use_inline_resources
action :create do
- remote_file "/etc/fail2ban/filter.d/#{new_resource.name}.conf" do
- source new_resource.source
- owner "root"
- group "root"
- mode 0644
+ if new_resource.source
+ remote_file "/etc/fail2ban/filter.d/#{new_resource.name}.conf" do
+ source new_resource.source
+ owner "root"
+ group "root"
+ mode 0644
+ end
+ else
+ template "/etc/fail2ban/filter.d/#{new_resource.name}.conf" do
+ cookbook "fail2ban"
+ source "filter.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ variables :failregex => new_resource.failregex,
+ :ignoreregex => new_resource.ignoreregex
+ end
end
end
attribute :name, :kind_of => String, :name_attribute => true
attribute :source, :kind_of => String
+attribute :failregex, :kind_of => [String, Array]
+attribute :ignoreregex, :kind_of => [String, Array]
def after_created
notifies :reload, "service[fail2ban]"
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+[Definition]
+failregex = <%= Array(@failregex).join("\n ") %>
+ignoreregex = <%= Array(@ignoreregex).join("\n ") %>
depends "apache"
depends "postgresql"
depends "git"
+depends "fail2ban"
mode 0700
only_if { node[:postgresql][:settings][:defaults][:archive_mode] == "on" }
end
+
+fail2ban_filter "nominatim" do
+ failregex '^<HOST> - - \[[^]]+\] "[^"]+" (403|429) '
+end
+
+fail2ban_jail "nominatim" do
+ filter "nominatim"
+ logpath "/var/log/apache2/nominatim.openstreetmap.org-access.log"
+ ports [80, 443]
+ maxretry 100
+end
projects / chef.git / commitdiff