Use the actual default Debian Stretch configuration for jail.conf #77
Conversation
The provided template was an adaptation of the previous Debian release (Jessie) with minor adjustments. The actual file happen to be very different.
smortex
changed the title
Debian stretch does not have an imap3 entry in /etc/service, but this port is referenced in the default jail.conf configuration file. THe problem was addressed upstream, but the fix was not rolled-out to the Debian package: fail2ban/fail2ban#1942 Fix this locally so that these jails do not fail to start.
smortex
force-pushed
the
debian-stretch-imap3
branch
from
ee3f76b
to
0610901
Compare
bastelfreak
added
enhancement
|
Hi @smortex , thanks for the patch! can you please also add debian 9 to the metadata.json? Are you interested in turning this into a epp template? that would make the required testing way easier. |
|
Hi @bastelfreak ! I added a commit to include Debian 9 in metadata.json. I believe that switching to epp is a good idea, but it seems that this need quite some work. As far as I understand, templates are rendered by extlib with default_content(). This function can currently only call So the first step might be to check if Do you think this is an issue? |
|
Rubocop test timed-out before starting on Travis-CI. I want my green ✔️! |
|
Thanks for the work @smortex. We are doing a new extlib release in voxpupuli/puppet-extlib#104. If you're interested you can convert the template after it got released from erb to epp. |
Pull Request (PR) description
While trying to fix a problem with the Debian Stretch template (imap3 port is not defined in Debian Stretch), I realized that the default template of
jail.confon Debian Stretch is a slightly modified version of the default template for Debian Jessie, and not the actual default files provided in Debian Stretch.As stated in this configuration file,
jail.confhas been heavily refactored in 0.9.0 release.This pull-request integrates the actual default template, adjusted to allow customization through the module.
In order to ease-up reviewing, here is a diff between the original file as provided in the Debian package and the template included in this PR.
The enabled lines have been checked to match the sections names, and only the
sshdandsshd-ddosdo not match the enabled lines in to match the other templates.This incidentally fixes the root problem addressed in #75, but if this PR is accepted, I can follow-up in that other PR to include the acceptance tests.
This Pull Request (PR) fixes the following issues
n/a