Skip to content

Latest commit

 

History

History
1433 lines (894 loc) · 41.2 KB

REFERENCE.md

File metadata and controls

1433 lines (894 loc) · 41.2 KB
Raw

Reference

Table of Contents

Classes

Public Classes

  • fail2ban: Manage fail2ban and its configuration to jam bruteforce attempts on services running on a computer.

Private Classes

  • fail2ban::config: Configure fail2ban service
  • fail2ban::install: Install fail2ban
  • fail2ban::service: Enable fail2ban daemon

Defined types

Data types

  • Fail2ban::AutoOrFlag: A boolean flag that can also be set to the string 'auto'.
  • Fail2ban::Backend: Backend names that fail2ban understands Can be one of the pre-defined backend names, "systemd" with optionally a list of parameters between s
  • Fail2ban::Bantime_extra: Optional additional bantime.* options. See manifests/init.pp for details about what each option means.
  • Fail2ban::Dbfile: Where fail2ban's database gets stored. None disables storage
  • Fail2ban::Loglevel: How much logging is needed from fail2ban
  • Fail2ban::Logtarget: Where logs are sent
  • Fail2ban::Port: Possible values for the port parameter ports can be specified by number, but you can also pass in a comma-separated list of values in a strin
  • Fail2ban::Protocol: Options for protocol type This is used by the default action iptables-multiport to defined what protocol to ban for the specified ports.
  • Fail2ban::Syslogsocket: Path to a socket for communication with syslog, or 'auto' for letting fail2ban auto-discover the path.
  • Fail2ban::Time: Time in seconds for some configuration options can be specified either in an integer number of seconds, or an abbreviation that can help spec
  • Fail2ban::Usedns: Possible values for usedns parameter

Classes

fail2ban

fail2ban/manifests/init.pp

  • Note blocktype is not offered as a global option since it's not a great idea to set a globally used default value for this option. It's used differently by all actions and different values are expected from each action, so it's generally recommended to override this for each action individually by creating a .local file in actions.d.

  • See also

Examples

basic usage
class { 'fail2ban: }
ignore localhost and another non-routable IP
class { 'fail2ban':
  ignoreip => ['127.0.0.1', '10.0.0.1'],
}

Parameters

The following parameters are available in the fail2ban class:

rm_fail2ban_local

Data type: Boolean

Force removal of file /etc/fail2ban/fail2ban.local if present.

Default value: true

rm_jail_local

Data type: Boolean

Force removal of file /etc/fail2ban/jail.local if present.

Default value: true

purge_fail2ban_dot_d

Data type: Boolean

Remove all unmanaged files in /etc/fail2ban/fail2ban.d/

Default value: true

purge_jail_dot_d

Data type: Boolean

Remove all unmanaged files in /etc/fail2ban/jail.d/

Default value: true

config_file_mode

Data type: Stdlib::Filemode

File mode set on all fail2ban configuration files managed by this module.

Default value: '0644'

manage_service

Data type: Boolean

Manage the fail2ban service, true by default

Default value: true

fail2ban_conf_template

Data type: String[1]

Alternative template to use for the fail2ban.conf file.

Default value: 'fail2ban/fail2ban.conf.epp'

loglvl

Data type: Fail2ban::Loglevel

Set fail2ban's loglevel.

Default value: 'INFO'

logtarget

Data type: Fail2ban::Logtarget

Define where fail2ban's logs are sent.

Default value: '/var/log/fail2ban.log'

syslogsocket

Data type: Fail2ban::Syslogsocket

Path to syslog's socket file, or "auto" for automatically discovering it.

Default value: 'auto'

socket

Data type: Stdlib::Absolutepath

Path to fail2ban's own socket file. This file is used by fail2ban-client to communicate with the daemon.

Default value: '/var/run/fail2ban/fail2ban.sock'

pidfile

Data type: Stdlib::Absolutepath

Path to fail2ban's pid file. This usually needs to be in a place where the init script or systemd unit file can find it.

Default value: '/var/run/fail2ban/fail2ban.pid'

allowipv6

Data type: Fail2ban::AutoOrFlag

Whether or not fail2ban interfaces with IPv6 stack on the system. Defaults to auto. Set to boolean true or false to force allowing or disallowing, respectively.

Default value: 'auto'

dbfile

Data type: Fail2ban::Dbfile

Path to fail2ban's database file.

Default value: '/var/lib/fail2ban/fail2ban.sqlite3'

dbpurgeage

Data type: Integer

Age of entries in fail2ban's database that get removed when performing a database purge operation.

Default value: 86400

dbmaxmatches

Data type: Integer

Number of matches stored in database per ticket.

