From b5de62baf8703d3597edd5e2bf7a7212c7d41a05 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Wed, 2 May 2018 13:41:00 +0200
Subject: Added fail2ban support for sshd on linux

---
 services/applications/fail2ban.cf | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 services/applications/fail2ban.cf

(limited to 'services/applications')

diff --git a/services/applications/fail2ban.cf b/services/applications/fail2ban.cf
new file mode 100644
index 0000000..f2a5ff7
--- /dev/null
+++ b/services/applications/fail2ban.cf
@@ -0,0 +1,31 @@
+bundle agent fail2ban
+{
+    files:
+        linux::
+            "/etc/fail2ban/."
+                create => "true",
+                perms => system_owned("755"),
+                classes => if_repaired("fail2ban_folder_repaired");
+            "/etc/fail2ban/jail.local"
+                perms => system_owned("444"),
+                copy_from => local_cp("$(sys.inputdir)/templates/fail2ban/jail.local"),
+                classes => if_repaired("fail2ban_jail_local_repaired");
+    methods:
+        centos::
+            "any" usebundle => install_package("$(this.bundle)", "fail2ban-shorewall");
+        debian|ubuntu::
+            "any" usebundle => install_package("$(this.bundle)", "fail2ban");
+    services:
+        linux::
+            "fail2ban"
+                service_policy => "start",
+                classes => if_repaired("fail2ban_service_repaired");
+    commands:
+        any::
+            "/usr/sbin/service fail2ban restart" classes => if_repaired("fail2ban_service_repaired"), ifvarclass => "fail2ban_jail_local_repaired";
+    reports:
+        any::
+            "$(this.bundle): /etc/fail2ban folder repaired" ifvarclass => "fail2ban_folder_repaired";
+            "$(this.bundle): jail.local repaired" ifvarclass => "fail2ban_jail_local_repaired";
+            "$(this.bundle): fail2ban service repaired" ifvarclass => "fail2ban_service_repaired";
+}
-- 
cgit v1.2.3