Added fail2ban support for sshd on linux

1 files changed, 31 insertions, 0 deletions

diff --git a/services/applications/fail2ban.cf b/services/applications/fail2ban.cf
new file mode 100644
index 0000000..f2a5ff7
--- /dev/null
+++ b/services/applications/fail2ban.cf
@@ -0,0 +1,31 @@
+bundle agent fail2ban
+{
+    files:
+        linux::
+            "/etc/fail2ban/."
+                create => "true",
+                perms => system_owned("755"),
+                classes => if_repaired("fail2ban_folder_repaired");
+            "/etc/fail2ban/jail.local"
+                perms => system_owned("444"),
+                copy_from => local_cp("$(sys.inputdir)/templates/fail2ban/jail.local"),
+                classes => if_repaired("fail2ban_jail_local_repaired");
+    methods:
+        centos::
+            "any" usebundle => install_package("$(this.bundle)", "fail2ban-shorewall");
+        debian|ubuntu::
+            "any" usebundle => install_package("$(this.bundle)", "fail2ban");
+    services:
+        linux::
+            "fail2ban"
+                service_policy => "start",
+                classes => if_repaired("fail2ban_service_repaired");
+    commands:
+        any::
+            "/usr/sbin/service fail2ban restart" classes => if_repaired("fail2ban_service_repaired"), ifvarclass => "fail2ban_jail_local_repaired";
+    reports:
+        any::
+            "$(this.bundle): /etc/fail2ban folder repaired" ifvarclass => "fail2ban_folder_repaired";
+            "$(this.bundle): jail.local repaired" ifvarclass => "fail2ban_jail_local_repaired";
+            "$(this.bundle): fail2ban service repaired" ifvarclass => "fail2ban_service_repaired";
+}