Add fail2ban

[perso/Immae/Projets/Puppet.git] / modules / base_configuration / manifests / init.pp

diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
index 4c6ca1e155cd5d210644aade25a239ea74322aaf..f432e293b0f6d2c142bb792d36e83a2e3d6a58d1 100644 (file)
--- a/modules/base_configuration/manifests/init.pp
+++ b/modules/base_configuration/manifests/init.pp
@@ -49,4 +49,28 @@ class base_configuration (
         'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
      }
   }
+
+  class { 'pacman':
+    color => true,
+  }
+
+  pacman::repo { 'multilib':
+    order   => 15,
+    include => '/etc/pacman.d/mirrorlist'
+  }
+
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
 }