Default value: 10

stacksize

Data type: Variant[Integer[0,0], Integer[32]]

Specifies the stack size (in KiB) to be used for subsequently created threads, and must be 0 or a positive integer value of at least 32. 0 means that fail2ban will use platform or configured default.

Default value: 0

jail_conf_template

Data type: String[1]

Alternative template to use for the jail.conf file.

Default value: 'fail2ban/debian/jail.conf.epp'

enabled

Data type: Boolean

Whether or not to enable jails by default. fail2ban's man page recommends to keep this to false, but by default the module purges jail.d of unknown files so it might be safe to set to true in order to avoid repeating this setting on all jails. If you set purge_jail_dot_d to false, it might be wiser to keep this to false in order to avoid enabling jails that get dropped in jail.d.

Default value: false

mode

Data type: String

Change the default behavior for filters. Watch out however, each individual filter can define its own value and so most values are not guaranteed to be available with all filters. The mode will generally determine which regular expressions the filter will include. To know exactly which values are available in filters, you need to read their configuration files.

Default value: 'normal'

backend

Data type: Fail2ban::Backend

Default method used to get information from logs.

Default value: 'auto'

usedns

Data type: Fail2ban::Usedns

Default behaviour whether or not to resolve IPs when they are found in a log by a filter.

Default value: 'warn'

filter

Data type: String

Default name of filter to use for jails.

Default value: '%(__name__)s[mode=%(mode)s]'

logpath

Data type: Array[String]

Array of absolute paths specifying the default path(s) to log file(s) being used by jails. This value is usually not set and logpath is defined for each jail for more clarity.

Default value: []

logencoding

Data type: String

Name of the encoding of log files. If set to "auto", fail2ban will use what is set in the system's locale setting.

Default value: 'auto'

logtimezone

Data type: Optional[String]

Force a timezone by default for logs that don't specify them on timestamps.

Default value: undef

datepattern

Data type: Optional[String]

Change the default format of recognized dates. Warning: it is generally not recommended to change the global value, if at all. If you need to change the datepattern for some reason, it is usually recommended to set this paramter at filter level.

Default value: undef

prefregex

Data type: Optional[String]

Regular expression to parse common part in every message.

Default value: undef

failregex

Data type: Optional[Variant[String, Array[String[1]]]]

Array of regular expressions to add to all filters' failregex. This is usually not used at the global level, but it can still be set.

Default value: undef

ignoreregex

Data type: Optional[Variant[String, Array[String[1]]]]

Array of regular expressions to add to all filters' ignoreregex. This is usually not used at the global level, but could be useful to have something excluded from bans everywhere.

Default value: undef

ignoreself

Data type: Boolean

If set to false, fail2ban will not ignore IP addresses that are bound to interfaces on the host.

Default value: true

ignoreip

Data type: Array[String, 0]

Default list of IPs or CIDR prefixes that should not get banned.

Default value: ['127.0.0.1']

ignorecommand

Data type: Optional[String]

Default command used to determine if an IP should be exempted from being banned.

Default value: undef

ignorecache

Data type: Optional[String]

If set, caches the results from ignoreip, ignoreself and ignorecommand for a set amount of time to avoid calling ignorecommand repeatedly.

Default value: undef

maxretry

Data type: Integer[1]

Default number of times an IP should be detectd by a filter during findtime for it to get banned.

Default value: 3

maxlines

Data type: Optional[Integer[1]]

Default number of lines to buffer for regex search. Used for multi-line regexes. Note that it is rather unsual to set a default global value for this, and it is usually rather set on a filter itself.

Default value: undef

maxmatches

Data type: Variant[Integer[1], String]

Number of matches stored in ticket.

Default value: '%(maxretry)s'

findtime

Data type: Fail2ban::Time

Default interval during which to count occurences of an IP.

Default value: '10m'

action

Data type: Variant[String, Array[String, 1]]

List of default actions that get called when an IP triggers maxretry number of times a filter within findtime.

Default value: ['%(action_)s']

bantime

Data type: Fail2ban::Time

Default duration in number of seconds to ban an IP address for.

Default value: '10m'

bantime_extra

Data type: Optional[Fail2ban::Bantime_extra]

Set of additional optional settings relating to bantime. The keys in this structure are set in the configuration file as bantime.$key. The different possible keys are:

  • increment: boolean. set to true to make IP search happen across all jails instead of only the one being processed.
  • maxtime: string. maximum number of seconds that the formula (see below) can reach.
  • rndtime: string. upper bounds in seconds for ban time randomization (to prevent bots from guessing the exact ban time)
  • formula: string. python mathematical expression used for calculating next value of ban time. The values provided by the formula are multiplied by bantime and by the factor exponent coefficient to give the actual amount of time that an IP gets banned.
  • factor: sting. coefficient to calculate exponent growing of the ban times. The default value is 1, thus the bantime grows by 1, 2, 4, 8, 16...
  • multipliers: string. if set, used to calculate the next ban times instead of the formula. numbers are used sequentially until the last one is reached, at which point the same value will be used for all subsequent bantimes.
  • overalljails: boolean. if set to true, search for IP in the database will be done across all jails instead of only the currently processed jail.

