From b276bf874199b842a8e7fd2ce25b9103c39b61ae Mon Sep 17 00:00:00 2001 From: Daniel Fancsali Date: Tue, 4 May 2021 17:28:03 +0100 Subject: [PATCH] Types to install fail2ban - Install fail2ban server and client - Configure path overrides - Enable and configure jails --- cdist/conf/type/__fail2ban/gencode-remote | 24 +++++++++ cdist/conf/type/__fail2ban/man.rst | 53 +++++++++++++++++++ cdist/conf/type/__fail2ban/manifest | 43 +++++++++++++++ .../__fail2ban/parameter/optional_multiple | 1 + cdist/conf/type/__fail2ban/singleton | 0 .../conf/type/__fail2ban_jail/gencode-remote | 22 ++++++++ cdist/conf/type/__fail2ban_jail/man.rst | 53 +++++++++++++++++++ cdist/conf/type/__fail2ban_jail/manifest | 46 ++++++++++++++++ cdist/conf/type/__fail2ban_jail/nonparallel | 0 .../parameter/optional_multiple | 1 + 10 files changed, 243 insertions(+) create mode 100755 cdist/conf/type/__fail2ban/gencode-remote create mode 100644 cdist/conf/type/__fail2ban/man.rst create mode 100755 cdist/conf/type/__fail2ban/manifest create mode 100644 cdist/conf/type/__fail2ban/parameter/optional_multiple create mode 100644 cdist/conf/type/__fail2ban/singleton create mode 100755 cdist/conf/type/__fail2ban_jail/gencode-remote create mode 100644 cdist/conf/type/__fail2ban_jail/man.rst create mode 100755 cdist/conf/type/__fail2ban_jail/manifest create mode 100644 cdist/conf/type/__fail2ban_jail/nonparallel create mode 100644 cdist/conf/type/__fail2ban_jail/parameter/optional_multiple diff --git a/cdist/conf/type/__fail2ban/gencode-remote b/cdist/conf/type/__fail2ban/gencode-remote new file mode 100755 index 00000000..900d054e --- /dev/null +++ b/cdist/conf/type/__fail2ban/gencode-remote @@ -0,0 +1,24 @@ +#!/bin/sh -e +# +# 2021 Daniel Fancsali (fancsali@gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +if [ -f "$__object/parameter/path-override" ]; then + echo "fail2ban-client reload" +fi diff --git a/cdist/conf/type/__fail2ban/man.rst b/cdist/conf/type/__fail2ban/man.rst new file mode 100644 index 00000000..81743d15 --- /dev/null +++ b/cdist/conf/type/__fail2ban/man.rst @@ -0,0 +1,53 @@ +cdist-type__fail2ban(7) +======================= + +NAME +---- +cdist-type__fail2ban - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __fail2ban + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Daniel Fancsali + + +COPYING +------- +Copyright \(C) 2021 Daniel Fancsali. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__fail2ban/manifest b/cdist/conf/type/__fail2ban/manifest new file mode 100755 index 00000000..2a954743 --- /dev/null +++ b/cdist/conf/type/__fail2ban/manifest @@ -0,0 +1,43 @@ +#!/bin/sh -e +# +# 2021 Daniel Fancsali (fancsali@gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + debian|ubuntu|devuan) + : + ;; + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + + +__package_apt fail2ban + +if [ -f "$__object/parameter/path-override" ]; then + ( + echo [DEFAULT] + cat "$__object/parameter/path-override" + ) | __file /etc/fail2ban/paths-overrides.local --mode 644 --source - +fi diff --git a/cdist/conf/type/__fail2ban/parameter/optional_multiple b/cdist/conf/type/__fail2ban/parameter/optional_multiple new file mode 100644 index 00000000..660fbeff --- /dev/null +++ b/cdist/conf/type/__fail2ban/parameter/optional_multiple @@ -0,0 +1 @@ +path-override diff --git a/cdist/conf/type/__fail2ban/singleton b/cdist/conf/type/__fail2ban/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__fail2ban_jail/gencode-remote b/cdist/conf/type/__fail2ban_jail/gencode-remote new file mode 100755 index 00000000..08d873ae --- /dev/null +++ b/cdist/conf/type/__fail2ban_jail/gencode-remote @@ -0,0 +1,22 @@ +#!/bin/sh -e +# +# 2021 Daniel Fancsali (fancsali@gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +echo "fail2ban-client reload" diff --git a/cdist/conf/type/__fail2ban_jail/man.rst b/cdist/conf/type/__fail2ban_jail/man.rst new file mode 100644 index 00000000..27276990 --- /dev/null +++ b/cdist/conf/type/__fail2ban_jail/man.rst @@ -0,0 +1,53 @@ +cdist-type__fail2ban_jail(7) +============================ + +NAME +---- +cdist-type__fail2ban_jail - TODO + + +DESCRIPTION +----------- +This space intentionally left blank. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # TODO + __fail2ban_jail + + +SEE ALSO +-------- +:strong:`TODO`\ (7) + + +AUTHORS +------- +Daniel Fancsali + + +COPYING +------- +Copyright \(C) 2021 Daniel Fancsali. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__fail2ban_jail/manifest b/cdist/conf/type/__fail2ban_jail/manifest new file mode 100755 index 00000000..cc222310 --- /dev/null +++ b/cdist/conf/type/__fail2ban_jail/manifest @@ -0,0 +1,46 @@ +#!/bin/sh -e +# +# 2021 Daniel Fancsali (fancsali@gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + debian|ubuntu|devuan) + : + ;; + *) + printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 + printf "Please contribute an implementation for it if you can.\n" >&2 + exit 1 + ;; +esac + +export require="__fail2ban" + +__file /etc/fail2ban/jail.local --mode 644 + +export require="__file/etc/fail2ban/jail.local" +( + echo [$__object_id] + echo "enabled = true" + if [ -f "$__object/parameter/override" ]; then + cat "$__object/parameter/override" + fi +) | __block /etc/fail2ban/jail.local:$__object_id --file /etc/fail2ban/jail.local --text - diff --git a/cdist/conf/type/__fail2ban_jail/nonparallel b/cdist/conf/type/__fail2ban_jail/nonparallel new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__fail2ban_jail/parameter/optional_multiple b/cdist/conf/type/__fail2ban_jail/parameter/optional_multiple new file mode 100644 index 00000000..9ab91d29 --- /dev/null +++ b/cdist/conf/type/__fail2ban_jail/parameter/optional_multiple @@ -0,0 +1 @@ +override