diff options
| author | Joey Hess <joeyh@joeyh.name> | 2017-11-12 15:59:47 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-11-12 15:59:47 -0400 |
| commit | fa8392c6c87d04c2a2f4717780ce011b741e6769 (patch) | |
| tree | dfafbc06a1bf5745d339267e89b17c3a5563f374 /src | |
| parent | 19a0a53469ad5288fa6688f5e140994a3be63f8e (diff) | |
| parent | 3929ef0224d230f66b8d763faaf092b2c20cb1fe (diff) | |
Merge remote-tracking branch 'felix/fail2ban'
Diffstat (limited to 'src')
| -rw-r--r-- | src/Propellor/Property/Fail2Ban.hs | 40 |
1 files changed, 35 insertions, 5 deletions
diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs index 9f147943..6428a19f 100644 --- a/src/Propellor/Property/Fail2Ban.hs +++ b/src/Propellor/Property/Fail2Ban.hs @@ -2,6 +2,7 @@ module Propellor.Property.Fail2Ban where import Propellor.Base import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File import qualified Propellor.Property.Service as Service import Propellor.Property.ConfFile @@ -13,18 +14,47 @@ reloaded = Service.reloaded "fail2ban" type Jail = String +type Filter = String + +type Action = String + -- | By default, fail2ban only enables the ssh jail, but many others -- are available to be enabled, for example "postfix-sasl" jailEnabled :: Jail -> Property DebianLike -jailEnabled name = jailConfigured name "enabled" "true" +jailEnabled name = jailEnabled' name [] + `onChange` reloaded + +jailEnabled' :: Jail -> [(IniKey, String)] -> Property DebianLike +jailEnabled' name settings = + jailConfigured' name (("enabled", "true") : settings) `onChange` reloaded -- | Configures a jail. For example: -- --- > jailConfigured "sshd" "port" "2222" +-- > jailConfigured' "sshd" [("port", "2222")] +jailConfigured' :: Jail -> [(IniKey, String)] -> Property UnixLike +jailConfigured' name settings = propertyList ("jail \"" ++ name ++ "\" configuration") $ props + & File.notPresent (oldJailConfFile name) + -- ^ removes .conf files added by old versions of Fail2Ban properties + & jailConfFile name `iniFileContains` [(name, settings)] + +-- | Adds a setting to a given jail. For example: +-- +-- > jailConfigured "sshd" "port" "2222" jailConfigured :: Jail -> IniKey -> String -> Property UnixLike -jailConfigured name key value = - jailConfFile name `containsIniSetting` (name, key, value) +jailConfigured name key value = propertyList ("jail \"" ++ name ++ "\" configuration") $ props + & File.notPresent (oldJailConfFile name) + -- ^ removes .conf files added by old versions of Fail2Ban properties + & jailConfFile name `containsIniSetting` (name, key, value) + +oldJailConfFile :: Jail -> FilePath +oldJailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" jailConfFile :: Jail -> FilePath -jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" +jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".local" + +filterConfFile :: Filter -> FilePath +filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".local" + +actionConfFile :: Action -> FilePath +actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".local" |