Add fail2ban_filter for defining fail2ban filters

diff --git a/cookbooks/fail2ban/providers/filter.rb b/cookbooks/fail2ban/providers/filter.rb
new file mode 100644 (file)
index 0000000..840dc48
--- /dev/null
+++ b/cookbooks/fail2ban/providers/filter.rb
@@ -0,0 +1,39 @@
+#
+# Cookbook Name:: fail2ban
+# Provider:: fail2ban_filter
+#
+# Copyright 2015, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+def whyrun_supported?
+  true
+end
+
+use_inline_resources
+
+action :create do
+  remote_file "/etc/fail2ban/filter.d/#{new_resource.name}.conf" do
+    source new_resource.source
+    owner "root"
+    group "root"
+    mode 0644
+  end
+end
+
+action :delete do
+  file "/etc/fail2ban/filter.d/#{new_resource.name}.conf" do
+    action :delete
+  end
+end

diff --git a/cookbooks/fail2ban/resources/filter.rb b/cookbooks/fail2ban/resources/filter.rb
new file mode 100644 (file)
index 0000000..0a13c83
--- /dev/null
+++ b/cookbooks/fail2ban/resources/filter.rb
@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: fail2ban
+# Resource:: fail2ban_filter
+#
+# Copyright 2015, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :create, :delete
+default_action :create
+
+attribute :name, :kind_of => String, :name_attribute => true
+attribute :source, :kind_of => String
+
+def after_created
+  notifies :reload, "service[fail2ban]"
+end

diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb
index 65c486abf622f492bd3dc3d6b4ccae4d3759ebd5..b8db4b29af8f1fdfb16fd6c0386e7400bbce49a2 100644 (file)
--- a/cookbooks/wordpress/recipes/default.rb
+++ b/cookbooks/wordpress/recipes/default.rb
@@ -31,12 +31,8 @@ package "php-apc"
 apache_module "php5"
 apache_module "rewrite"
 
-remote_file "/etc/fail2ban/filter.d/wordpress.conf" do
-  action :create_if_missing
+fail2ban_filter "wordpress" do
   source "http://plugins.svn.wordpress.org/wp-fail2ban/trunk/wordpress.conf"
-  owner "root"
-  group "root"
-  mode 0644
 end
 
 fail2ban_jail "wordpress" do