Default value: undef

banaction

Data type: String

Default action name extrapolated when defining some of the default actions.

Default value: 'iptables-multiport'

banaction_allports

Data type: String

Default action name that can be extrapolated when defining some of the default actions. This one is meant to ban all ports at once instead of specific ones.

Default value: 'iptables-allports'

chain

Data type: String

Default name of the iptables chain used by iptables-based actions.

Default value: 'INPUT'

port

Data type: Fail2ban::Port

Default comma separated list of ports, port names or port ranges used by actions when banning an IP.

Default value: '0:65535'

protocol

Data type: Fail2ban::Protocol

Default protocol name used by actions.

Default value: 'tcp'

mta

Data type: String

Default program name used for sending out email by actions that do so.

Default value: 'sendmail'

destemail

Data type: String

Default email address used as recipient by actions that send out emails.

Default value: 'root@localhost'

sender

Data type: String

Default email address set as sender by actions that send out emails.

Default value: 'root@localhost'

fail2ban_agent

Data type: String

User-agent sent on HTTP requests that are made by some actions.

Default value: 'Fail2Ban/%(fail2ban_version)s'

Defined types

fail2ban::action

fail2ban/manifests/action.pp

Actions define what fail2ban should do when if finds mischief happening in logs. Usually, an action defines commands that should be run during setup/teardown and commands for when a ban or an unban happen. Using action you can make fail2ban whatever you want, from creating an iptables rule to calling out to your edge server API to create a rule there instead.

  • See also
    • jail.conf(5)

Examples

defining a new action to call out to a REST API
fail2ban::action { 'rest_api':
  ensure      => present,
  actionban   => ['curl -s -X PUT http://yourapi:8080/theapi/v4/firewall/rules -H "Content-Type:application/json" -H "Authorization: ..." -d "{\"ban\": \"<ip>\"}"'],
  actionunban => ['curl -s -X DELETE http://yourapi:8080/theapi/v4/firewall/rules/1 -H "Authorization: ..."'],
}

Parameters

The following parameters are available in the fail2ban::action defined type:

ensure

Data type: Enum['present', 'absent']

Whether the resources should be installed or removed.

Default value: 'present'

config_file_mode

Data type: String

Permission mode given to the filter file created by this defined type.

Default value: '0644'

timeout

Data type: Optional[Integer[1]]

Special tag in the Init section that, if present, defines the maximum period of time in seconds that an action command can be executed before being killed.

Default value: undef

init

Data type: Array[String]

List of arbitrary lines that will be a part of the [Init] section. All tags (variables) defined in this section can be overridden by any individual jail to change the action's behaviour.

Default value: []

includes

Data type: Array[String]

List of files to include before considering the rest of the action definition. These files can declare variables used by the action to set default or common behaviours.

Default value: []

includes_after

Data type: Array[String]

List of files to include after action definition.

Default value: []

additional_defs

Data type: Array[String]

List of arbitrary lines that should appear at the begining of the action's definition section, for anything that didn't fit in other parameters. Each item in the list is output on its own line in the action file. No syntax checking is done.

Default value: []

actionban

Data type: Array[String[1], 1]

List of commands that are executed when fail2ban has found too many matches for a given IP address.

actionunban

Data type: Array[String[1], 1]

List of commands that are executed after bantime has elapsed.

actioncheck

Data type: Array[String[1]]

List of commands that are run by fail2ban before any other action to verify that the environment (or setup) is still in good shape.

Default value: []

actionstart

Data type: Array[String[1]]

List of commands that are executed when the jail is started.

Default value: []

actionstop

Data type: Array[String[1]]

List of commands that are executed when the jail is stopped.

Default value: []

fail2ban::filter

fail2ban/manifests/filter.pp

Filters are how fail2ban detects mischief in logs. They contain regular expressions that should catch bad activity and identify the IP that is doing this activity.

Examples

defining filter for jenkins
fail2ban::filter { 'jenkins':
  failregexes => [
    # Those regexes are really arbitrary examples.
    'Invalid login to Jenkins by user mooh by IP \'<HOST>\'',
    'Forced entry trial by <HOST>',
  ],
}

Parameters

The following parameters are available in the fail2ban::filter defined type:

filter_template

Data type: String[1]

Path to the epp template given to the epp() function in order to render the filter file.

