From a37e5d7a961b6f6373c4f91e6c114d81e2e3261b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 10 Aug 2016 13:27:09 +0200
Subject: [PATCH] Add fail2ban

---
 .gitmodules                                  |  6 +++---
 modules/base_configuration/manifests/init.pp | 15 +++++++++++++++
 modules/fail2ban                             |  1 +
 3 files changed, 19 insertions(+), 3 deletions(-)
 create mode 160000 modules/fail2ban

diff --git a/.gitmodules b/.gitmodules
index 3a8bbe0..5310ea7 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -19,6 +19,6 @@
 [submodule "modules/puppetlabs_concat"]
 	path = modules/concat
 	url = https://github.com/puppetlabs/puppetlabs-concat.git
-[submodule "modules/pacman"]
-	path = modules/pacman
-	url = https://github.com/aboe76/puppet-pacman.git
+[submodule "modules/fail2ban"]
+	path = modules/fail2ban
+	url = git://git.immae.eu/github/lelutin/puppet-fail2ban
diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
index dca17b3..f432e29 100644
--- a/modules/base_configuration/manifests/init.pp
+++ b/modules/base_configuration/manifests/init.pp
@@ -58,4 +58,19 @@ class base_configuration (
     order   => 15,
     include => '/etc/pacman.d/mirrorlist'
   }
+
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
 }
diff --git a/modules/fail2ban b/modules/fail2ban
new file mode 160000
index 0000000..40b2dc4
--- /dev/null
+++ b/modules/fail2ban
@@ -0,0 +1 @@
+Subproject commit 40b2dc48cfe7bc44cf8d85887614482892f39a69
-- 
2.41.0