modules/fail2ban/manifests/filter.pp - Issue 29364214: Issue 2487 - Introduce fail2ban module

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/fail2ban/manifests/filter.pp

Issue 29364214: Issue 2487 - Introduce fail2ban module (Closed)

Patch Set: Created Nov. 24, 2016, 3:09 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # == Type: fail2ban::filter

	2 #

	3 # Manage filter information and files for any custom filter we create
	mathias 2016/11/24 16:08:48 Please use un-personalized text in documentation, Please use un-personalized text in documentation, i.e. "filter created" vs "filter we create" - or just "filter". And full sentences (including periods) are appreciated as well ;-) f.lopez 2016/11/25 15:13:49 Acknowledged. Show quoted text On 2016/11/24 16:08:48, mathias wrote: > Please use un-personalized text in documentation, i.e. "filter created" vs > "filter we create" - or just "filter". And full sentences (including periods) > are appreciated as well ;-) Acknowledged.
	4 #

	5 # == Parameters:

	6 #

	7 # [failregex]

	8 # The regular expressions used to detect break-in attempts, password failures, etc.

	9 # One per line
	mathias 2016/11/24 16:08:48 A bit too specific. Something like "The regular ex A bit too specific. Something like "The regular expression applied by the filter." is more than enough. And what do you mean by "One per line"? f.lopez 2016/11/25 15:13:48 Acknowledged. Show quoted text On 2016/11/24 16:08:48, mathias wrote: > A bit too specific. Something like "The regular expression applied by the > filter." is more than enough. And what do you mean by "One per line"? Acknowledged.
	10 #

	11 # === Examples:

	12 #

	13 # filters => {

	14 # 'wordpress' => {

	15 # failregex => [

	16 # '^<HOST>.\"WordPress\/.',

	17 # ],

	18 # }

	19 # },
	mathias 2016/11/24 16:08:48 The example is not valid Puppet code, a snippet at The example is not valid Puppet code, a snippet at best, but even then not matching the fail2ban::filter type. f.lopez 2016/11/25 15:13:48 Acknowledged. Show quoted text On 2016/11/24 16:08:48, mathias wrote: > The example is not valid Puppet code, a snippet at best, but even then not > matching the fail2ban::filter type. Acknowledged.
	20 define fail2ban::filter (

	21 $failregex = undef,

	22 $ensure = 'present',
	mathias 2016/11/24 16:08:48 The $ensure parameter is not documented yet. The $ensure parameter is not documented yet. f.lopez 2016/11/25 15:13:49 Acknowledged. Show quoted text On 2016/11/24 16:08:48, mathias wrote: > The $ensure parameter is not documented yet. Acknowledged.
	23 ) {

	24

	25 include fail2ban

	26 include stdlib

	27

	28 if $failregex != undef {
	mathias 2016/11/24 16:08:48 This condition does not make much sense in this co This condition does not make much sense in this context. What if $ensure = 'absent'? Nothing will happen. I think the better approach would be to fail() if $ensure = 'present' and $failregex == undef, and have the resource definition below the conditional statement. f.lopez 2016/11/25 15:13:49 There can be cases where an already existing filte Show quoted text On 2016/11/24 16:08:48, mathias wrote: > This condition does not make much sense in this context. What if $ensure = > 'absent'? Nothing will happen. I think the better approach would be to fail() if > $ensure = 'present' and $failregex == undef, and have the resource definition > below the conditional statement. There can be cases where an already existing filter is in the folder so one might want to remove it.
	29 file {"/etc/fail2ban/filter.d/$title.conf":

	30 ensure => $ensure,

	31 content => template("fail2ban/filter.erb"),

	32 group => 'root',

	33 mode => '0644',

	34 owner => 'root',

	35 require => Package['fail2ban'],

	36 notify => Service['fail2ban'],

	37 }

	38 }

	39 }

OLD	NEW

« no previous file with comments | « no previous file | modules/fail2ban/manifests/init.pp » ('j') | modules/fail2ban/manifests/init.pp » ('J')