4 files changed, 22 insertions, 1 deletions

diff --git a/modules/mail/manifests/monitoring.pp b/modules/mail/manifests/monitoring.pp
index f7f0afd..b473b48 100644
--- a/modules/mail/manifests/monitoring.pp
+++ b/modules/mail/manifests/monitoring.pp
@@ -81,5 +81,10 @@ class mail::monitoring {
 
   include tick::client::base_plugins
 
-  class { "tick::client::plugin::tarsnap": }
+  class {
+    [
+      "tick::client::plugin::fail2ban",
+      "tick::client::plugin::tarsnap",
+    ]:
+  }
 }
diff --git a/modules/tick/files/plugins/fail2ban.sudoers b/modules/tick/files/plugins/fail2ban.sudoers
new file mode 100644
index 0000000..c172266
--- /dev/null
+++ b/modules/tick/files/plugins/fail2ban.sudoers
@@ -0,0 +1,3 @@
+Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
+telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
+Defaults!FAIL2BAN !logfile, !syslog, !pam_session
diff --git a/modules/tick/manifests/client/plugin/fail2ban.pp b/modules/tick/manifests/client/plugin/fail2ban.pp
new file mode 100644
index 0000000..f41e9b1
--- /dev/null
+++ b/modules/tick/manifests/client/plugin/fail2ban.pp
@@ -0,0 +1,12 @@
+class tick::client::plugin::fail2ban {
+  tick::client::plugin { "fail2ban":
+    opts => {
+      use_sudo => true,
+    }
+  }
+
+  file { "/etc/sudoers.d/telegraf-fail2ban":
+    source => 'puppet:///modules/tick/plugins/fail2ban.sudoers',
+    require => Package['sudo'];
+  }
+}
diff --git a/modules/tozt/manifests/monitoring.pp b/modules/tozt/manifests/monitoring.pp
index a96bdca..e7f0ca2 100644
--- a/modules/tozt/manifests/monitoring.pp
+++ b/modules/tozt/manifests/monitoring.pp
@@ -86,6 +86,7 @@ class tozt::monitoring {
   class {
     [
       "tick::client::plugin::certbot",
+      "tick::client::plugin::fail2ban",
       "tick::client::plugin::tarsnap",
     ]:
   }