commit | 3bcea81f8269366a4536f527299aae28c68cda40 | [log] [tgz] |
---|---|---|
author | Javier Bértoli <javier@netmanagers.com.ar> | Mon Apr 29 16:26:21 2013 -0300 |
committer | Javier Bértoli <javier@netmanagers.com.ar> | Mon Apr 29 16:26:21 2013 -0300 |
tree | cc45b9f4f2c710ee908c1491cc54714290a04559 | |
parent | d213d8408ce97463bec0073abbe19d0135fdb9cd [diff] |
Add template to manage fail2ban.conf (see #1) Also corrected some tests and documentation
= Puppet module: fail2ban
This is a Puppet module for fail2ban based on the second generation layout (“NextGen”) of Example42 Puppet Modules.
Made by Javier Bértoli / Netmanagers
Official site: http://www.netmanagers.com.ar
Official git repository: http://github.com/netmanagers/puppet-fail2ban
Released under the terms of Apache 2 License.
This module depends on R.I.Pienaar's concat module (https://github.com/ripienaar/puppet-concat).
This module requires functions provided by the Example42 Puppi module (you need it even if you don't use and install Puppi)
For detailed info about the logic and usage patterns of Example42 modules check the DOCS directory on Example42 main modules set.
All parameters can be set using Hiera. See the manifests to see what can be set.
Install fail2ban with default settings
class { 'fail2ban': }
You can configure and set a jail using fail2ban::jail
fail2ban::jail { 'sshd': port => '22', logpath => '/var/log/secure', maxretry => '2', }
Install a specific version of fail2ban package
class { 'fail2ban': version => '1.0.1', }
Disable fail2ban service.
class { 'fail2ban': disable => true }
Remove fail2ban package
class { 'fail2ban': absent => true }
Enable auditing without without making changes on existing fail2ban configuration files
class { 'fail2ban': audit_only => true }
Module dry-run: Do not make any change on all the resources provided by the module
class { 'fail2ban': noops => true }
== USAGE - Overrides and Customizations
Use custom sources for main config file
class { 'fail2ban': source => [ "puppet:///modules/example42/fail2ban/fail2ban.conf-${hostname}" , "puppet:///modules/example42/fail2ban/fail2ban.conf" ], }
Use custom source directory for the whole configuration dir
class { 'fail2ban': source_dir => 'puppet:///modules/example42/fail2ban/conf/', source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir }
Use custom template for main config file. Note that template and source arguments are alternative.
class { 'fail2ban': template => 'example42/fail2ban/fail2ban.conf.erb', }
Automatically include a custom subclass
class { 'fail2ban': my_class => 'example42::my_fail2ban', }
== USAGE - Example42 extensions management
Activate puppi (recommended, but disabled by default)
class { 'fail2ban': puppi => true, }
Activate puppi and use a custom puppi_helper template (to be provided separately with a puppi::helper define ) to customize the output of puppi commands
class { 'fail2ban': puppi => true, puppi_helper => 'myhelper', }
Activate automatic monitoring (recommended, but disabled by default). This option requires the usage of Example42 monitor and relevant monitor tools modules
class { 'fail2ban': monitor => true, monitor_tool => [ 'nagios' , 'monit' , 'munin' ], }
Activate automatic firewalling. This option requires the usage of Example42 firewall and relevant firewall tools modules
class { 'fail2ban': firewall => true, firewall_tool => 'iptables', firewall_src => '10.42.0.0/24', firewall_dst => $ipaddress_eth0, }
== CONTINUOUS TESTING