modules/roles/manifests/security_tracker.pp

   1 class roles::security_tracker {
   2   include apache2
   3   include apache2::ssl
   4   include apache2::proxy_http
   5   include apache2::expires
   6
   7   apache2::module { 'cache_disk':
   8     ensure => absent,
   9   }
  10
  11   # security-tracker abusers
  12   #  66.170.99.1  20180706 excessive number of requests
  13   #  66.170.99.2  20180706 excessive number of requests
  14   ferm::rule { 'dsa-sectracker-abusers':
  15     prio => '005',
  16     rule => 'saddr (66.170.99.1 66.170.99.2) DROP',
  17   }
  18
  19
  20   ssl::service { 'security-tracker.debian.org':
  21     notify => Exec['service apache2 reload'],
  22     key    => true,
  23   }
  24
  25   apache2::site { 'security-tracker.debian.org':
  26     site    => 'security-tracker.debian.org',
  27     content => template('roles/apache-security-tracker.debian.org.conf.erb')
  28   }
  29
  30   # traffic shaping http traffic
  31   #ferm::rule { 'dsa-security-tracker-shape':
  32   #  table => 'mangle',
  33   #  chain => 'OUTPUT',
  34   #  rule  => 'proto tcp sport 443 MARK set-mark 20',
  35   #}
  36
  37   file { '/usr/local/sbin/traffic-shape':
  38     mode    => '0755',
  39     content => template('roles/security-tracker/traffic-shape'),
  40     notify  => Exec['/usr/local/sbin/traffic-shape'],
  41   }
  42   exec { '/usr/local/sbin/traffic-shape':
  43     refreshonly => true
  44   }
  45 }