Open lelutin opened 2 years ago
There's a nice feature for bantime increment that's been available for a while in the debian version. https://visei.com/2020/05/incremental-banning-with-fail2ban/
I might add this feature if I find the time
huh wait... that's a thing? why did I miss those previously :( ...sometimes finding fail2ban's documentation is actually pretty hard. those values are still not documented in the manpage in debian sid.
good find though! from what I can see Vox Pupuli has not implemented this yet in their similar module https://github.com/voxpupuli/puppet-fail2ban
I'm interested in reviewing and merging your changes if you happen to implement this :)
I guess now the big question is "what name should we give those new parameters?" $bantime
is already taken and AFAIR puppet doesn't permit dots in variable names. so.... mabye we permit $bantime
to be either a string of the current format, or a hash with certain expected keys (e.g. with a type alias we can restrict which keys should be found)?
I wonder where the current value for $bantime
would live in the hash-form of the variable. a key that's an empty string? (i.e. bantime => { "" => "1d" }
-- meh) a repeat of bantime
for the key name? (i.e. bantime => { "bantime" => "1d" }
-- slightly more meh)
also fyi, on the main
branch I've "recently" implemented more parameters for a couple of the different resources -- although none of the bantime.*
ones. I haven't released this new work yet on forge since I hit a snag when enabling puppet-lint in CI. but that won't be a blocker to your addition if you send something this way
well, until we can use v.4+ in our aging puppet setup, I don't think I'll be able to jump in here :/
In the mean time, I've used this on each jail I want to implement the increment feature
'additional_options' => { 'bantime.increment' => 'true', },
This option can also be specified in local.conf/fail.conf
As for the name, maybe split existing bantime var and new features. New parameters could be a hash named 'bantime-extra' or something.
accoring to documentation, there are many parameters to a jail definition that this module is not exposing.
https://manpages.debian.org/testing/fail2ban/jail.conf.5.en.html#JAIL_CONFIGURATION_FILE(S)_(jail.conf)
The missing parameters should be added as params to
fail2ban::jail