From cb76484142d192dc3c0f2903231b97793e5b216e Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Fri, 10 Jan 2020 20:46:21 +0000 Subject: [PATCH 1/2] fix(ng/map.jinja): use `ng:lookup` rather than `lookup` --- fail2ban/ng/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fail2ban/ng/map.jinja b/fail2ban/ng/map.jinja index ac199dc..75ae312 100644 --- a/fail2ban/ng/map.jinja +++ b/fail2ban/ng/map.jinja @@ -20,7 +20,7 @@ 'group': 'root', 'mode': '644', }, -}, merge=salt['pillar.get']('fail2ban:lookup')) %} +}, merge=salt['pillar.get']('fail2ban:ng:lookup')) %} {% set fail2ban = salt['pillar.get']( 'fail2ban:ng', From 10b403f8b445f65118e88872229a978cdae90a4c Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Fri, 10 Jan 2020 20:29:18 +0000 Subject: [PATCH 2/2] ci(kitchen): use `fail2ban.ng` in `state_top` (#35) * Semi-automated using https://github.com/myii/ssf-formula/pull/118 * Fix `ng:lookup` to use values that actually work --- kitchen.yml | 2 +- pillar.example | 36 +++++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index 5dfa5c2..01836d1 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -182,7 +182,7 @@ suites: base: '*': - misc.fake_log_files - - fail2ban + - fail2ban.ng pillars: top.sls: base: diff --git a/pillar.example b/pillar.example index 3d2fd07..d2348cb 100644 --- a/pillar.example +++ b/pillar.example @@ -18,7 +18,7 @@ fail2ban: filter: sshd logpath: /var/log/auth.log maxretry: 6 - port: ssh + port: ssh ignoreip: 127.0.0.1/8 ssh_ddos: action: iptables[name=SSH, port=ssh, protocol=tcp] @@ -46,14 +46,16 @@ fail2ban: # ng: lookup: - prefix: '/opt' - package: 'fail2ban-new-package' + loglevel: ERROR + bantime: 600 + maxretry: 3 + backend: auto # fail2ban.local config: - # FTP-style - source_path: salt://path-to-fail2ban-file + # # FTP-style + # source_path: salt://path-to-fail2ban-file # Template-style loglevel: ERROR @@ -62,8 +64,8 @@ fail2ban: # jail.local jails: - # FTP-style - source_path: salt://path-to-jail-file + # # FTP-style + # source_path: salt://path-to-jail-file # Template-style DEFAULT: @@ -99,10 +101,12 @@ fail2ban: actionban: csf -d Added by Fail2Ban for actionunban: csf -dr - # FTP-style - test-action: - config: - source_path: salt://path-to-action-file + # yamllint disable rule:comments-indentation + # # FTP-style + # test-action: + # config: + # source_path: salt://path-to-action-file + # yamllint enable rule:comments-indentation # filter.d filters: @@ -116,7 +120,9 @@ fail2ban: Definition: failregex: .*(GET|POST).*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi).* - # FTP-style - test-filter: - config: - source_path: salt://path-to-filter-file + # yamllint disable rule:comments-indentation + # # FTP-style + # test-filter: + # config: + # source_path: salt://path-to-filter-file + # yamllint enable rule:comments-indentation