X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/9d456f01b9ef62193a864f8f2c8a81b563c0f51b..7a100e1f0604b3374a42b8e29a3ea429a1558883:/cookbooks/fail2ban/resources/jail.rb?ds=sidebyside diff --git a/cookbooks/fail2ban/resources/jail.rb b/cookbooks/fail2ban/resources/jail.rb index 65d1d3b51..3af0960e9 100644 --- a/cookbooks/fail2ban/resources/jail.rb +++ b/cookbooks/fail2ban/resources/jail.rb @@ -1,14 +1,14 @@ # -# Cookbook Name:: fail2ban +# Cookbook:: fail2ban # Resource:: fail2ban_jail # -# Copyright 2015, OpenStreetMap Foundation +# Copyright:: 2015, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -17,17 +17,41 @@ # limitations under the License. # -actions :create, :delete +unified_mode true + default_action :create -attribute :name, :kind_of => String, :name_attribute => true -attribute :filter, :kind_of => String -attribute :logpath, :kind_of => String -attribute :protocol, :kind_of => String -attribute :ports, :kind_of => Array, :default => [] -attribute :maxretry, :kind_of => Integer -attribute :ignoreips, :kind_of => Array +property :jail, :kind_of => String, :name_property => true +property :filter, :kind_of => String +property :logpath, :kind_of => String +property :protocol, :kind_of => String +property :ports, :kind_of => Array, :default => [] +property :maxretry, :kind_of => Integer +property :ignoreips, :kind_of => Array + +action :create do + template "/etc/fail2ban/jail.d/50-#{new_resource.jail}.conf" do + cookbook "fail2ban" + source "jail.erb" + owner "root" + group "root" + mode "644" + variables :name => new_resource.jail, + :filter => new_resource.filter, + :logpath => new_resource.logpath, + :protocol => new_resource.protocol, + :ports => new_resource.ports, + :maxretry => new_resource.maxretry, + :ignoreips => new_resource.ignoreips + end +end + +action :delete do + file "/etc/fail2ban/jail.d/50-#{new_resource.jail}.conf" do + action :delete + end +end def after_created - notifies :reload, "service[fail2ban]" + notifies :restart, "service[fail2ban]" end