templates/jail.local.erb - puppet-fail2ban - Git at Google

 # This file is managed by Puppet. DO NOT EDIT.
 [DEFAULT]
 ignoreip = <%= scope.lookupvar('fail2ban::ignoreip') * ' ' %>
 bantime  = <%= scope.lookupvar('fail2ban::bantime') %>
 findtime = <%= scope.lookupvar('fail2ban::findtime') %>
 maxretry = <%= scope.lookupvar('fail2ban::maxretry') %>
 backend  = <%= scope.lookupvar('fail2ban::backend') %>

 [imap-iptables]
 enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "imap" %>
 filter   = dovecot
 action   = iptables[name=IMAP, port=imap, protocol=tcp]
 <% unless scope.lookupvar('fail2ban::mailto').empty? -%>
            sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
 <% end -%>
 logpath  = /var/log/maillog
 maxretry = 5

 [pop3-iptables]
 enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "pop3" %>
 filter   = mail
 action   = iptables[name=POP3, port=pop3, protocol=tcp]
 <% unless scope.lookupvar('fail2ban::mailto').empty? -%>
            sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
 <% end -%>
 logpath  = /var/log/maillog
 maxretry = 5

 [ssh-iptables]
 enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "ssh" %>
 filter   = sshd
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 <% unless scope.lookupvar('fail2ban::mailto').empty? -%>
            sendmail-whois[name=SSH, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
 <% end -%>
 <% if @operatingsystem == "Debian" -%>
 logpath  = /var/log/auth.log
 <% else -%>
 logpath  = /var/log/secure
 <% end -%>
 maxretry = 5

 [vsftpd-iptables]
 enabled  = <%= scope.lookupvar('fail2ban::array_jails').include? "vsftpd" %>
 filter   = vsftpd
 action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
 <% unless scope.lookupvar('fail2ban::mailto').empty? -%>
            sendmail-whois[name=VSFTPD, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
 <% end -%>
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
	# This file is managed by Puppet. DO NOT EDIT.
	[DEFAULT]
	ignoreip = <%= scope.lookupvar('fail2ban::ignoreip') * ' ' %>
	bantime = <%= scope.lookupvar('fail2ban::bantime') %>
	findtime = <%= scope.lookupvar('fail2ban::findtime') %>
	maxretry = <%= scope.lookupvar('fail2ban::maxretry') %>
	backend = <%= scope.lookupvar('fail2ban::backend') %>

	[imap-iptables]
	enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "imap" %>
	filter = dovecot
	action = iptables[name=IMAP, port=imap, protocol=tcp]
	<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
	sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
	<% end -%>
	logpath = /var/log/maillog
	maxretry = 5

	[pop3-iptables]
	enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "pop3" %>
	filter = mail
	action = iptables[name=POP3, port=pop3, protocol=tcp]
	<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
	sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
	<% end -%>
	logpath = /var/log/maillog
	maxretry = 5

	[ssh-iptables]
	enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "ssh" %>
	filter = sshd
	action = iptables[name=SSH, port=ssh, protocol=tcp]
	<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
	sendmail-whois[name=SSH, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
	<% end -%>
	<% if @operatingsystem == "Debian" -%>
	logpath = /var/log/auth.log
	<% else -%>
	logpath = /var/log/secure
	<% end -%>
	maxretry = 5

	[vsftpd-iptables]
	enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "vsftpd" %>
	filter = vsftpd
	action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
	<% unless scope.lookupvar('fail2ban::mailto').empty? -%>
	sendmail-whois[name=VSFTPD, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>]
	<% end -%>
	logpath = /var/log/vsftpd.log
	maxretry = 5
	bantime = 1800