Mercurial > repos > other > Puppet
view modules/fail2ban/manifests/init.pp @ 296:2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 09 Feb 2020 14:50:14 +0000 |
parents | 90525117ab81 |
children | 4f7315d7e869 |
line wrap: on
line source
class fail2ban ( $firewall_cmd, ) { package { 'fail2ban': ensure => installed, } service { 'fail2ban': ensure => running, enable => true } File<| tag == 'fail2ban' |> { ensure => present, require => Package['fail2ban'], notify => Service['fail2ban'], } file { '/etc/fail2ban/fail2ban.local': source => 'puppet:///modules/fail2ban/fail2ban.local', } file { '/etc/fail2ban/jail.local': source => 'puppet:///modules/fail2ban/jail.local', } file { '/etc/fail2ban/action.d/apf.conf': source => 'puppet:///modules/fail2ban/apf.conf', } if $firewall_cmd == 'iptables' { $firewall_ban_cmd = 'iptables-multiport' } else { $firewall_ban_cmd = $firewall_cmd } file { '/etc/fail2ban/action.d/firewall-ban.conf': ensure => link, target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf", } file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': source => 'puppet:///modules/fail2ban/ibb-apache-exploits-instaban.conf', } file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': source => 'puppet:///modules/fail2ban/ibb-apache-shellshock.conf', } file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': source => 'puppet:///modules/fail2ban/ibb-repeat-offender.conf', } file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf': source => 'puppet:///modules/fail2ban/ibb-repeat-offender-ssh.conf', } file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf': source => 'puppet:///modules/fail2ban/ibb-postfix-spammers.conf', } file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf': source => 'puppet:///modules/fail2ban/ibb-postfix-malicious.conf', } file { '/etc/fail2ban/filter.d/ibb-postfix.conf': source => 'puppet:///modules/fail2ban/ibb-postfix.conf', } file { '/etc/fail2ban/filter.d/ibb-sshd.conf': source => 'puppet:///modules/fail2ban/ibb-sshd.conf', } $bad_users = [ '[0-9]+', '[0-9a-z][0-9a-z]?', '([0-9a-z])\2{2,}', 'abc123', 'abused', 'adm', 'Admin', 'admin[0-9]+', 'administrateur', 'administracion', 'admissions', 'altibase', 'alumni', 'amavisd?', 'amministratore', 'anwenderschnittstelle', 'anonymous', 'ansible', 'aptproxy', 'arkserver', 'asterisk', 'auser', 'avahi', 'avis', 'backlog', 'backup(s|er|pc|user)?', 'bf2', 'bitcoin', 'bitnami', 'bitrix', 'boinc', 'botmaster', 'build', 'buscador', 'cacti(user)?', 'catchall', 'cemergen', 'chef', 'cinema', 'clamav', 'cliente?[0-9]*', 'clouduser', 'com', 'comercial', 'control', 'couchdb', 'cpanel', 'create', 'cron', '(cs(s|go|cz)|arma|mc|tf2?|sdtd|web|pz)se?rve?r?', 'cyrus[0-9]*', 'daemon', 'danger', 'debian(-spamd)?', 'default', 'dell', 'deploy(er)?', 'desktop', 'developer', 'devops', 'devteam', 'dietpi', 'django', 'dotblot', 'download', 'dovecot', 'duplicity', 'easy', 'ec2-user', 'edu(cation)?[0-9]*', 'e-shop', 'elsearch', 'engin(eer)?', 'esadmin', 'events', 'exports?', 'facebook', 'factorio', 'fax', 'filter', 'firebird', 'fuser', 'games', 'gdm', 'geniuz', 'ggc_user', 'ghost', 'git(olite?|blit|lab(_ci)?)?', 'gmail', 'gmodserver', 'gnuhealth', 'gopher', 'guest', 'hacker', 'hadoop', 'harvard', 'helpdesk', 'home', 'host', 'httpd?', 'httpfs', 'huawei', 'iceuser', 'imscp', 'info(rmix)?', 'java', 'jboss', 'jenkins', 'jira', 'jsboss', 'kafka', 'kodi', 'kms', 'library', 'libsys', 'libuuid', 'linode', 'linux', 'localadmin', 'login', 'logout', 'logstash', 'lynx', 'mailer', 'mailman', 'maintain', 'majordomo', 'man', 'mantis', 'mapruser', 'marketing', 'master', 'membership', 'minecraft', 'modem', 'mongo(db|user)?', 'monitor', 'more', 'moher', 'mpiuser', 'musi[ck]bot', '(my?|pg)sq(ue)?l', 'mythtv', 'nagios', 'nasa', 'ncs', 'netdump', 'netzplatz', 'newadmin', 'newuser', 'nexus', 'nfs', '(nfs)?nobody', 'nginx', 'noc', 'nothing', 'NpC', 'nux', 'odoo', 'odroid', 'onyxeye', 'openbravo', 'openfire', 'openvpn', 'operador', 'operator', 'ops(code)?', 'oprofile', 'ora(cle|prod)[0-9]*', 'osmc', 'owncloud', 'papernet', 'password', 'payments', 'pay_?pal', 'pdfbox', 'pentaho', 'PlcmSpIp(PlcmSpIp)?', 'popuser', 'postfix', 'postgres', 'postmaster', 'print', 'privoxy', 'proba', 'proxy', 'public', 'puppet', 'qhsupport', 'rabbit(mq)?', 'radiusd?', 'redis', 'redmine', 'riakcs', 'root[0-9]+', 'rpc(user)?', 'RPM', 'rtorrent', 'rustserver', 'sales[0-9]+', 's?bin', '(samba|sshd|git|student|tomcat|abc|web|info|(vpn|appl?|my|db)?(use?r|server|manager|mgr)|account)[0-9]*', 'saslauth', 'scaner', 'screen', 'search', 'setup', 'serverpilot', 'service', '(s|u|ams|admin|inss|pro|web)?ftp(d|_?use?r|home|_?test)?[0-9]*', 'sftponly', 'shell', 'shop', 'sinusbot', 'smmsp', 'socket', 'software', 'solarus', 'splunk', 'squid', 'squirrelmail', 'sshusr', 'staffc', 'steam(cmd)?', 'store', 'superuser', 'suporte', 'support', 'svnroot', 'sybase', 'sysadmin', 'system', 'teamspeak3?', 'telkom', 'temp', 'test((er?|ing|ftp|man|use?r|u)[0-9]*|[0-9]+)?', '(test)?username', 'text', 'tomcat', 'tools', 'toor', 'ts[23](se?rv(er)?|(musi[ck])?bot)?', 'tunstall', 'ubnt', 'ubuntu', 'upload', 'unity', 'USERID', 'user[0-9]*', 'usuario', 'uucp', 'vagrant', 'vbox', 'ventrilo', 'vhbackup', 'virusalter', 'vmadmin', 'vmail', 'vyatta', 'wanadoo', 'weblogic', 'webmaster', 'WinD3str0y', 'wine', 'wp-?user', 'write', 'www', '(www|web|coin|fax|sys|db2|rsync|tc)-?(adm(in)?|run|user|data)', 'xbian', 'xbot', 'xoadmin', 'yahoo', 'yarn', 'zabbix', 'zimbra', 'zookeeper', '0fordn1on@#\$%%\^&', 'P@\$\$w0rd', 'pass123?4?' ] file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf': content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }), } # Because one of our rules checks fail2ban's log, but the service dies without the file file { '/var/log/fail2ban.log': ensure => present, owner => 'root', group => 'root', mode => '0600', } }