Skip to content

jacob-elektronik/fail2ban-formula

 
 

Repository files navigation

fail2ban-formula

Travis CI Build Status Semantic Release

fail2ban scans log files for malicious activity and executes actions based on what it finds.

WARNING: BREAKING CHANGES SINCE v1.0.0

Prior to v1.0.0, this formula provided two methods for managing Fail2Ban; the old method under fail2ban and the new method under fail2ban.ng. The old method has now been removed and fail2ban.ng has been promoted to be fail2ban in its place.

If you are not in a position to migrate, please pin your repo to the final release tag before v1.0.0, i.e. v0.17.2.

To migrate from fail2ban.ng, simply modify your pillar to promote the entire section under fail2ban:ng so that it is under fail2ban instead. So with the editor of your choice, highlight the entire section and then unindent one level. Finish by removing the ng: line.

To migrate from the old fail2ban, first convert to fail2ban.ng under v0.17.2. and then follow the steps laid out in the paragraph directly above.

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

Commit message formatting is significant!!

Please see How to contribute for more details.

Meta state for inclusion of all states.

Install the fail2ban package.

Configure fail2ban creating a jail.local file based on pillar data that overrid jail.conf. It also creates a file.local per action/filter. Either in jails, actions or filters is possible to setup a source_path options to upload your configuration directly (see pillar.example). It is also possible to remove either actions or filters setting up enabled: False in it section (see pillar.example).

It is also possible to specify the source file for config, jails, actions and filters instead of using the template:

fail2ban:
  ng:
    config:
      source_path: salt://path-to-fail2ban-config-file
    jails:
      source_path: salt://path-to-fail2ban-config-file
    actions:
      name-of-action:
        config:
          source_path: salt://path-to-action-file
    filters:
      name-of-filter:
        config:
          source_path: salt://path-to-filter-file

Manage fail2ban service. It is also possible to disable the service using the following pillar configuration:

fail2ban:
  enabled: false

Linux testing is done with kitchen-salt.

  • Ruby
  • Docker
$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.

Creates the docker instance and runs the fail2ban main state, ready for testing.

Runs the inspec tests on the actual instance.

Removes the docker instance.

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

Gives you SSH access to the instance for manual testing.

Packages

No packages published

Languages

  • Ruby 58.6%
  • SaltStack 17.2%
  • JavaScript 16.5%
  • HTML 4.3%
  • Shell 3.4%