summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2017-11-12 15:59:47 -0400
committerJoey Hess2017-11-12 15:59:47 -0400
commitfa8392c6c87d04c2a2f4717780ce011b741e6769 (patch)
treedfafbc06a1bf5745d339267e89b17c3a5563f374 /src
parent19a0a53469ad5288fa6688f5e140994a3be63f8e (diff)
parent3929ef0224d230f66b8d763faaf092b2c20cb1fe (diff)
Merge remote-tracking branch 'felix/fail2ban'
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Fail2Ban.hs40
1 files changed, 35 insertions, 5 deletions
diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs
index 9f147943..6428a19f 100644
--- a/src/Propellor/Property/Fail2Ban.hs
+++ b/src/Propellor/Property/Fail2Ban.hs
@@ -2,6 +2,7 @@ module Propellor.Property.Fail2Ban where
import Propellor.Base
import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
import qualified Propellor.Property.Service as Service
import Propellor.Property.ConfFile
@@ -13,18 +14,47 @@ reloaded = Service.reloaded "fail2ban"
type Jail = String
+type Filter = String
+
+type Action = String
+
-- | By default, fail2ban only enables the ssh jail, but many others
-- are available to be enabled, for example "postfix-sasl"
jailEnabled :: Jail -> Property DebianLike
-jailEnabled name = jailConfigured name "enabled" "true"
+jailEnabled name = jailEnabled' name []
+ `onChange` reloaded
+
+jailEnabled' :: Jail -> [(IniKey, String)] -> Property DebianLike
+jailEnabled' name settings =
+ jailConfigured' name (("enabled", "true") : settings)
`onChange` reloaded
-- | Configures a jail. For example:
--
--- > jailConfigured "sshd" "port" "2222"
+-- > jailConfigured' "sshd" [("port", "2222")]
+jailConfigured' :: Jail -> [(IniKey, String)] -> Property UnixLike
+jailConfigured' name settings = propertyList ("jail \"" ++ name ++ "\" configuration") $ props
+ & File.notPresent (oldJailConfFile name)
+ -- ^ removes .conf files added by old versions of Fail2Ban properties
+ & jailConfFile name `iniFileContains` [(name, settings)]
+
+-- | Adds a setting to a given jail. For example:
+--
+-- > jailConfigured "sshd" "port" "2222"
jailConfigured :: Jail -> IniKey -> String -> Property UnixLike
-jailConfigured name key value =
- jailConfFile name `containsIniSetting` (name, key, value)
+jailConfigured name key value = propertyList ("jail \"" ++ name ++ "\" configuration") $ props
+ & File.notPresent (oldJailConfFile name)
+ -- ^ removes .conf files added by old versions of Fail2Ban properties
+ & jailConfFile name `containsIniSetting` (name, key, value)
+
+oldJailConfFile :: Jail -> FilePath
+oldJailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf"
jailConfFile :: Jail -> FilePath
-jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf"
+jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".local"
+
+filterConfFile :: Filter -> FilePath
+filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".local"
+
+actionConfFile :: Action -> FilePath
+actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".local"