--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/logwatch/services-fail2ban	Sat Sep 26 14:28:16 2015 +0000
@@ -0,0 +1,191 @@
+##########################################################################
+# $Id: fail2ban 226 2014-09-09 11:07:27Z stefjakobs $
+##########################################################################
+# $Log: fail2ban,v $
+# Revision 1.5a - IBBoard
+# Patched up to what we see on CentOS 6 w/fail2ban-0.9.2
+#
+# Revision 1.5  2008/08/18 16:07:46  mike
+# Patches from Paul Gear <paul at libertysys.com> -mgt
+#
+# Revision 1.4  2008/06/30 23:07:51  kirk
+# fixed copyright holders for files where I know who they should be
+#
+# Revision 1.3  2008/03/24 23:31:26  kirk
+# added copyright/license notice to each script
+#
+# Revision 1.2  2006/12/15 04:53:59  bjorn
+# Additional filtering, by Willi Mann.
+#
+# Revision 1.1  2006/05/30 19:04:26  bjorn
+# Added fail2ban service, written by Yaroslav Halchenko.
+#
+# Written by Yaroslav Halchenko <debian@onerussian.com> for fail2ban
+#
+##########################################################################
+
+########################################################
+## Copyright (c) 2008  Yaroslav Halchenko
+## Covered under the included MIT/X-Consortium License:
+##    http://www.opensource.org/licenses/mit-license.php
+## All modifications and contributions by other persons to
+## this script are assumed to have been donated to the
+## Logwatch project and thus assume the above copyright
+## and licensing terms.  If you want to make contributions
+## under your own copyright or a different license this
+## must be explicitly stated in the contribution an the
+## Logwatch project reserves the right to not accept such
+## contributions.  If you have made significant
+## contributions to this script and want to claim
+## copyright please contact logwatch-devel@lists.sourceforge.net.
+#########################################################
+
+use strict;
+use Logwatch ':all';
+
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
+my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
+my $DebugCounter = 0;
+my $ReInitializations = 0;
+my @IptablesErrors = ();
+my @ActionErrors = ();
+my $NotValidIP = 0;		# reported invalid IPs number
+my @OtherList = ();
+
+my %ServicesBans = ();
+
+if ( $Debug >= 5 ) {
+	print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
+	$DebugCounter = 1;
+}
+
+while (defined(my $ThisLine = <STDIN>)) {
+    if ( $Debug >= 5 ) {
+	print STDERR "DEBUG($DebugCounter): $ThisLine";
+	$DebugCounter++;
+    }
+    chomp($ThisLine);
+    if ( ($ThisLine =~ /..,... DEBUG: /) or
+	 ($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban
+	 ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
+	 ($ThisLine =~ /INFO\s+Log rotation detected for/) or
+	 ($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller|uses pyinotify)/) or
+	 ($ThisLine =~ /INFO\s+Changed logging target to/) or
+	 ($ThisLine =~ /INFO\s+Creating new jail/) or
+	 ($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban
+	 ($ThisLine =~ /..,... WARNING: Verbose level is /) or
+	 ($ThisLine =~ /..,... WARNING: Restoring firewall rules/) or
+	 ($ThisLine =~ /WARNING Determined IP using DNS Lookup: [^ ]+ = \['[^']+'\]/) or
+	 ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
+	 ($ThisLine =~ /INFO\s+Initiated 'pyinotify' backend/) or
+	 ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/)
+       )
+    {
+	if ( $Debug >= 6 ) {
+	    print STDERR "DEBUG($DebugCounter): line ignored\n";
+	}
+    } elsif ( ($ThisLine =~ /INFO\s+\[[^\]]+\] Found [0-9\.]+/) ) {
+	if ( $Debug >= 6 ) {
+	    print STDERR "DEBUG($DebugCounter): line ignored\n";
+	}
+    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
+	if ( $Debug >= 6 ) {
+	    print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
+	}
+	$ServicesBans{$Service}{$Host}{$Action}++;
+	$ServicesBans{$Service}{"(all)"}{$Action}++;
+    } elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/INFO: (\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
+	if ($Debug >= 4) {
+	    print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
+	}
+	push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
+    } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ ERROR:\s(.*):\s(\S+)\salready in ban list/)) {
+   	 $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
+    } elsif ( my ($Service,$Host) = ($ThisLine =~ m/(?:INFO|WARNING)\s*\[(.*)\]\s*(\S+)\s*already banned/)) {
+       $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
+    } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) {
+	    $ServicesBans{$Service}{$Host}{'ReBan'}++;
+    } elsif ($ThisLine =~ / ERROR:?\s*(Execution of command )?\'?iptables/) {
+	    push @IptablesErrors, "$ThisLine\n";
+    } elsif ($ThisLine =~ /ERROR.*returned \d+$/) {
+       push @ActionErrors, "$ThisLine\n";
+    } elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or
+	    ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
+	    $ReInitializations++;
+    } elsif ($ThisLine =~ /..,... WARNING:  is not a valid IP address/) {
+	# just ignore - this will be fixed within fail2ban and is harmless warning
+    }
+    else
+    {
+	# Report any unmatched entries...
