X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_tracker.pp;h=a5ea890c07f0ba85a93332dd83b1de3e053440b3;hb=1dee729d00307f93d600b5bb6902494bd30a4484;hp=40ed08a76d7b86d1691780f534102e4152540305;hpb=77bfd7351d9585910a6d3d59e0b88de80ec35bb5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index 40ed08a76..a5ea890c0 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,31 +1,45 @@
 class roles::security_tracker {
-	include apache2::ssl
-	include apache2::proxy_http
-	include apache2::expires
+  include apache2
+  include apache2::ssl
+  include apache2::proxy_http
+  include apache2::expires
 
-	ssl::service { 'security-tracker.debian.org':
-		notify  => Exec['service apache2 reload'],
-		key => true,
-	}
+  apache2::module { 'cache_disk':
+    ensure => absent,
+  }
 
-	apache2::site { 'security-tracker.debian.org':
-		site   => 'security-tracker.debian.org',
-		content => template('roles/apache-security-tracker.debian.org.conf.erb')
-	}
+  # security-tracker abusers
+  #  66.170.99.1  20180706 excessive number of requests
+  #  66.170.99.2  20180706 excessive number of requests
+  ferm::rule { 'dsa-sectracker-abusers':
+    prio => '005',
+    rule => 'saddr (66.170.99.1 66.170.99.2) DROP',
+  }
 
-	# traffic shaping http traffic
-	@ferm::rule { 'dsa-security-tracker-shape':
-		table => 'mangle',
-		chain => 'OUTPUT',
-		rule  => "proto tcp dport 443 MARK set-mark 20",
-	}
 
-	file { '/usr/local/sbin/traffic-shape':
-		mode   => '0755',
-		content => template('roles/security-tracker/traffic-shape'),
-		notify => Exec['/usr/local/sbin/traffic-shape'],
-	}
-	exec { '/usr/local/sbin/traffic-shape':
-		refreshonly => true
-	}
+  ssl::service { 'security-tracker.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+
+  apache2::site { 'security-tracker.debian.org':
+    site    => 'security-tracker.debian.org',
+    content => template('roles/apache-security-tracker.debian.org.conf.erb')
+  }
+
+  # traffic shaping http traffic
+  #ferm::rule { 'dsa-security-tracker-shape':
+  #  table => 'mangle',
+  #  chain => 'OUTPUT',
+  #  rule  => 'proto tcp sport 443 MARK set-mark 20',
+  #}
+
+  file { '/usr/local/sbin/traffic-shape':
+    mode    => '0755',
+    content => template('roles/security-tracker/traffic-shape'),
+    notify  => Exec['/usr/local/sbin/traffic-shape'],
+  }
+  exec { '/usr/local/sbin/traffic-shape':
+    refreshonly => true
+  }
 }