summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Fail2Ban.hs
blob: 716d376ff74c5eab8f3eb0483b83dec484c7c42f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
module Propellor.Property.Fail2Ban where

import Propellor.Base
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service
import Propellor.Property.ConfFile

installed :: Property NoInfo
installed = Apt.serviceInstalledRunning "fail2ban"

reloaded :: Property NoInfo
reloaded = Service.reloaded "fail2ban"

type Jail = String

-- | By default, fail2ban only enables the ssh jail, but many others
-- are available to be enabled, for example "postfix-sasl"
jailEnabled :: Jail -> Property NoInfo
jailEnabled name = jailConfigured name "enabled" "true"
	`onChange` reloaded

-- | Configures a jail. For example:
--
-- > jailConfigured "sshd" "port" "2222"
jailConfigured :: Jail -> IniKey -> String -> Property NoInfo
jailConfigured name key value = 
	jailConfFile name `containsIniSetting` (name, key, value)

jailConfFile :: Jail -> FilePath
jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf"