From 43346121e4fc019cffaded287616b9faa295cd3d Mon Sep 17 00:00:00 2001
From: Filip Polbratt <filip.polbratt@hotmail.com>
Date: Wed, 26 Aug 2020 21:04:11 +0200
Subject: [PATCH] Move fail2ban jail configuration to hiera

---
 data/common.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/data/common.yaml b/data/common.yaml
index 46cba68..12df85a 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -2,3 +2,22 @@
 lysnetwork::ssh::server_package: openssh-server
 lysnetwork::ssh::client_package: openssh
 lysnetwork::ssh::service_name: ssh
+
+lysnetwork::fail2ban::config:
+    DEFAULT:
+      banaction: iptables-multiport
+      ignoreip: 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 130.236.254.0/24
+      backend: systemd
+    sshd:
+      enabled: true
+      findtime: 3600
+      maxretry: 5
+    sshlongterm:
+      banaction: iptables-multiport
+      port: ssh
+      logpath: "%(sshd_log)s"
+      maxretry: 30
+      findtime: 259200
+      bantime: 608400
+      enabled: true
+      filter: sshd
\ No newline at end of file
-- 
GitLab