Unverified Commit 2aeeda96 authored by Niels Abspoel's avatar Niels Abspoel Committed by GitHub
Browse files

Merge pull request #23 from bawuenet/fixes

Improve the ng formula
parents 6eec356e e09fbbfa
......@@ -6,11 +6,8 @@
fail2ban.ng.config.fail2ban:
{% if fail2ban.config is defined %}
{% if fail2ban.config.source_path is defined %}
{% set fail2ban_config = fail2ban.config.source_path %}
{% else %}
{% set fail2ban_config = 'salt://fail2ban/ng/files/config.jinja' %}
{% endif %}
{% set fail2ban_config = fail2ban.config.get('source_path',
'salt://fail2ban/ng/files/config.jinja') %}
file.managed:
- name: {{ fail2ban.prefix }}/etc/fail2ban/fail2ban.local
......@@ -34,11 +31,8 @@ fail2ban.ng.config.fail2ban:
fail2ban.ng.config.jails:
{% if fail2ban.jails is defined %}
{% if fail2ban.jails.source_path is defined %}
{% set fail2ban_jails = fail2ban.jails.source_path %}
{% else %}
{% set fail2ban_jails = 'salt://fail2ban/ng/files/config.jinja' %}
{% endif %}
{% set fail2ban_jails = fail2ban.jails.get('source_path',
'salt://fail2ban/ng/files/config.jinja') %}
file.managed:
- name: {{ fail2ban.prefix }}/etc/fail2ban/jail.local
......@@ -57,13 +51,10 @@ fail2ban.ng.config.jails:
- watch_in:
- service: {{ fail2ban.service }}
{% for name, options in fail2ban.actions|dictsort %}
{% for name, options in fail2ban.get('actions', {})|dictsort %}
{% if options.config.source_path is defined %}
{% set fail2ban_actions = options.config.source_path %}
{% else %}
{% set fail2ban_actions = 'salt://fail2ban/ng/files/config.jinja' %}
{% endif %}
{% set fail2ban_actions = options.config.get('source_path',
'salt://fail2ban/ng/files/config.jinja') %}
fail2ban.ng.config.action.{{ name }}:
{% if ( 'enabled' in options and options.enabled ) or ('enabled' not in options ) %}
......@@ -86,13 +77,10 @@ fail2ban.ng.config.action.{{ name }}:
{% endif %}
{% endfor %}
{% for name, options in fail2ban.filters|dictsort %}
{% for name, options in fail2ban.get('filters', {})|dictsort %}
{% if options.config.source_path is defined %}
{% set fail2ban_filters = options.config.source_path %}
{% else %}
{% set fail2ban_filters = 'salt://fail2ban/ng/files/config.jinja' %}
{% endif %}
{% set fail2ban_filters = options.config.get('source_path',
'salt://fail2ban/ng/files/config.jinja') %}
fail2ban.ng.config.filter.{{ name }}:
{% if ( 'enabled' in options and options.enabled ) or ('enabled' not in options ) %}
......
#
# This file is managed by salt. Do not edit by hand.
#
{% macro print_config(name, value) %}
{%- set name_length = name|length %}
{%- if value is string %}
{{ name }} = {{ value }}
{%- elif value is number %}
{{ name }} = {{ value }}
{%- else %}
{#- Since strings are also sequences, there's no way to explicitly test for lists #}
{{ name }} = {{ value|first }}
{%- if value|length > 1 %}
{%- for item in value[1:] %}
{{ item|indent(width=name_length + 3, indentfirst=True) }}
{%- endfor %}
{%- endif %}
{%- endif %}
{%- macro print_config(name, value) %}
{%- if value is iterable and value is not string %}
{{ name }} = {{ value | join('\n') | indent(name | length + 3) }}
{%- else %}
{{ name }} = {{ value }}
{%- endif %}
{%- endmacro %}
{%- for section, section_data in config|dictsort %}
......
......@@ -52,29 +52,29 @@ fail2ban:
logtarget: /var/log/fail2ban.log
# jail.local
jails:
jails:
# FTP-style
source_path: salt://path-to-jail-file
# FTP-style
source_path: salt://path-to-jail-file
# Template-style
DEFAULT:
ignoreip: 127.0.0.1
bantime: 600
ssh:
actions: iptables[name=SSH, port=ssh, protocol=tcp]
enabled: 'true'
filter: sshd
logpath: /var/log/auth.log
maxretry: 6
port: ssh
ssh_ddos:
action: iptables[name=SSH, port=ssh, protocol=tcp]
enabled: 'true'
filter: sshd-ddos
logpath: /var/log/auth.log
maxretry: 6
port: ssh
# Template-style
DEFAULT:
ignoreip: 127.0.0.1
bantime: 600
ssh:
action: iptables[name=SSH, port=ssh, protocol=tcp]
enabled: 'true'
filter: sshd
logpath: /var/log/auth.log
maxretry: 6
port: ssh
ssh_ddos:
action: iptables[name=SSH, port=ssh, protocol=tcp]
enabled: 'true'
filter: sshd-ddos
logpath: /var/log/auth.log
maxretry: 6
port: ssh
# action.d
actions:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment