Closed cruelsmith closed 3 months ago
thanks @cruelsmith for the bug report! and also @TwizzyDizzy for confirmation with emojis.
I should probably set myself up with an RHEL VM to check that up. and better still eventually it would be nice to have integration tests that run on the different supported distros in CI.
debian's configuration follows what's coming from upstream, e.g.
https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L161-L167
Do most filter files deployed with fail2ban on EL now contain the mode parameter?
a simple solution would be to add the definition of $mode
to templates/redhat/jail.conf.epp
so that there is a global value defined. This would remove the error that you see by default and it would be effectively the same as your workaround but defined only in one place. and if the filter files in EL support the mode param then it adds this config lever to users.
I've just merged !68 to fix this issue. Thanks to @minorOffense for the fix!
I'll try and get around to making a release soon on forge
Under EL the changed
$filter = '%(__name__)s[mode=%(mode)s]'
from the 4.0.0 release created brokenfail2ban::jail
configs because it does not apply the default$fail2ban::mode
. It also does not set it via thejail.conf
like under Debian: https://github.com/lelutin/puppet-fail2ban/blob/321582b6e070db6803ce5de0acfee48edcc2e6b1/templates/debian/jail.conf.epp#L173-L174Code refernces: https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/init.pp#L79-L85 https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/init.pp#L179 https://github.com/lelutin/puppet-fail2ban/blob/86a14c438d67089ea11de39599e8369c17fbe490/manifests/jail.pp#L160
Current workaround: Apply manual the
mode
to eachfail2ban::jail
or change thefilter
back to$filter = '%(__name__)s'