From 718d1a4d36580cd402f0f108955f5ebf788d38d1 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:21:34 +0200 Subject: move fail2ban to separate manifest file --- .../etc/puppet/modules/sunet/manifests/fail2ban.pp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp new file mode 100644 index 0000000..8dc6e31 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -0,0 +1,20 @@ +class sunet::fail2ban { + + include augeas + + package {'fail2ban': + ensure => 'latest' + } -> + service {'fail2ban': + ensure => 'running' + } + augeas { "fail2ban_defaults": + context => "/files/etc/fail2ban/jail.conf", + incl => "/etc/fail2ban/jail.conf", + lens => "Shellvars.lns", + changes => [ + 'set bantime "600800"', + ], + notify => Service['fail2ban'], + } +} -- cgit v1.1 From f1b1cd5c7991f13f11f1b93851ec01269975c863 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:25:45 +0200 Subject: fail2ban is an ini file --- global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index 8dc6e31..c63215e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -11,7 +11,7 @@ class sunet::fail2ban { augeas { "fail2ban_defaults": context => "/files/etc/fail2ban/jail.conf", incl => "/etc/fail2ban/jail.conf", - lens => "Shellvars.lns", + lens => "IniFile.lns", changes => [ 'set bantime "600800"', ], -- cgit v1.1 From 48d88a05e6b4797de2f28d6edc382e4c5cf101fa Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:31:29 +0200 Subject: fail2ban is an ini file --- global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index c63215e..a9911da 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -11,7 +11,7 @@ class sunet::fail2ban { augeas { "fail2ban_defaults": context => "/files/etc/fail2ban/jail.conf", incl => "/etc/fail2ban/jail.conf", - lens => "IniFile.lns", + lens => "Puppet.lns", changes => [ 'set bantime "600800"', ], -- cgit v1.1 From 967476dd7570ad6c9400096bb46d21faf4306117 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:39:54 +0200 Subject: client version --- .../overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index a9911da..01a9662 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -1,20 +1,14 @@ class sunet::fail2ban { - include augeas - package {'fail2ban': ensure => 'latest' } -> service {'fail2ban': ensure => 'running' } - augeas { "fail2ban_defaults": - context => "/files/etc/fail2ban/jail.conf", - incl => "/etc/fail2ban/jail.conf", - lens => "Puppet.lns", - changes => [ - 'set bantime "600800"', - ], - notify => Service['fail2ban'], + exec {"fail2ban_defaults": + refreshonly => true, + subscribe => Service['fail2ban'], + command => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800" } } -- cgit v1.1