summaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
authorJulien Dessaux2018-05-02 13:41:00 +0200
committerJulien Dessaux2018-05-02 14:23:30 +0200
commitb5de62baf8703d3597edd5e2bf7a7212c7d41a05 (patch)
tree995a6ddd04b1dc40839caa19f7f1923cbae7a295 /services
parentFinished adding ipv6 addresses on all openvpn intercos (diff)
downloadmasterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.gz
masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.tar.bz2
masterfiles-b5de62baf8703d3597edd5e2bf7a7212c7d41a05.zip
Added fail2ban support for sshd on linux
Diffstat (limited to 'services')
-rw-r--r--services/applications.cf1
-rw-r--r--services/applications/fail2ban.cf31
-rw-r--r--services/main.cf3
3 files changed, 34 insertions, 1 deletions
diff --git a/services/applications.cf b/services/applications.cf
index 84b1938..944b990 100644
--- a/services/applications.cf
+++ b/services/applications.cf
@@ -3,6 +3,7 @@ body file control
inputs => {
"services/applications/bareos_fd.cf",
"services/applications/check_mk.cf",
+ "services/applications/fail2ban.cf",
"services/applications/fcgiwrap.cf",
"services/applications/nagios.cf",
"services/applications/nginx.cf",
diff --git a/services/applications/fail2ban.cf b/services/applications/fail2ban.cf
new file mode 100644
index 0000000..f2a5ff7
--- /dev/null
+++ b/services/applications/fail2ban.cf
@@ -0,0 +1,31 @@
+bundle agent fail2ban
+{
+ files:
+ linux::
+ "/etc/fail2ban/."
+ create => "true",
+ perms => system_owned("755"),
+ classes => if_repaired("fail2ban_folder_repaired");
+ "/etc/fail2ban/jail.local"
+ perms => system_owned("444"),
+ copy_from => local_cp("$(sys.inputdir)/templates/fail2ban/jail.local"),
+ classes => if_repaired("fail2ban_jail_local_repaired");
+ methods:
+ centos::
+ "any" usebundle => install_package("$(this.bundle)", "fail2ban-shorewall");
+ debian|ubuntu::
+ "any" usebundle => install_package("$(this.bundle)", "fail2ban");
+ services:
+ linux::
+ "fail2ban"
+ service_policy => "start",
+ classes => if_repaired("fail2ban_service_repaired");
+ commands:
+ any::
+ "/usr/sbin/service fail2ban restart" classes => if_repaired("fail2ban_service_repaired"), ifvarclass => "fail2ban_jail_local_repaired";
+ reports:
+ any::
+ "$(this.bundle): /etc/fail2ban folder repaired" ifvarclass => "fail2ban_folder_repaired";
+ "$(this.bundle): jail.local repaired" ifvarclass => "fail2ban_jail_local_repaired";
+ "$(this.bundle): fail2ban service repaired" ifvarclass => "fail2ban_service_repaired";
+}
diff --git a/services/main.cf b/services/main.cf
index 31e20d5..6a688d4 100644
--- a/services/main.cf
+++ b/services/main.cf
@@ -58,7 +58,8 @@ bundle agent main
{
methods:
linux.!containers::
- "andromeda" usebundle => openvpn;
+ "any" usebundle => fail2ban;
+ "any" usebundle => openvpn;
nagios::
"nagios" usebundle => nagios;
}