summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Fail2Ban.hs
blob: 9f1479430c08dd1fc42407eb141e0201e9f972aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
module Propellor.Property.Fail2Ban where

import Propellor.Base
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service
import Propellor.Property.ConfFile

installed :: Property DebianLike
installed = Apt.serviceInstalledRunning "fail2ban"

reloaded :: Property DebianLike
reloaded = Service.reloaded "fail2ban"

type Jail = String

-- | By default, fail2ban only enables the ssh jail, but many others
-- are available to be enabled, for example "postfix-sasl"
jailEnabled :: Jail -> Property DebianLike
jailEnabled name = jailConfigured name "enabled" "true"
	`onChange` reloaded

-- | Configures a jail. For example:
--
-- > jailConfigured "sshd" "port" "2222"
jailConfigured :: Jail -> IniKey -> String -> Property UnixLike
jailConfigured name key value = 
	jailConfFile name `containsIniSetting` (name, key, value)

jailConfFile :: Jail -> FilePath
jailConfFile name = "/etc/fail2ban/jail.d/" ++ name ++ ".conf"