modules/roles/manifests/security_tracker.pp

   1 class roles::security_tracker {
   2         include apache2::ssl
   3         include apache2::proxy_http
   4         include apache2::expires
   5
   6         # security-tracker abusers
   7         #  66.170.99.1  20189796 excessive number of requests
   8         #  66.170.99.2  20189796 excessive number of requests
   9         @ferm::rule { 'dsa-sectracker-abusers':
  10                 prio  => "000",
  11                 rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
  12         }
  13
  14
  15         ssl::service { 'security-tracker.debian.org':
  16                 notify  => Exec['service apache2 reload'],
  17                 key => true,
  18         }
  19
  20         apache2::site { 'security-tracker.debian.org':
  21                 site   => 'security-tracker.debian.org',
  22                 content => template('roles/apache-security-tracker.debian.org.conf.erb')
  23         }
  24
  25         # traffic shaping http traffic
  26         @ferm::rule { 'dsa-security-tracker-shape':
  27                 table => 'mangle',
  28                 chain => 'OUTPUT',
  29                 rule  => "proto tcp sport 443 MARK set-mark 20",
  30         }
  31
  32         file { '/usr/local/sbin/traffic-shape':
  33                 mode   => '0755',
  34                 content => template('roles/security-tracker/traffic-shape'),
  35                 notify => Exec['/usr/local/sbin/traffic-shape'],
  36         }
  37         exec { '/usr/local/sbin/traffic-shape':
  38                 refreshonly => true
  39         }
  40 }