add fail2ban telegraf plugin

2 files changed, 15 insertions, 0 deletions

diff --git a/modules/tick/files/plugins/fail2ban.sudoers b/modules/tick/files/plugins/fail2ban.sudoers
new file mode 100644
index 0000000..c172266
--- /dev/null
+++ b/modules/tick/files/plugins/fail2ban.sudoers
@@ -0,0 +1,3 @@
+Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
+telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
+Defaults!FAIL2BAN !logfile, !syslog, !pam_session
diff --git a/modules/tick/manifests/client/plugin/fail2ban.pp b/modules/tick/manifests/client/plugin/fail2ban.pp
new file mode 100644
index 0000000..f41e9b1
--- /dev/null
+++ b/modules/tick/manifests/client/plugin/fail2ban.pp
@@ -0,0 +1,12 @@
+class tick::client::plugin::fail2ban {
+  tick::client::plugin { "fail2ban":
+    opts => {
+      use_sudo => true,
+    }
+  }
+
+  file { "/etc/sudoers.d/telegraf-fail2ban":
+    source => 'puppet:///modules/tick/plugins/fail2ban.sudoers',
+    require => Package['sudo'];
+  }
+}