Add fail2ban

3 files changed, 18 insertions, 3 deletions

diff --git a/.gitmodules b/.gitmodules
index 3a8bbe0..5310ea7 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -19,6 +19,6 @@
 [submodule "modules/puppetlabs_concat"]
         path = modules/concat
         url = https://github.com/puppetlabs/puppetlabs-concat.git
-[submodule "modules/pacman"]
-        path = modules/pacman
-        url = https://github.com/aboe76/puppet-pacman.git
+[submodule "modules/fail2ban"]
+        path = modules/fail2ban
+        url = git://git.immae.eu/github/lelutin/puppet-fail2ban
diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
index dca17b3..f432e29 100644
--- a/modules/base_configuration/manifests/init.pp
+++ b/modules/base_configuration/manifests/init.pp
@@ -58,4 +58,19 @@ class base_configuration (
     order   => 15,
     include => '/etc/pacman.d/mirrorlist'
   }
+
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
 }
diff --git a/modules/fail2ban b/modules/fail2ban
new file mode 160000
+Subproject 40b2dc48cfe7bc44cf8d85887614482892f39a6