modules/fail2ban/manifests/init.pp

   1 class fail2ban {
   2         package { 'fail2ban':
   3                 ensure => installed,
   4         }
   5
   6         service { 'fail2ban':
   7                 ensure  => running,
   8         }
   9
  10         @ferm::conf { 'f2b':
  11                 content  => @(EOF),
  12                                 @hook post  "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
  13                                 @hook flush "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
  14                                 | EOF
  15         }
  16
  17         # XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe:  versioncmp($::lsbmajdistrelease, '9') <= 0
  18         concat::fragment { 'dsa-puppet-stuff--fail2ban-cleanup':
  19                 target => '/etc/cron.d/dsa-puppet-stuff',
  20                 content  => @(EOF)
  21                         17 * * * * root python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
  22                         | EOF
  23         }
  24
  25 }