summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Fail2Ban.hs
blob: 342e2acb21a4c8f84ea2fdd2c5ea220e6c6cde9c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
module Propellor.Property.Fail2Ban where

import Propellor.Base
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Service as Service
import Propellor.Property.ConfFile

installed :: Property DebianLike
installed = Apt.serviceInstalledRunning "fail2ban"

reloaded :: Property DebianLike
reloaded = Service.reloaded "fail2ban"

type Jail = String

type Filter = String

type Action = String

-- | By default, fail2ban only enables the ssh jail, but many others
-- are available to be enabled, for example "postfix-sasl"
jailEnabled :: Jail -> Property DebianLike
jailEnabled name = jailEnabled' name []
	`onChange` reloaded

jailEnabled' :: Jail -> [(IniKey, String)] -> Property DebianLike
jailEnabled' name settings =
	jailConfigured' name (("enabled", "true") : settings)
	`onChange` reloaded

-- | Configures a jail. For example:
--
-- > jailConfigured' "sshd" [("port", "2222")]
jailConfigured' :: Jail -> [(IniKey, String)] -> Property UnixLike
jailConfigured' name settings = propertyList ("jail \"" ++ name ++ "\" configuration") $ props
	-- removes .conf files added by old versions of Fail2Ban properties
	& File.notPresent (oldJailConfFile name)
	& jailConfFile name `iniFileContains` [(name, settings)]

-- | Adds a setting to a given jail. For example:
--
-- > jailConfigured "sshd" "port"  "2222"
jailConfigured :: Jail -> IniKey -> String -> Property UnixLike
jailConfigured name key value = propertyList ("jail \"" ++ name ++ "\" configuration") $ props
	-- removes .conf files added by old versions of Fail2Ban properties
	& File.notPresent (oldJailConfFile name)
	& jailConfFile name `containsIniSetting` (name, key, value)

oldJailConfFile :: Jail -> FilePath
oldJailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf"

jailConfFile :: Jail -> FilePath
jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".local"

filterConfFile :: Filter -> FilePath
filterConfFile name = "/etc/fail2ban/filter.d/" ++ name ++ ".local"

actionConfFile :: Action -> FilePath
actionConfFile name = "/etc/fail2ban/action.d/" ++ name ++ ".local"