Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class profile::fail2ban {
- include ::fail2ban
- file { ['/etc/fail2ban/fail2ban.local','/etc/fail2ban/jail.local']:
- ensure => absent,
- notify => Service[$fail2ban::service_name],
- }
- file_line { '/etc/fail2ban/fail2ban.conf':
- ensure => present,
- line => 'logtarget = SYSLOG',
- match => 'logtarget = /var/log/fail2ban.log',
- path => '/etc/fail2ban/fail2ban.conf',
- require => Package[$fail2ban::package_name],
- notify => Service[$fail2ban::service_name],
- }
- if $cms == 'wp' {
- $wp_nginx_blocked = @(EOF)
- [Definition]
- failregex = ^.* Blocked request from <HOST>.*$
- ignoreregex =
- | EOF
- file { '/etc/fail2ban/filter.d/wp_nginx_blocked.conf':
- content => inline_template($wp_nginx_blocked),
- ensure => present,
- group => root,
- mode => '0644',
- owner => root,
- require => Package[$fail2ban::package_name],
- notify => Service[$fail2ban::service_name],
- }
- $wplogin_conf = @(EOF)
- [Definition]
- failregex = {*\"remote_addr\": \"<HOST>\",.*\"request\":\ \"POST\ \/*wp-login.php
- ignoreregex =
- | EOF
- file { '/etc/fail2ban/filter.d/wplogin.conf':
- content => inline_template($wplogin_conf),
- ensure => present,
- group => root,
- mode => '0644',
- owner => root,
- require => Package[$fail2ban::package_name],
- notify => Service[$fail2ban::service_name],
- }
- $wp_xmlrpc_conf = @(EOF)
- [Definition]
- failregex = {*\"remote_addr\": \"<HOST>\",.*\"request\":\ \"POST\ \/*xmlrpc.php
- ignoreregex =
- | EOF
- file { '/etc/fail2ban/filter.d/wp_xmlrpc.conf':
- content => inline_template($wp_xmlrpc_conf),
- ensure => present,
- group => root,
- mode => '0644',
- owner => root,
- require => Package[$fail2ban::package_name],
- notify => Service[$fail2ban::service_name],
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
