#
define :fail2ban_jail, :action => :create do
- config = resources(:template => "/etc/fail2ban/jail.local")
-
- config.variables[:jails] << Hash[
- :name => params[:name],
- :filter => params[:filter],
- :logpath => params[:logpath],
- :protocol => params[:protocol],
- :port => Array(params[:ports]).join(","),
- :maxretry => params[:maxretry]
- ]
+ template "/etc/fail2ban/jail.d/50-#{params[:name]}.conf" do
+ source "jail.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ variables params
+ if node[:lsb][:release].to_f >= 14.04
+ notifies :create, "template[/etc/fail2ban/jail.local]"
+ else
+ notifies :reload, "service[fail2ban]"
+ end
+ end
end
package "fail2ban"
-template "/etc/fail2ban/jail.local" do
- source "jail.erb"
+if node[:lsb][:release].to_f >= 14.04
+ file "/etc/fail2ban/jail.local" do
+ action :delete
+ end
+else
+ directory "/etc/fail2ban/jail.d" do
+ owner "root"
+ group "group"
+ mode 0755
+ end
+
+ template "/etc/fail2ban/jail.local" do
+ source "jail.local.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ subscribes :create, "template[/etc/fail2ban/jail.d/00-default.conf]"
+ notifies :reload, "service[fail2ban]"
+ end
+end
+
+template "/etc/fail2ban/jail.d/00-default.conf" do
+ source "jail.default.erb"
owner "root"
group "root"
mode 0644
- variables :jails => []
+ notifies :reload, "service[fail2ban]"
end
service "fail2ban" do
action [:enable, :start]
supports :status => true, :reload => true, :restart => true
- subscribes :reload, "template[/etc/fail2ban/jail.local]"
end
munin_plugin "fail2ban"
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+[DEFAULT]
+destemail = admins@openstreetmap.org
+banaction = shorewall
+bantime = 14400
# DO NOT EDIT - This file is being maintained by Chef
-[DEFAULT]
-destemail = admins@openstreetmap.org
-banaction = shorewall
-bantime = 14400
-<% @jails.each do |jail| -%>
-
-[<%= jail[:name] %>]
+[<%= @name %>]
enabled = true
-<% if jail[:protocol] -%>
-protocol = <%= jail[:protocol] %>
-<% end -%>
-port = <%= jail[:port] %>
-filter = <%= jail[:filter] %>
-logpath = <%= jail[:logpath] %>
-<% if jail[:maxretry] -%>
-maxretry = <%= jail[:maxretry] %>
+<% if @protocol -%>
+protocol = <%= @protocol %>
<% end -%>
+port = <%= @ports.join(",") %>
+filter = <%= @filter %>
+logpath = <%= @logpath %>
+<% if @maxretry -%>
+maxretry = <%= @maxretry %>
<% end -%>
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+<% Dir.glob("/etc/fail2ban/jail.d/*.conf").sort do |file| -%>
+
+<%= File.read(file) %>
+<% end -%>
projects / chef.git / commitdiff