Mercurial > repos > other > Puppet

comparison modules/fail2ban/manifests/init.pp @ 292:3e04f35dd0af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Turn Fail2ban setup into a module We now: * Don't have a large class outside a module * Build "bad SSH users" config from a list (easier to understand/see diffs in than a long line) * Use modern EPP files
author IBBoard <dev@ibboard.co.uk>
date Sat, 18 Jan 2020 15:17:03 +0000
parents
children 55762b436f89
comparison
equal deleted inserted replaced
291:d2ae0b786b49 292:3e04f35dd0af
1 class fail2ban (
2 $firewall_cmd,
3 ) {
4 package { 'fail2ban':
5 ensure => installed,
6 }
7 service { 'fail2ban':
8 ensure => running,
9 enable => true
10 }
11 File<| tag == 'fail2ban' |> {
12 ensure => present,
13 require => Package['fail2ban'],
14 notify => Service['fail2ban'],
15 }
16 file { '/etc/fail2ban/fail2ban.local':
17 source => 'puppet:///modules/fail2ban/fail2ban.local',
18 }
19 file { '/etc/fail2ban/jail.local':
20 source => 'puppet:///modules/fail2ban/jail.local',
21 }
22 file { '/etc/fail2ban/action.d/apf.conf':
23 source => 'puppet:///modules/fail2ban/apf.conf',
24 }
25
26 if $firewall_cmd == 'iptables' {
27 $firewall_ban_cmd = 'iptables-multiport'
28 } else {
29 $firewall_ban_cmd = $firewall_cmd
30 }
31
32 file { '/etc/fail2ban/action.d/firewall-ban.conf':
33 ensure => link,
34 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf",
35 }
36 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf':
37 source => 'puppet:///modules/fail2ban/ibb-apache-exploits-instaban.conf',
38 }
39 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf':
40 source => 'puppet:///modules/fail2ban/ibb-apache-shellshock.conf',
41 }
42 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf':
43 source => 'puppet:///modules/fail2ban/ibb-repeat-offender.conf',
44 }
45 file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf':
46 source => 'puppet:///modules/fail2ban/ibb-repeat-offender-ssh.conf',
47 }
48 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf':
49 source => 'puppet:///modules/fail2ban/ibb-postfix-spammers.conf',
50 }
51 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf':
52 source => 'puppet:///modules/fail2ban/ibb-postfix-malicious.conf',
53 }
54 file { '/etc/fail2ban/filter.d/ibb-postfix.conf':
55 source => 'puppet:///modules/fail2ban/ibb-postfix.conf',
56 }
57 file { '/etc/fail2ban/filter.d/ibb-sshd.conf':
58 source => 'puppet:///modules/fail2ban/ibb-sshd.conf',
59 }
60
61 $bad_users = [
62 '[0-9]+',
63 '[0-9a-z][0-9a-z]?',
64 '([0-9a-z])\2{2,}',
65 'abc123',
66 'abused',
67 'adm',
68 'Admin',
69 'admin[0-9]+',
70 'administrateur',
71 'administracion',
72 'altibase',
73 'alumni',
74 'amavisd?',
75 'anwenderschnittstelle',
76 'anonymous',
77 'ansible',
78 'aptproxy',
79 'arkserver',
80 'asterisk',
81 'auser',
82 'avahi',
83 'avis',
84 'backlog',
85 'backup(s|er|pc|user)?',
86 'bf2',
87 'bitnami',
88 'bitrix',
89 'boinc',
90 'botmaster',
91 'build',
92 'buscador',
93 'cacti(user)?',
94 'catchall',
95 'cemergen',
96 'chef',
97 'cinema',
98 'clamav',
99 'cliente?[0-9]*',
100 'clouduser',
101 'com',
102 'comercial',
103 'control',
104 'couchdb',
105 'cpanel',
106 'create',
107 'cron',
108 '(cs(s|go|cz)|arma|mc|tf2?|sdtd|web|pz)se?rve?r?',
109 'cyrus[0-9]*',
110 'daemon',
111 'danger',
112 'debian(-spamd)?',
113 'default',
114 'dell',
115 'deploy(er)?',
116 'desktop',
117 'developer',
118 'devops',
119 'devteam',
120 'dietpi',
121 'django',
122 'dotblot',
123 'download',
124 'dovecot',
125 'easy',
126 'ec2-user',
