| # Define: fail2ban::filter |
| # |
| # Adds a custom fail2ban filter |
| # Documentation: Manpages & http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 |
| # |
| # Supported arguments: |
| # $filtername - The name you want to give the filter. |
| # If not set, defaults to == $title |
| # filter local file is named after this value, like |
| # $name.local. The suffix "local" is automatically added. |
| # |
| # $filterenable - true / false. If false, the rule _IS NOT ADDED_ to the |
| # filter.local file |
| # Defaults to true |
| # |
| # $filtersource - Sets the content of source parameter for the new filter |
| # It's mutually exclusive with $template. |
| # |
| # $filtertemplate - Template to use when defining a new filter |
| # It's mutually exclusive with $source. |
| # |
| # $filterfailregex - command(s) executed when the jail failregexs. |
| # Can be an array |
| # Used only with $template |
| # |
| # $filterignoreregex - command(s) executed when the jail ignoreregexs. |
| # Can be an array |
| # Used only with $template |
| # |
| # $filterbefore - indicates an filter file that is read before the |
| # [Definition] section. |
| # |
| # $filterafter - indicates an filter file is read after the |
| # [Definition] section. |
| # |
| # $filterdefinitionvars - Variables for the INIT stanza of the filter file. |
| # They are tuples in the format |
| # "var = value" |
| # Can be an array like |
| # [ "var1 = value1", "var2 = value2",.., "varN = valueN" ] |
| # |
| define fail2ban::filter ( |
| $filtername = '', |
| $filtersource = '', |
| $filtertemplate = 'fail2ban/filter.local.erb', |
| $filterfailregex = '', |
| $filterignoreregex = '', |
| $filterbefore = '', |
| $filterafter = '', |
| $filterdefinitionvars = '', |
| $filterenable = true ) { |
| |
| include fail2ban |
| |
| $real_filtername = $filtername ? { |
| '' => $title, |
| default => $filtername, |
| } |
| |
| $filter_file = "${fail2ban::data_dir}/filter.d/${real_filtername}.local" |
| |
| $array_failregex = is_array($filterfailregex) ? { |
| false => $filterfailregex ? { |
| '' => [], |
| default => [$filterfailregex], |
| }, |
| default => $filterfailregex, |
| } |
| |
| $array_ignoreregex = is_array($filterignoreregex) ? { |
| false => $filterignoreregex? { |
| '' => [], |
| default => [$filterignoreregex], |
| }, |
| default => $filterignoreregex, |
| } |
| |
| $array_definitionvars = is_array($filterdefinitionvars) ? { |
| false => $filterdefinitionvars? { |
| '' => [], |
| default => [$filterdefinitionvars], |
| }, |
| default => $filterdefinitionvars, |
| } |
| |
| $ensure = bool2ensure($filterenable) |
| |
| $manage_file_source = $filtersource ? { |
| '' => undef, |
| default => $filtersource, |
| } |
| |
| $manage_file_content = $filtertemplate ? { |
| '' => undef, |
| default => $filtersource ? { |
| '' => template($filtertemplate), |
| default => undef, |
| } |
| } |
| |
| file { "${real_filtername}.local": |
| ensure => $fail2ban::manage_file, |
| path => $filter_file, |
| mode => $fail2ban::config_file_mode, |
| owner => $fail2ban::config_file_owner, |
| group => $fail2ban::config_file_group, |
| require => Package[$fail2ban::package], |
| notify => $fail2ban::manage_service_autorestart, |
| source => $manage_file_source, |
| content => $manage_file_content, |
| replace => $fail2ban::manage_file_replace, |
| audit => $fail2ban::manage_audit, |
| noop => $fail2ban::noops, |
| } |
| |
| } |
