diff options
-rw-r--r-- | modules/mail/manifests/monitoring.pp | 7 | ||||
-rw-r--r-- | modules/tick/files/plugins/fail2ban.sudoers | 3 | ||||
-rw-r--r-- | modules/tick/manifests/client/plugin/fail2ban.pp | 12 | ||||
-rw-r--r-- | modules/tozt/manifests/monitoring.pp | 1 |
4 files changed, 22 insertions, 1 deletions
diff --git a/modules/mail/manifests/monitoring.pp b/modules/mail/manifests/monitoring.pp index f7f0afd..b473b48 100644 --- a/modules/mail/manifests/monitoring.pp +++ b/modules/mail/manifests/monitoring.pp @@ -81,5 +81,10 @@ class mail::monitoring { include tick::client::base_plugins - class { "tick::client::plugin::tarsnap": } + class { + [ + "tick::client::plugin::fail2ban", + "tick::client::plugin::tarsnap", + ]: + } } diff --git a/modules/tick/files/plugins/fail2ban.sudoers b/modules/tick/files/plugins/fail2ban.sudoers new file mode 100644 index 0000000..c172266 --- /dev/null +++ b/modules/tick/files/plugins/fail2ban.sudoers @@ -0,0 +1,3 @@ +Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * +telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN +Defaults!FAIL2BAN !logfile, !syslog, !pam_session diff --git a/modules/tick/manifests/client/plugin/fail2ban.pp b/modules/tick/manifests/client/plugin/fail2ban.pp new file mode 100644 index 0000000..f41e9b1 --- /dev/null +++ b/modules/tick/manifests/client/plugin/fail2ban.pp @@ -0,0 +1,12 @@ +class tick::client::plugin::fail2ban { + tick::client::plugin { "fail2ban": + opts => { + use_sudo => true, + } + } + + file { "/etc/sudoers.d/telegraf-fail2ban": + source => 'puppet:///modules/tick/plugins/fail2ban.sudoers', + require => Package['sudo']; + } +} diff --git a/modules/tozt/manifests/monitoring.pp b/modules/tozt/manifests/monitoring.pp index a96bdca..e7f0ca2 100644 --- a/modules/tozt/manifests/monitoring.pp +++ b/modules/tozt/manifests/monitoring.pp @@ -86,6 +86,7 @@ class tozt::monitoring { class { [ "tick::client::plugin::certbot", + "tick::client::plugin::fail2ban", "tick::client::plugin::tarsnap", ]: } |