Add logrotate

[perso/Immae/Projets/Puppet.git] / modules / base_configuration / manifests / init.pp

diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
index dca17b34965cb39e09f0dea873b12e44709253d8..2b20a0e89908e0aabc688d5690a8eaa1ea271dfb 100644 (file)
--- a/modules/base_configuration/manifests/init.pp
+++ b/modules/base_configuration/manifests/init.pp
@@ -58,4 +58,52 @@ class base_configuration (
     order   => 15,
     include => '/etc/pacman.d/mirrorlist'
   }
+
+  class { '::logrotate':
+    manage_cron_daily => false,
+    config => {
+      rotate_every => 'week',
+      rotate       => 4,
+      create       => true,
+      compress     => true,
+      olddir       => '/var/log/old',
+      tabooext     => "+ .pacorig .pacnew .pacsave",
+    }
+  }
+
+  logrotate::rule { 'wtmp':
+    path         => '/var/log/wtmp',
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0664',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => '1',
+    minsize      => '1M',
+  }
+  logrotate::rule { 'btmp':
+    path         => '/var/log/btmp',
+    missingok    => true,
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0600',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => '1',
+  }
+
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
 }