From 41aa52e2fd1b046045c54fcfa24d8157228b8070 Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Wed, 8 Nov 2017 14:59:13 +0100 Subject: Fail2Ban: add jailEnabled' & jailConfigured' --- src/Propellor/Property/Fail2Ban.hs | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs index 9f147943..eed93f29 100644 --- a/src/Propellor/Property/Fail2Ban.hs +++ b/src/Propellor/Property/Fail2Ban.hs @@ -16,15 +16,27 @@ type Jail = String -- | By default, fail2ban only enables the ssh jail, but many others -- are available to be enabled, for example "postfix-sasl" jailEnabled :: Jail -> Property DebianLike -jailEnabled name = jailConfigured name "enabled" "true" +jailEnabled name = jailEnabled' name [] + `onChange` reloaded + +jailEnabled' :: Jail -> [(IniKey, String)] -> Property DebianLike +jailEnabled' name settings = + jailConfigured' name (("enabled", "true") : settings) `onChange` reloaded -- | Configures a jail. For example: -- --- > jailConfigured "sshd" "port" "2222" +-- > jailConfigured "sshd" [("port", "2222")] +jailConfigured' :: Jail -> [(IniKey, String)] -> RevertableProperty UnixLike UnixLike +jailConfigured' name settings = + jailConfFile name `iniFileContains` [(name, settings)] + +-- | Adds a setting to a given jail. For example: +-- +-- > jailConfigured "sshd" "port" "2222" jailConfigured :: Jail -> IniKey -> String -> Property UnixLike -jailConfigured name key value = - jailConfFile name `containsIniSetting` (name, key, value) +jailConfigured name key value = + jailConfFile name `containsIniSetting` (name, key, value) jailConfFile :: Jail -> FilePath jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" -- cgit v1.2.3 From 4ca0abf731035fbb8c9aa20210ca3b3fda79958f Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Wed, 8 Nov 2017 15:05:32 +0100 Subject: Fail2Ban: add Filter & Action --- src/Propellor/Property/Fail2Ban.hs | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src') diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs index eed93f29..e44d449b 100644 --- a/src/Propellor/Property/Fail2Ban.hs +++ b/src/Propellor/Property/Fail2Ban.hs @@ -13,6 +13,10 @@ reloaded = Service.reloaded "fail2ban" type Jail = String +type Filter = String + +type Action = String + -- | By default, fail2ban only enables the ssh jail, but many others -- are available to be enabled, for example "postfix-sasl" jailEnabled :: Jail -> Property DebianLike @@ -40,3 +44,9 @@ jailConfigured name key value = jailConfFile :: Jail -> FilePath jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" + +filterConfFile :: Filter -> FilePath +filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".conf" + +actionConfFile :: Action -> FilePath +actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".conf" -- cgit v1.2.3 From 543fb89f5b94402a3fdb62f27832cfe1f9f1842e Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Wed, 8 Nov 2017 15:05:54 +0100 Subject: Fail2Ban: put local settings in .local files (API change) --- src/Propellor/Property/Fail2Ban.hs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs index e44d449b..ca62fe62 100644 --- a/src/Propellor/Property/Fail2Ban.hs +++ b/src/Propellor/Property/Fail2Ban.hs @@ -43,10 +43,10 @@ jailConfigured name key value = jailConfFile name `containsIniSetting` (name, key, value) jailConfFile :: Jail -> FilePath -jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" +jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".local" filterConfFile :: Filter -> FilePath -filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".conf" +filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".local" actionConfFile :: Action -> FilePath -actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".conf" +actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".local" -- cgit v1.2.3 From 3929ef0224d230f66b8d763faaf092b2c20cb1fe Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Fri, 10 Nov 2017 10:28:48 +0100 Subject: Fail2Ban: ensure old .conf files are removed --- src/Propellor/Property/Fail2Ban.hs | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Fail2Ban.hs b/src/Propellor/Property/Fail2Ban.hs index ca62fe62..6428a19f 100644 --- a/src/Propellor/Property/Fail2Ban.hs +++ b/src/Propellor/Property/Fail2Ban.hs @@ -2,6 +2,7 @@ module Propellor.Property.Fail2Ban where import Propellor.Base import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File import qualified Propellor.Property.Service as Service import Propellor.Property.ConfFile @@ -30,17 +31,24 @@ jailEnabled' name settings = -- | Configures a jail. For example: -- --- > jailConfigured "sshd" [("port", "2222")] -jailConfigured' :: Jail -> [(IniKey, String)] -> RevertableProperty UnixLike UnixLike -jailConfigured' name settings = - jailConfFile name `iniFileContains` [(name, settings)] +-- > jailConfigured' "sshd" [("port", "2222")] +jailConfigured' :: Jail -> [(IniKey, String)] -> Property UnixLike +jailConfigured' name settings = propertyList ("jail \"" ++ name ++ "\" configuration") $ props + & File.notPresent (oldJailConfFile name) + -- ^ removes .conf files added by old versions of Fail2Ban properties + & jailConfFile name `iniFileContains` [(name, settings)] -- | Adds a setting to a given jail. For example: -- -- > jailConfigured "sshd" "port" "2222" jailConfigured :: Jail -> IniKey -> String -> Property UnixLike -jailConfigured name key value = - jailConfFile name `containsIniSetting` (name, key, value) +jailConfigured name key value = propertyList ("jail \"" ++ name ++ "\" configuration") $ props + & File.notPresent (oldJailConfFile name) + -- ^ removes .conf files added by old versions of Fail2Ban properties + & jailConfFile name `containsIniSetting` (name, key, value) + +oldJailConfFile :: Jail -> FilePath +oldJailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf" jailConfFile :: Jail -> FilePath jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".local" -- cgit v1.2.3