127 'edu(cation)?[0-9]*',
128 'e-shop',
129 'engin(eer)?',
130 'esadmin',
131 'events',
132 'exports?',
133 'facebook',
134 'factorio',
135 'fax',
136 'filter',
137 'firebird',
138 'fuser',
139 'games',
140 'gdm',
141 'geniuz',
142 'ggc_user',
143 'ghost',
144 'git(olite?|blit|lab(_ci)?)?',
145 'gmail',
146 'gopher',
147 'guest',
148 'hacker',
149 'hadoop',
150 'harvard',
151 'helpdesk',
152 'home',
153 'host',
154 'httpd?',
155 'huawei',
156 'iceuser',
157 'imscp',
158 'info(rmix)?',
159 'java',
160 'jboss',
161 'jenkins',
162 'jira',
163 'jsboss',
164 'kafka',
165 'kodi',
166 'library',
167 'libsys',
168 'libuuid',
169 'linode',
170 'linux',
171 'login',
172 'logout',
173 'lynx',
174 'mailer',
175 'mailman',
176 'maintain',
177 'majordomo',
178 'man',
179 'mantis',
180 'marketing',
181 'master',
182 'membership',
183 'minecraft',
184 'modem',
185 'mongo(db|user)?',
186 'monitor',
187 'more',
188 'moher',
189 'mpiuser',
190 'musi[ck]bot',
191 '(my?|pg)sq(ue)?l',
192 'mythtv',
193 'nagios',
194 'nasa',
195 'netdump',
196 'netzplatz',
197 'newadmin',
198 'nexus',
199 'nfs',
200 '(nfs)?nobody',
201 'nginx',
202 'noc',
203 'nothing',
204 'NpC',
205 'nux',
206 'odoo',
207 'odroid',
208 'onyxeye',
209 'openbravo',
210 'openvpn',
211 'operador',
212 'operator',
213 'ops(code)?',
214 'oprofile',
215 'ora(cle|prod)',
216 'osmc',
217 'papernet',
218 'password',
219 'payments',
220 'pay_?pal',
221 'pentaho',
222 'PlcmSpIp(PlcmSpIp)?',
223 'popuser',
224 'postfix',
225 'postgres',
226 'postmaster',
227 'print',
228 'privoxy',
229 'proba',
230 'proxy',
231 'puppet',
232 'qhsupport',
233 'rabbit(mq)?',
234 'radiusd?',
235 'redis',
236 'redmine',
237 'riakcs',
238 'root[0-9]+',
239 'rpc(user)?',
240 'RPM',
241 'rtorrent',
242 'rustserver',
243 'sales[0-9]+',
244 's?bin',
245 '(samba|sshd|git|student|tomcat|abc|web|info|(vpn|appl?|my|b)?(use?r|server|manager|mgr)|account)[0-9]*',
246 'saslauth',
247 'scaner',
248 'screen',
249 'search',
250 'setup',
251 'service',
252 '(s|u|ams|admin|inss|pro)?ftp(d|_?user|home|_?test)?[0-9]*',
253 'sftponly',
254 'shell',
255 'shop',
256 'sinusbot',
257 'smmsp',
258 'socket',
259 'software',
260 'solarus',
261 'splunk',
262 'squid',
263 'squirrelmail',
264 'sshusr',
265 'staffc',
266 'steam(cmd)?',
267 'store',
268 'superuser',
269 'support',
270 'svnroot',
271 'sysadmin',
272 'system',
273 'teamspeak3?',
274 'telkom',
275 'temp',
276 'test((ing|ftp|man|use?r|u)[0-9]*|[0-9]+)?',
277 '(test)?username',
278 'text',
279 'tomcat',
280 'tools',
281 'toor',
282 'ts[23](se?rv(er)?|(musi[ck])?bot)?',
283 'tunstall',
284 'ubnt',
285 'ubuntu',
286 'upload',
287 'unity',
288 'USERID',
289 'user[0-9]*',
290 'usuario',
291 'uucp',
292 'vagrant',
293 'vbox',
294 'ventrilo',
295 'vhbackup',
296 'virusalter',
297 'vmadmin',
298 'vmail',
299 'vyatta',
300 'wanadoo',
301 'weblogic',
302 'webmaster',
303 'WinD3str0y',
304 'wine',
305 'wp-?user',
306 'write',
307 'www',
308 '(www|web|coin|fax|sys|db2|rsync|tc)-?(adm(in)?|run|user|data)',
309 'xbian',
310 'xbot',
311 'xoadmin',
312 'yahoo',
313 'yarn',
314 'zabbix',
315 'zimbra',
316 'zookeeper',
317 '0fordn1on@#\$%%\^&',
318 'P@\$\$w0rd',
319 'pass123?4?'
320 ]
321
322 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf':
323 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }),
324 }
325 # Because one of our rules checks fail2ban's log, but the service dies without the file
326 file { '/var/log/fail2ban.log':
327 ensure => present,
328 owner => 'root',
329 group => 'root',
330 mode => '0600',
331 }
332 }