-
-
Notifications
You must be signed in to change notification settings - Fork 104
/
config.pp
88 lines (83 loc) · 2.97 KB
/
config.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# == Class: fail2ban::config
#
class fail2ban::config {
file { 'fail2ban.dir':
ensure => $fail2ban::config_dir_ensure,
path => $fail2ban::config_dir_path,
force => $fail2ban::config_dir_purge,
purge => $fail2ban::config_dir_purge,
recurse => $fail2ban::config_dir_recurse,
source => $fail2ban::config_dir_source,
notify => $fail2ban::config_file_notify,
require => $fail2ban::config_file_require,
}
if $fail2ban::config_file_path {
file { 'fail2ban.conf':
ensure => $fail2ban::config_file_ensure,
path => $fail2ban::config_file_path,
owner => $fail2ban::config_file_owner,
group => $fail2ban::config_file_group,
mode => $fail2ban::config_file_mode,
source => $fail2ban::config_file_source,
content => $fail2ban::config_file_content,
notify => $fail2ban::config_file_notify,
require => $fail2ban::config_file_require,
}
}
# Custom jails definition
create_resources('fail2ban::jail', $fail2ban::custom_jails)
# Operating system specific configuration
case $facts['os']['family'] {
'RedHat': {
# Not using firewalld by now
file { '00-firewalld.conf':
ensure => $fail2ban::manage_firewalld,
path => "${fail2ban::config_dir_path}/jail.d/00-firewalld.conf",
notify => $fail2ban::config_file_notify,
require => $fail2ban::config_file_require,
}
}
'Debian': {
# Remove debian defaults conf
file { 'defaults-debian.conf':
ensure => $fail2ban::manage_defaults,
path => "${fail2ban::config_dir_path}/jail.d/defaults-debian.conf",
require => $fail2ban::config_file_require,
}
}
'Suse':{
# No defaults to deal with
}
default: {
fail("${facts['os']['family']} not supported.")
}
}
if !empty($fail2ban::sendmail_config) or !empty($fail2ban::sendmail_actions) {
file { "${fail2ban::config_dir_path}/action.d":
ensure => 'directory',
notify => $fail2ban::config_file_notify,
require => File[$fail2ban::config_dir_path],
}
file_line { 'sendmail_after_override':
line => 'after = sendmail-common.local',
after => 'before = sendmail-common.conf',
path => "${fail2ban::config_dir_path}/action.d/sendmail-buffered.conf",
notify => $fail2ban::config_file_notify,
require => File["${fail2ban::config_dir_path}/action.d"],
}
file { "${fail2ban::config_dir_path}/action.d/sendmail-common.local":
ensure => $fail2ban::config_file_ensure,
owner => $fail2ban::config_file_owner,
group => $fail2ban::config_file_group,
mode => $fail2ban::config_file_mode,
content => epp("${module_name}/common/sendmail.conf.epp",
{
actions => $fail2ban::sendmail_actions,
config => $fail2ban::sendmail_config,
}
),
notify => $fail2ban::config_file_notify,
require => File["${fail2ban::config_dir_path}/action.d"],
}
}
}