From 66bdc0aa2a29678f7628270ca50a1ce8fcd205fb Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Tue, 19 Feb 2019 02:36:58 -0500
Subject: configure fail2ban separately for each host

since mail isn't going to be running nginx directly
---
 modules/fail2ban/files/jail.local           |  8 --------
 modules/fail2ban/files/nginx-botsearch.conf |  3 +++
 modules/fail2ban/files/sshd.conf            |  3 +++
 modules/fail2ban/manifests/jail.pp          | 13 +++++++++++++
 4 files changed, 19 insertions(+), 8 deletions(-)
 create mode 100644 modules/fail2ban/files/nginx-botsearch.conf
 create mode 100644 modules/fail2ban/files/sshd.conf
 create mode 100644 modules/fail2ban/manifests/jail.pp

(limited to 'modules/fail2ban')

diff --git a/modules/fail2ban/files/jail.local b/modules/fail2ban/files/jail.local
index 00329d7..574fe43 100644
--- a/modules/fail2ban/files/jail.local
+++ b/modules/fail2ban/files/jail.local
@@ -1,10 +1,2 @@
 [DEFAULT]
 bantime = 1d
-
-[sshd]
-enabled = true
-ignoreip = 10.19.49.0/24
-
-[nginx-botsearch]
-enabled = true
-logpath = /var/log/nginx/*.log
diff --git a/modules/fail2ban/files/nginx-botsearch.conf b/modules/fail2ban/files/nginx-botsearch.conf
new file mode 100644
index 0000000..6389ef6
--- /dev/null
+++ b/modules/fail2ban/files/nginx-botsearch.conf
@@ -0,0 +1,3 @@
+[nginx-botsearch]
+enabled = true
+logpath = /var/log/nginx/*.log
diff --git a/modules/fail2ban/files/sshd.conf b/modules/fail2ban/files/sshd.conf
new file mode 100644
index 0000000..8e3b6f6
--- /dev/null
+++ b/modules/fail2ban/files/sshd.conf
@@ -0,0 +1,3 @@
+[sshd]
+enabled = true
+ignoreip = 10.19.49.0/24
diff --git a/modules/fail2ban/manifests/jail.pp b/modules/fail2ban/manifests/jail.pp
new file mode 100644
index 0000000..4e4ece3
--- /dev/null
+++ b/modules/fail2ban/manifests/jail.pp
@@ -0,0 +1,13 @@
+define fail2ban::jail($source=undef) {
+  include fail2ban
+
+  $_source = $source ? {
+    undef => "puppet:///modules/fail2ban/${name}.conf",
+    default => $source,
+  }
+
+  file { "/etc/fail2ban/jail.d/${name}.conf":
+    source => $_source,
+    require => Package["fail2ban"];
+  }
+}
-- 
cgit v1.2.3-54-g00ecf