#
-# Cookbook Name:: fail2ban
+# Cookbook:: fail2ban
# Recipe:: default
#
-# Copyright 2013, OpenStreetMap Foundation
+# Copyright:: 2013, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# limitations under the License.
#
-package "fail2ban"
+include_recipe "munin"
+include_recipe "prometheus"
-if node[:lsb][:release].to_f >= 14.04
- file "/etc/fail2ban/jail.local" do
- action :delete
- end
+package %w[
+ fail2ban
+ python3-systemd
+ ruby-webrick
+]
+
+if platform?("debian")
+ package "python3-inotify"
else
- directory "/etc/fail2ban/jail.d" do
- owner "root"
- group "root"
- mode 0755
- end
-
- template "/etc/fail2ban/jail.local" do
- source "jail.local.erb"
- owner "root"
- group "root"
- mode 0644
- subscribes :create, "template[/etc/fail2ban/jail.d/00-default.conf]"
- notifies :reload, "service[fail2ban]"
- end
+ package "gamin"
end
template "/etc/fail2ban/jail.d/00-default.conf" do
source "jail.default.erb"
owner "root"
group "root"
- mode 0644
- notifies :reload, "service[fail2ban]"
+ mode "644"
+ notifies :restart, "service[fail2ban]"
+end
+
+template "/etc/fail2ban/paths-overrides.local" do
+ source "paths-overrides.local.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ notifies :restart, "service[fail2ban]"
end
service "fail2ban" do
action [:enable, :start]
- supports :status => true, :reload => true, :restart => true
end
munin_plugin "fail2ban"
+
+prometheus_exporter "fail2ban" do
+ port 9635
+ user "root"
+ restrict_address_families "AF_UNIX"
+end