Puppet Class: fail2ban

Inherits:
::fail2ban::params
Defined in:
manifests/init.pp

Overview

Class: fail2ban

Parameters:

  • package_ensure (Any) (defaults to: 'present')
  • package_name (Any) (defaults to: $::fail2ban::params::package_name)
  • package_list (Any) (defaults to: $::fail2ban::params::package_list)
  • config_dir_path (Any) (defaults to: $::fail2ban::params::config_dir_path)
  • config_dir_filter_path (Any) (defaults to: $::fail2ban::params::config_dir_filter_path)
  • config_dir_purge (Any) (defaults to: false)
  • config_dir_recurse (Any) (defaults to: true)
  • config_dir_source (Any) (defaults to: undef)
  • config_file_path (Any) (defaults to: $::fail2ban::params::config_file_path)
  • config_file_owner (Any) (defaults to: $::fail2ban::params::config_file_owner)
  • config_file_group (Any) (defaults to: $::fail2ban::params::config_file_group)
  • config_file_mode (Any) (defaults to: $::fail2ban::params::config_file_mode)
  • config_file_source (Any) (defaults to: undef)
  • config_file_string (Any) (defaults to: undef)
  • config_file_template (Any) (defaults to: undef)
  • config_file_notify (Any) (defaults to: $::fail2ban::params::config_file_notify)
  • config_file_require (Any) (defaults to: $::fail2ban::params::config_file_require)
  • config_file_hash (Any) (defaults to: {})
  • config_file_options_hash (Any) (defaults to: {})
  • service_ensure (Any) (defaults to: 'running')
  • service_name (Any) (defaults to: $::fail2ban::params::service_name)
  • service_enable (Any) (defaults to: true)
  • action (Any) (defaults to: 'action_mb')
  • bantime (Any) (defaults to: 432000)
  • email (Any) (defaults to: "fail2ban@${::domain}")
  • jails (Any) (defaults to: ['ssh', 'ssh-ddos'])
  • maxretry (Any) (defaults to: 3)
  • whitelist (Any) (defaults to: ['127.0.0.1/8', '192.168.56.0/24'])
  • custom_jails (Any) (defaults to: undef) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'manifests/init.pp', line 3

class fail2ban (
  $package_ensure           = 'present',
  $package_name             = $::fail2ban::params::package_name,
  $package_list             = $::fail2ban::params::package_list,

  $config_dir_path          = $::fail2ban::params::config_dir_path,
  $config_dir_filter_path   = $::fail2ban::params::config_dir_filter_path,
  $config_dir_purge         = false,
  $config_dir_recurse       = true,
  $config_dir_source        = undef,

  $config_file_path         = $::fail2ban::params::config_file_path,
  $config_file_owner        = $::fail2ban::params::config_file_owner,
  $config_file_group        = $::fail2ban::params::config_file_group,
  $config_file_mode         = $::fail2ban::params::config_file_mode,
  $config_file_source       = undef,
  $config_file_string       = undef,
  $config_file_template     = undef,

  $config_file_notify       = $::fail2ban::params::config_file_notify,
  $config_file_require      = $::fail2ban::params::config_file_require,

  $config_file_hash         = {},
  $config_file_options_hash = {},

  $service_ensure           = 'running',
  $service_name             = $::fail2ban::params::service_name,
  $service_enable           = true,

  $action                   = 'action_mb',
  $bantime                  = 432000,
  $email                    = "fail2ban@${::domain}",
  $jails                    = ['ssh', 'ssh-ddos'],
  $maxretry                 = 3,
  $whitelist                = ['127.0.0.1/8', '192.168.56.0/24'],
  $custom_jails             = undef,
) inherits ::fail2ban::params {
  validate_re($package_ensure, '^(absent|latest|present|purged)$')
  validate_string($package_name)
  if $package_list { validate_array($package_list) }

  validate_absolute_path($config_dir_path)
  validate_bool($config_dir_purge)
  validate_bool($config_dir_recurse)
  if $config_dir_source { validate_string($config_dir_source) }

  validate_absolute_path($config_file_path)
  validate_string($config_file_owner)
  validate_string($config_file_group)
  validate_string($config_file_mode)
  if $config_file_source { validate_string($config_file_source) }
  if $config_file_string { validate_string($config_file_string) }
  if $config_file_template { validate_string($config_file_template) }

  validate_string($config_file_notify)
  validate_string($config_file_require)

  validate_hash($config_file_hash)
  validate_hash($config_file_options_hash)

  validate_re($service_ensure, '^(running|stopped)$')
  validate_string($service_name)
  validate_bool($service_enable)

  $config_file_content = default_content($config_file_string, $config_file_template)

  if $config_file_hash {
    create_resources('fail2ban::define', $config_file_hash)
  }

  if $package_ensure == 'absent' {
    $config_dir_ensure  = 'directory'
    $config_file_ensure = 'present'
    $_service_ensure    = 'stopped'
    $_service_enable    = false
  } elsif $package_ensure == 'purged' {
    $config_dir_ensure  = 'absent'
    $config_file_ensure = 'absent'
    $_service_ensure    = 'stopped'
    $_service_enable    = false
  } else {
    $config_dir_ensure  = 'directory'
    $config_file_ensure = 'present'
    $_service_ensure    = $service_ensure
    $_service_enable    = $service_enable
  }

  validate_re($config_dir_ensure, '^(absent|directory)$')
  validate_re($config_file_ensure, '^(absent|present)$')

  anchor { 'fail2ban::begin': } ->
  class { '::fail2ban::install': } ->
  class { '::fail2ban::config': } ~>
  class { '::fail2ban::service': } ->
  anchor { 'fail2ban::end': }
}