Comments (2)
I'm having this issue, too. EG. I want to change logpath to a glob and affect the bantime for my HTTP(S) service to be different than my SSHD bantime. Further, polling mode works with less complaints than journalmatch for that filter, so I want to use that mode but systemd for sshd.
fail2ban::custom_jails:
'nginx-botsearch':
enabled: true
backend: polling
bantime: 3600
port: http,https
logpath: '/var/log/nginx/*error.log'
However, this destroys the regex data in /etc/fail2ban.d/nginx-botsearch
. I can work around this with a differently named jail, EG
fail2ban::custom_jails:
'10-nginx-botsearch':
enabled: true
backend: polling
bantime: 3600
port: http,https
filter: nginx-botsearch
logpath: '/var/log/nginx/*error.log'
This is kludgy as is creates an unused filter file, but the jail doesn't load it, rather the desired filter and I am able to function.
Alternatively, I can the regex data in YAML, but will note that there are a few problems with this:
- Declaring regex in YAML requires a LOT confusing and/or extraneous escape characters, making maintenance a nightmare
- If the OS-managed package updates the filter, Puppet destroys those updates. This is not bad if I want that... but I want the choice
- There are parameters in the OS-provided filter I cannot currently express in Puppet, eg
before
, so while I can do that, I destroy some package setup.
EG
fail2ban::custom_jails:
'nginx-botsearch':
enabled: true
backend: polling
bantime: 3600
port: http,https
filter: nginx-botsearch
# yamllint disable rule:line-length
filter_datepattern: "{^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\\s*%%z)?\n ^[^\\[]*\\[({DATE})\n {^LN-BEG}"
filter_failregex: "^<HOST> \\- \\S+ \\[\\] \\\"(GET|POST|HEAD) \\/<block> \\S+\\\" 404 .+$\n ^ \\[error\\] \\d+#\\d+: \\*\\d+ (\\S+ )?\\\"\\S+\\\" (failed|is not found) \\(2\\: No such file or directory\\), client\\: <HOST>\\, server\\: \\S*\\, request: \\\"(GET|POST|HEAD) \\/<block> \\S+\\\"\\, .*?$"
logpath: '/var/log/nginx/*error.log'
I will point out that I stumbled upon all of this trying to load RedHat sshd-ddos which now has modes for SSH, and no longer ships with a specific sshd-ddos filter. My solution, as advised by the packaged-provided commentary:
fail2ban::custom_jails:
'01-sshd-ddos':
enabled: true
backend: systemd
port: 'ssh'
logpath: '%(sshd_log)s'
filter: 'sshd[mode=ddos]'
My opinion is that defined type at https://github.com/voxpupuli/puppet-fail2ban/blob/master/manifests/jail.pp has some assumptions that create these problems and can be corrected.
My suggestion is to:
- Create a custom defined type,
fail2ban::filter
, instead of managing filters and jails infail2ban::jail
. This doesn't necessarily affect function, but would/could allow cleaner coding and logic for the module. - Create a Boolean in
fail2ban::jail
,$manage_filter
that allows turning off/on managing the filter.d file infail2ban::jail
While I am here, I will also mention that I think fail2ban::jail
should also have an $ensure
variable so that I can clean up my mistaken/old files in jail.d. Right now I have to disable anything I've tried and/or remove legacy files outside of the module.
I am willing to do a PR if you all agree with the logic.
from puppet-fail2ban.
I realized some very quick-n-dirty edits address at least 80% of what's discussed here, so created #161
from puppet-fail2ban.
Related Issues (20)
- Use of U+2013 (EN DASH) in trusty template causes puppetdb errors HOT 6
- custom_jails are not populating the 'ignoreip" values in the custom_jail.conf.epp template HOT 1
- Update puppet forge HOT 3
- Missing directories when using custom jails HOT 4
- ignoreip in custom jails not populating HOT 3
- Support for RHEL/CentOS 8 HOT 1
- Move templates HOT 8
- Allow multiple data types
- Option to disable service start/stop notifications HOT 1
- Why is firewalld being "deactivated" HOT 2
- Fail2ban does not work on Centos 7
- You cannot specify more than one of content, source, target HOT 3
- hiera jails are not picked up
- Add Ubuntu 22.04 Template HOT 4
- Template for Rocky Linux 8 HOT 2
- Change in case for operatingsystem fact on opensuse
- Please add Debian 12 template HOT 3
- puppet-extlib version HOT 1
- Request for release HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-fail2ban.