diff options
author | Julien Dessaux | 2018-05-02 13:41:00 +0200 |
---|---|---|
committer | Julien Dessaux | 2018-05-02 14:23:30 +0200 |
commit | b5de62baf8703d3597edd5e2bf7a7212c7d41a05 (patch) | |
tree | 995a6ddd04b1dc40839caa19f7f1923cbae7a295 /services | |
parent | Finished adding ipv6 addresses on all openvpn intercos (diff) | |
download | masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.gz masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.bz2 masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.zip |
Added fail2ban support for sshd on linux
Diffstat (limited to 'services')
-rw-r--r-- | services/applications.cf | 1 | ||||
-rw-r--r-- | services/applications/fail2ban.cf | 31 | ||||
-rw-r--r-- | services/main.cf | 3 |
3 files changed, 34 insertions, 1 deletions
diff --git a/services/applications.cf b/services/applications.cf index 84b1938..944b990 100644 --- a/services/applications.cf +++ b/services/applications.cf @@ -3,6 +3,7 @@ body file control inputs => { "services/applications/bareos_fd.cf", "services/applications/check_mk.cf", + "services/applications/fail2ban.cf", "services/applications/fcgiwrap.cf", "services/applications/nagios.cf", "services/applications/nginx.cf", diff --git a/services/applications/fail2ban.cf b/services/applications/fail2ban.cf new file mode 100644 index 0000000..f2a5ff7 --- /dev/null +++ b/services/applications/fail2ban.cf @@ -0,0 +1,31 @@ +bundle agent fail2ban +{ + files: + linux:: + "/etc/fail2ban/." + create => "true", + perms => system_owned("755"), + classes => if_repaired("fail2ban_folder_repaired"); + "/etc/fail2ban/jail.local" + perms => system_owned("444"), + copy_from => local_cp("$(sys.inputdir)/templates/fail2ban/jail.local"), + classes => if_repaired("fail2ban_jail_local_repaired"); + methods: + centos:: + "any" usebundle => install_package("$(this.bundle)", "fail2ban-shorewall"); + debian|ubuntu:: + "any" usebundle => install_package("$(this.bundle)", "fail2ban"); + services: + linux:: + "fail2ban" + service_policy => "start", + classes => if_repaired("fail2ban_service_repaired"); + commands: + any:: + "/usr/sbin/service fail2ban restart" classes => if_repaired("fail2ban_service_repaired"), ifvarclass => "fail2ban_jail_local_repaired"; + reports: + any:: + "$(this.bundle): /etc/fail2ban folder repaired" ifvarclass => "fail2ban_folder_repaired"; + "$(this.bundle): jail.local repaired" ifvarclass => "fail2ban_jail_local_repaired"; + "$(this.bundle): fail2ban service repaired" ifvarclass => "fail2ban_service_repaired"; +} diff --git a/services/main.cf b/services/main.cf index 31e20d5..6a688d4 100644 --- a/services/main.cf +++ b/services/main.cf @@ -58,7 +58,8 @@ bundle agent main { methods: linux.!containers:: - "andromeda" usebundle => openvpn; + "any" usebundle => fail2ban; + "any" usebundle => openvpn; nagios:: "nagios" usebundle => nagios; } |