppet:///modules/fail2ban/jail.local",
+      notify => Service["fail2ban"],
+      require => Package["fail2ban"];
+  }
+
+  service { "fail2ban":
+    ensure => running,
+    enable => true,
+    require => [
+      File["/etc/fail2ban/jail.local"],
+      Package["fail2ban"],
+    ];
+  }
+}
author	Jesse Luehrs <doy@tozt.net>	2018-11-13 00:19:06 -0500
committer	Jesse Luehrs <doy@tozt.net>	2018-11-13 00:19:06 -0500
commit	bf33ac997636c4b6c199cfff1e171ffaff437c91 (patch)
tree	2f3d94f0ad3fddde69fec83c4d65356d60dea479 /modules/fail2ban
parent	b5fe67cdda8f05ffe814a923b1a69f7169b9db5c (diff)
download	puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.tar.gz puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.zip