+	push @OtherList, "$ThisLine\n";
+    }
+}
+
+###########################################################
+
+
+if (keys %ServicesBans) {
+    printf("\nBanned services with Fail2Ban:				 Bans:Unbans\n");
+    foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
+	printf("   %-55s [%3d:%-3d]\n", "$service:",
+	       $ServicesBans{$service}{'(all)'}{'Ban'},
+	       $ServicesBans{$service}{'(all)'}{'Unban'});
+	delete $ServicesBans{$service}{'(all)'};
+	my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
+	if ($Detail >= 5) {
+	    foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
+		   my $name = LookupIP($ip);
+		   printf("      %-53s %3d:%-3d\n",
+		       $name,
+		       $ServicesBans{$service}{$ip}{'Ban'},
+		       $ServicesBans{$service}{$ip}{'Unban'});
+		   if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
+		      print "	   Failed ";
+		      foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
+			      print " $fails";
+		      }
+		    print " times";
+		    printf("\n	   %d Duplicate Ban attempts", $ServicesBans{$service}{$ip}{'AlreadyInTheList'}) ;
+		    printf("\n	   %d ReBans due to rules reinitilizations", $ServicesBans{$service}{$ip}{'ReBan'}) ;
+		    print "\n";
+		   }
+	    }
+	   }
+    }
+}
+
+
+if ($Detail>0) {
+    if ($#IptablesErrors > 0) {
+	   printf("\n%d faulty iptables invocation(s)", $#IptablesErrors);
+	   if ($Detail > 5) {
+	    print ":\n";
+	    print @IptablesErrors ;
+	   }
+    }
+    if ($#ActionErrors > 0) {
+       printf("\n%d error(s) returned from actions", $#ActionErrors);
+       if ($Detail > 5) {
+           print ":\n";
+           print @ActionErrors ;
+       }
+    }
+    if ($ReInitializations > 0) {
+	   printf("\n%d fail2ban rules reinitialization(s)", $ReInitializations);
+    }
+    if ($#OtherList >= 0) {
+	   print "\n**Unmatched Entries**\n";
+	   print @OtherList;
+    }
+}
+
+exit(0);
+
+# vi: shiftwidth=3 tabstop=3 syntax=perl et
+# Local Variables:
+# mode: perl
+# perl-indent-level: 3
+# indent-tabs-mode: nil
+# End:

--- a/manifests/templates.pp	Sat Sep 12 11:08:22 2015 +0000
+++ b/manifests/templates.pp	Sat Sep 26 14:28:16 2015 +0000
@@ -116,6 +116,9 @@
 	file { '/etc/logwatch/scripts/shared/':
 		ensure => directory,
 	}
+	file { '/etc/logwatch/scripts/services/fail2ban':
+		source => 'puppet:///common/logwatch/services-fail2ban',
+	}
 	file { '/etc/logwatch/scripts/services/http-error':
 		source => 'puppet:///common/logwatch/http-error',
 	}