diff options
-rw-r--r-- | modules/fail2ban/files/jail.local | 8 | ||||
-rw-r--r-- | modules/fail2ban/files/nginx-botsearch.conf | 3 | ||||
-rw-r--r-- | modules/fail2ban/files/sshd.conf | 3 | ||||
-rw-r--r-- | modules/fail2ban/manifests/jail.pp | 13 | ||||
-rw-r--r-- | modules/mail/manifests/services.pp | 3 | ||||
-rw-r--r-- | modules/tozt/manifests/services.pp | 3 |
6 files changed, 23 insertions, 10 deletions
diff --git a/modules/fail2ban/files/jail.local b/modules/fail2ban/files/jail.local index 00329d7..574fe43 100644 --- a/modules/fail2ban/files/jail.local +++ b/modules/fail2ban/files/jail.local @@ -1,10 +1,2 @@ [DEFAULT] bantime = 1d - -[sshd] -enabled = true -ignoreip = 10.19.49.0/24 - -[nginx-botsearch] -enabled = true -logpath = /var/log/nginx/*.log diff --git a/modules/fail2ban/files/nginx-botsearch.conf b/modules/fail2ban/files/nginx-botsearch.conf new file mode 100644 index 0000000..6389ef6 --- /dev/null +++ b/modules/fail2ban/files/nginx-botsearch.conf @@ -0,0 +1,3 @@ +[nginx-botsearch] +enabled = true +logpath = /var/log/nginx/*.log diff --git a/modules/fail2ban/files/sshd.conf b/modules/fail2ban/files/sshd.conf new file mode 100644 index 0000000..8e3b6f6 --- /dev/null +++ b/modules/fail2ban/files/sshd.conf @@ -0,0 +1,3 @@ +[sshd] +enabled = true +ignoreip = 10.19.49.0/24 diff --git a/modules/fail2ban/manifests/jail.pp b/modules/fail2ban/manifests/jail.pp new file mode 100644 index 0000000..4e4ece3 --- /dev/null +++ b/modules/fail2ban/manifests/jail.pp @@ -0,0 +1,13 @@ +define fail2ban::jail($source=undef) { + include fail2ban + + $_source = $source ? { + undef => "puppet:///modules/fail2ban/${name}.conf", + default => $source, + } + + file { "/etc/fail2ban/jail.d/${name}.conf": + source => $_source, + require => Package["fail2ban"]; + } +} diff --git a/modules/mail/manifests/services.pp b/modules/mail/manifests/services.pp index ca9f88a..8f05bfb 100644 --- a/modules/mail/manifests/services.pp +++ b/modules/mail/manifests/services.pp @@ -1,3 +1,4 @@ class mail::services { - include fail2ban + fail2ban::jail { "sshd": + } } diff --git a/modules/tozt/manifests/services.pp b/modules/tozt/manifests/services.pp index 78bd5e5..a5a03ad 100644 --- a/modules/tozt/manifests/services.pp +++ b/modules/tozt/manifests/services.pp @@ -1,3 +1,4 @@ class tozt::services { - include fail2ban + fail2ban::jail { ["sshd", "nginx-botsearch"]: + } } |