summaryrefslogtreecommitdiff
path: root/services/applications
diff options
context:
space:
mode:
authorJulien Dessaux2018-05-02 13:41:00 +0200
committerJulien Dessaux2018-05-02 14:23:30 +0200
commitb5de62baf8703d3597edd5e2bf7a7212c7d41a05 (patch)
tree995a6ddd04b1dc40839caa19f7f1923cbae7a295 /services/applications
parentFinished adding ipv6 addresses on all openvpn intercos (diff)
downloadmasterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.gz
masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.bz2
masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.zip
Added fail2ban support for sshd on linux
Diffstat (limited to 'services/applications')
-rw-r--r--services/applications/fail2ban.cf31
1 files changed, 31 insertions, 0 deletions
diff --git a/services/applications/fail2ban.cf b/services/applications/fail2ban.cf
new file mode 100644
index 0000000..f2a5ff7
--- /dev/null
+++ b/services/applications/fail2ban.cf
@@ -0,0 +1,31 @@
+bundle agent fail2ban
+{
+ files:
+ linux::
+ "/etc/fail2ban/."
+ create => "true",
+ perms => system_owned("755"),
+ classes => if_repaired("fail2ban_folder_repaired");
+ "/etc/fail2ban/jail.local"
+ perms => system_owned("444"),
+ copy_from => local_cp("$(sys.inputdir)/templates/fail2ban/jail.local"),
+ classes => if_repaired("fail2ban_jail_local_repaired");
+ methods:
+ centos::
+ "any" usebundle => install_package("$(this.bundle)", "fail2ban-shorewall");
+ debian|ubuntu::
+ "any" usebundle => install_package("$(this.bundle)", "fail2ban");
+ services:
+ linux::
+ "fail2ban"
+ service_policy => "start",
+ classes => if_repaired("fail2ban_service_repaired");
+ commands:
+ any::
+ "/usr/sbin/service fail2ban restart" classes => if_repaired("fail2ban_service_repaired"), ifvarclass => "fail2ban_jail_local_repaired";
+ reports:
+ any::
+ "$(this.bundle): /etc/fail2ban folder repaired" ifvarclass => "fail2ban_folder_repaired";
+ "$(this.bundle): jail.local repaired" ifvarclass => "fail2ban_jail_local_repaired";
+ "$(this.bundle): fail2ban service repaired" ifvarclass => "fail2ban_service_repaired";
+}