install fail2ban

author: Jesse Luehrs <doy@tozt.net> 2018-10-27 13:20:19 -0400
committer: Jesse Luehrs <doy@tozt.net> 2018-10-27 13:20:19 -0400
commit: b3f438821e061bc44fb455e81b997ef048822d48 (patch)
tree: c96cae3c13901fe9ce60b8a126f83f02785d6240 /tozt
parent: 2daff6182efb87cb32ca34b1d8057834a5521524 (diff)
download: puppet-tozt-b3f438821e061bc44fb455e81b997ef048822d48.tar.gz
puppet-tozt-b3f438821e061bc44fb455e81b997ef048822d48.zip
3 files changed, 25 insertions, 0 deletions
diff --git a/tozt/fail2ban/files/jail.local b/tozt/fail2ban/files/jail.local
new file mode 100644
index 0000000..ffa29e1
--- /dev/null
+++ b/tozt/fail2ban/files/jail.local
@@ -0,0 +1,4 @@
+[sshd]
+enabled = true
+backend = systemd
+ignoreip = 10.19.49.0/24
diff --git a/tozt/fail2ban/manifests/init.pp b/tozt/fail2ban/manifests/init.pp
new file mode 100644
index 0000000..a050c33
--- /dev/null
+++ b/tozt/fail2ban/manifests/init.pp
@@ -0,0 +1,20 @@
+class fail2ban {
+  package { "fail2ban":
+    ensure => installed;
+  }
+
+  file {
+    "/etc/fail2ban/jail.local":
+      source => "puppet:///modules/fail2ban/jail.local",
+      require => Package["fail2ban"];
+  }
+
+  service { "fail2ban":
+    ensure => running,
+    enable => true,
+    require => [
+      File["/etc/fail2ban/jail.local"],
+      Package["fail2ban"],
+    ];
+  }
+}
diff --git a/tozt/tozt/manifests/services.pp b/tozt/tozt/manifests/services.pp
index 8dfbe5b..1789715 100644
--- a/tozt/tozt/manifests/services.pp
+++ b/tozt/tozt/manifests/services.pp
@@ -1,4 +1,5 @@
 class tozt::services {
+  include fail2ban
   include locate
   include ntp
 }
author	Jesse Luehrs <doy@tozt.net>	2018-10-27 13:20:19 -0400
committer	Jesse Luehrs <doy@tozt.net>	2018-10-27 13:20:19 -0400
commit	b3f438821e061bc44fb455e81b997ef048822d48 (patch)
tree	c96cae3c13901fe9ce60b8a126f83f02785d6240 /tozt
parent	2daff6182efb87cb32ca34b1d8057834a5521524 (diff)
download	puppet-tozt-b3f438821e061bc44fb455e81b997ef048822d48.tar.gz puppet-tozt-b3f438821e061bc44fb455e81b997ef048822d48.zip