diff options
| -rw-r--r-- | tozt/fail2ban/files/jail.local | 4 | ||||
| -rw-r--r-- | tozt/fail2ban/manifests/init.pp | 20 | ||||
| -rw-r--r-- | tozt/tozt/manifests/services.pp | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/tozt/fail2ban/files/jail.local b/tozt/fail2ban/files/jail.local new file mode 100644 index 0000000..ffa29e1 --- /dev/null +++ b/tozt/fail2ban/files/jail.local @@ -0,0 +1,4 @@ +[sshd] +enabled = true +backend = systemd +ignoreip = 10.19.49.0/24 diff --git a/tozt/fail2ban/manifests/init.pp b/tozt/fail2ban/manifests/init.pp new file mode 100644 index 0000000..a050c33 --- /dev/null +++ b/tozt/fail2ban/manifests/init.pp @@ -0,0 +1,20 @@ +class fail2ban { + package { "fail2ban": + ensure => installed; + } + + file { + "/etc/fail2ban/jail.local": + source => "puppet:///modules/fail2ban/jail.local", + require => Package["fail2ban"]; + } + + service { "fail2ban": + ensure => running, + enable => true, + require => [ + File["/etc/fail2ban/jail.local"], + Package["fail2ban"], + ]; + } +} diff --git a/tozt/tozt/manifests/services.pp b/tozt/tozt/manifests/services.pp index 8dfbe5b..1789715 100644 --- a/tozt/tozt/manifests/services.pp +++ b/tozt/tozt/manifests/services.pp @@ -1,4 +1,5 @@ class tozt::services { + include fail2ban include locate include ntp } |