projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
eximconf: add an alternative SMTP router for "single domain" domains
[mirror/dsa-puppet.git]
/
modules
/
fail2ban
/
manifests
/
init.pp
diff --git
a/modules/fail2ban/manifests/init.pp
b/modules/fail2ban/manifests/init.pp
index
74a650b
..
f4f7b9f
100644
(file)
--- a/
modules/fail2ban/manifests/init.pp
+++ b/
modules/fail2ban/manifests/init.pp
@@
-12,27
+12,34
@@
class fail2ban {
notify => Service['fail2ban'],
}
notify => Service['fail2ban'],
}
-
@
ferm::conf { 'f2b':
+ ferm::conf { 'f2b':
content => @(EOF),
@hook post "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
@hook flush "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
| EOF
}
content => @(EOF),
@hook post "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
@hook flush "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
| EOF
}
-
@ferm::rule { 'dsa-f2b-setup
':
+
ferm::rule { 'dsa-f2b-setup1
':
prio => '005',
description => 'f2b master rule',
prio => '005',
description => 'f2b master rule',
- chain => '
INPUT
',
+ chain => '
dsa-f2b
',
domain => '(ip ip6)',
domain => '(ip ip6)',
- rule => '
saddr 0/0 @subchain "dsa-f2b" {}
',
+ rule => '',
notarule => true,
}
notarule => true,
}
+ ferm::rule { 'dsa-f2b-setup2':
+ prio => '005',
+ description => 'f2b master rule',
+ chain => 'INPUT',
+ domain => '(ip ip6)',
+ rule => 'jump dsa-f2b',
+ }
# XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe: versioncmp($::lsbmajdistrelease, '9') <= 0
# XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe: versioncmp($::lsbmajdistrelease, '9') <= 0
- concat::fragment { '
dsa-puppet-stuff
--fail2ban-cleanup':
- target => '/etc/cron.d/
dsa-puppet-stuff
',
+ concat::fragment { '
puppet-crontab
--fail2ban-cleanup':
+ target => '/etc/cron.d/
puppet-crontab
',
content => @(EOF)
content => @(EOF)
- 17 * * * * root python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
+ 17 * * * * root
chronic
python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
| EOF
}
| EOF
}