Merge pull request #11 from Oefenweb/added-more-complete-support-for-…

…findtime Added more complete support for findtime
Oefenweb · Jul 21, 2015 · 0143cfc · 0143cfc
2 parents e1144c7 + 1a96179
commit 0143cfc
Show file tree

Hide file tree

Showing 11 changed files with 53 additions and 12 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -4,6 +4,7 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=1.9.2
   - ANSIBLE_VERSION=1.9.1
   - ANSIBLE_VERSION=1.9.0.1
   - ANSIBLE_VERSION=1.8.4

diff --git a/README.md b/README.md
@@ -20,6 +20,7 @@ None
 - `fail2ban_ignoreips`: [default: `[127.0.0.1/8]`]: Which IP address/CIDR mask/DNS host should be ignored from fail2ban's actions
 - `fail2ban_bantime`: [default: `600`]: Sets the bantime
 - `fail2ban_maxretry`: [default: `3`]: Maximum number of retries before the host is put into jail
+- `fail2ban_findtime`: [default: `600`]: A host is banned if it has generated `fail2ban_maxretry` during the last `fail2ban_findtime` (this can be overriden for each service)
 - `fail2ban_backend`: [default: `auto`]: Specifies the backend used to get files modification
 - `fail2ban_email`: [default: `root@localhost`]: Email address which can be used in the interpolation of the `fail2ban_services`
 - `fail2ban_banaction`: [default: `iptables-multiport`]: Sets the global/default banaction (can be overriden on a per role basis)
@@ -43,6 +44,7 @@ fail2ban_services:
     protocol: tcp                 (optional)
     action: action_               (optional)
     banaction: iptables-multiport (optional)
+    findtime: 600                 (optional)
 ```
 
 ## Dependencies
@@ -85,7 +87,7 @@ MIT
 
 #### Author Information
 
-Mischa ter Smitten (based on work of Ansibles)
+Mischa ter Smitten (based on work of [ANXS](https://github.com/ANXS))
 
 #### Feedback, bug-reports, requests, ...
 

diff --git a/Vagrantfile b/Vagrantfile
@@ -30,6 +30,30 @@ boxes = [
     :cpu => "50",
     :ram => "256"
   },
+  {
+    :name => "debian-6010",
+    :box => "opscode-debian-6.0.10",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box",
+    :ip => '10.0.0.13',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-78",
+    :box => "opscode-debian-7.8",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box",
+    :ip => '10.0.0.14',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-81",
+    :box => "opscode-debian-8.1",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box",
+    :ip => '10.0.0.15',
+    :cpu => "50",
+    :ram => "256"
+  },
 ]
 
 Vagrant.configure("2") do |config|

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,5 @@
----
 # defaults file for fail2ban
+---
 fail2ban_loglevel: 3
 fail2ban_logtarget: /var/log/fail2ban.log
 fail2ban_syslog_target: /var/log/fail2ban.log
@@ -11,6 +11,7 @@ fail2ban_ignoreips:
  - 127.0.0.1/8
 fail2ban_bantime: 600
 fail2ban_maxretry: 3
+fail2ban_findtime: 600
 fail2ban_backend: auto
 fail2ban_destemail: root@localhost
 fail2ban_banaction: iptables-multiport
@@ -26,3 +27,4 @@ fail2ban_services:
     filter: sshd
     logpath: /var/log/auth.log
     maxretry: 6
+    findtime: 600
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,5 +1,5 @@
----
 # handlers file for fail2ban
+---
 - name: restart fail2ban
   service:
     name: fail2ban

diff --git a/meta/main.yml b/meta/main.yml
@@ -1,15 +1,23 @@
----
 # meta file for fail2ban
+---
 galaxy_info:
   author: Mischa ter Smitten
   company: Oefenweb.nl B.V.
   description: Set up fail2ban in Debian-like systems
   license: MIT
   min_ansible_version: 1.4
   platforms:
-  - name: Ubuntu
-    versions:
-    - all
+    - name: Ubuntu
+      versions:
+        - lucid
+        - precise
+        - trusty
+    - name: Debian
+      versions:
+        - squeeze
+        - wheezy
+        - jessie
   categories:
-  - system
+    - system
+    - networking
 dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,5 @@
----
 # tasks file for fail2ban
+---
 - name: install
   apt:
     name: fail2ban

diff --git a/templates/etc/fail2ban/jail.local.j2 b/templates/etc/fail2ban/jail.local.j2
@@ -23,6 +23,7 @@
 ignoreip = {{ fail2ban_ignoreips | join(' ') }}
 bantime  = {{ fail2ban_bantime }}
 maxretry = {{ fail2ban_maxretry }}
+findtime = {{ fail2ban_findtime }}
 
 # "backend" specifies the backend used to get files modification. Available
 # options are "gamin", "polling" and "auto".
@@ -103,6 +104,9 @@ maxretry = {{ service.maxretry }}
 {% if service.protocol is defined %}
 protocol = {{ service.protocol }}
 {% endif %}
+{% if service.findtime is defined %}
+findtime = {{ service.findtime }}
+{% endif %}
 {% if service.action is defined %}
 action = %({{ service.action }})s
 {% endif %}

diff --git a/tests/test.yml b/tests/test.yml
@@ -1,5 +1,5 @@
----
 # test file for fail2ban
+---
 - hosts: localhost
   remote_user: root
   roles:

diff --git a/tests/vagrant.yml b/tests/vagrant.yml
@@ -1,5 +1,5 @@
----
 # test file for fail2ban
+---
 - hosts: all
   remote_user: vagrant
   sudo: true

diff --git a/vars/main.yml b/vars/main.yml
@@ -1,2 +1,2 @@
----
 # vars file for fail2ban
+---