From b3f438821e061bc44fb455e81b997ef048822d48 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Sat, 27 Oct 2018 13:20:19 -0400
Subject: install fail2ban

---
 tozt/fail2ban/files/jail.local  |  4 ++++
 tozt/fail2ban/manifests/init.pp | 20 ++++++++++++++++++++
 tozt/tozt/manifests/services.pp |  1 +
 3 files changed, 25 insertions(+)
 create mode 100644 tozt/fail2ban/files/jail.local
 create mode 100644 tozt/fail2ban/manifests/init.pp

(limited to 'tozt')

diff --git a/tozt/fail2ban/files/jail.local b/tozt/fail2ban/files/jail.local
new file mode 100644
index 0000000..ffa29e1
--- /dev/null
+++ b/tozt/fail2ban/files/jail.local
@@ -0,0 +1,4 @@
+[sshd]
+enabled = true
+backend = systemd
+ignoreip = 10.19.49.0/24
diff --git a/tozt/fail2ban/manifests/init.pp b/tozt/fail2ban/manifests/init.pp
new file mode 100644
index 0000000..a050c33
--- /dev/null
+++ b/tozt/fail2ban/manifests/init.pp
@@ -0,0 +1,20 @@
+class fail2ban {
+  package { "fail2ban":
+    ensure => installed;
+  }
+
+  file {
+    "/etc/fail2ban/jail.local":
+      source => "puppet:///modules/fail2ban/jail.local",
+      require => Package["fail2ban"];
+  }
+
+  service { "fail2ban":
+    ensure => running,
+    enable => true,
+    require => [
+      File["/etc/fail2ban/jail.local"],
+      Package["fail2ban"],
+    ];
+  }
+}
diff --git a/tozt/tozt/manifests/services.pp b/tozt/tozt/manifests/services.pp
index 8dfbe5b..1789715 100644
--- a/tozt/tozt/manifests/services.pp
+++ b/tozt/tozt/manifests/services.pp
@@ -1,4 +1,5 @@
 class tozt::services {
+  include fail2ban
   include locate
   include ntp
 }
-- 
cgit v1.2.3-54-g00ecf