Default value: 'fail2ban/filter.epp'

failregexes

Data type: Array[String, 1]

List of regular expressions that will be run against new log lines as they reach fail2ban. The regular expressions follow the Python regular expression format, and there are some special patterns that fail2ban can use. See the jail.conf(5) man page for more details. Each item in the list is placed on its own line. Lines starting with the second one are prepended with spaces so that the regular expressions line up with the beginning of the first one.

ensure

Data type: Enum['present', 'absent']

Whether the resources should be installed or removed.

Default value: 'present'

config_file_mode

Data type: String

Permission mode given to the filter file created by this defined type.

Default value: '0644'

init

Data type: Array[String]

List of arbitrary lines that should appear in the optional filter Init section. Variable definitions in the Init section can be overridden by users in *.local files. Each item in the list is output on its own line in the filter file. No syntax checking is done.

Default value: []

includes

Data type: Array[String, 0]

List of files to include before considering the rest of the filter definition. These files can declare variables used by the filter to set default behaviours.

Default value: []

includes_after

Data type: Array[String, 0]

List of files to include after filter definition.

Default value: []

additional_defs

Data type: Array[String, 0]

List of arbitrary lines that should appear at the begining of the filter's definition section, for anything that didn't fit in other parameters. Each item in the list is output on its own line in the filter file. No syntax checking is done.

Default value: []

prefregex

Data type: Optional[String]

If this is set, it contains a regular expression that should be used to parse (after datepattern found a match) a common part to all messages that can then match a smaller failregex or ignoreregex. If this regex does not match, then failregex or ignoreregex are not even tried.

Default value: undef

ignoreregexes

Data type: Array[String, 0]

List of Python regular expressions that should prevent a log line from being considered for banning. If a line matches regular expressions contained in this parameter, they are ignored even though they would have matched a failregex. Each item in the list is placed on its own line. Lines starting with the second one are prepended with spaces so that the regular expressions line up with the beginning of the first one.

Default value: []

maxlines

Data type: Optional[Integer[1]]

Maximum number of lines that fail2ban should buffer for matching multi-line regexes.

Default value: undef

datepattern

Data type: Optional[String]

Custom date pattern/regex for the log file. This is useful if dates use a non-standard formatting.

Default value: undef

journalmatch

Data type: Optional[String]

If the log backend is set to systemd, this specifies a matching pattern to filter journal entries.

Default value: undef

fail2ban::jail

fail2ban/manifests/jail.pp

Jails are the top level of fail2ban configuration; what you'll be using most often to setup protection of a service from bruteforce attempts or pesky attack traffic. They rely on a filter to find out IPs that are doing mischief, and then use an action to ban (and subsequently unban) IPs.

Most parameters of this defined type are used for overriding what has been set in the global context in jail.conf/jail.local (see parameters to the fail2ban class). They are not mandatory if you can reuse the global values.

Examples

creating simple jail for service
fail2ban::jail { 'honeypot':
  findtime => 300,
  maxretry => 1,
  port     => 'all',
  logpath  => ['/var/log/honeypot.log'],
}
using a pre-defined jail
$ssh_params = lookup('fail2ban::jail::sshd')
fail2ban::jail { 'sshd':
  * => $ssh_params,
}
overriding parameters from a pre-defined jail
$ssh_extra_params  = {
  'bantime'  => 300,
  'findtime' => 200,
  'maxretry' => 3,
}
$ssh_params = lookup('fail2ban::jail::sshd') + $ssh_extra_params
fail2ban::jail { 'sshd':
  * => $ssh_params,
}

Parameters

The following parameters are available in the fail2ban::jail defined type:

ensure

Data type: Enum['present','absent']

Whether resources for the defined jail should be installed or removed.

Default value: 'present'

config_file_mode

Data type: String

Permission mode given to the jail file created by this defined type.

Default value: '0644'

enabled

Data type: Boolean

Whether or not a jail is enabled. Setting this to false makes it possible to keep configuration around for a certain jail but temporarily disable it.

Default value: true

mode

Data type: Optional[String]

Change the behavior of the filter used by this jail. The mode will generally determine which regular expressions the filter will include. The values that this can take are determined by each individual filter. To know exactly which values are available in filters, you need to read their configuration files.

Default value: undef

backend

Data type: Optional[Fail2ban::Backend]

Method used by fail2ban to obtain new log lines from the log file(s) in logpath.

Default value: undef

usedns

Data type: Optional[Fail2ban::Usedns]

Whether or not to resolve DNS hostname of IPs that have been found by a failregex.

Default value: undef

filter

Data type: Optional[String]

Name of the filter to use for this jail. The default value for the filter is usually to use a filter with the same name as the jail name (although this could be changed by the filter parameter on the fail2ban class).

Default value: undef

logpath

Data type: Array[String]

Array of absolute paths to the log files against which regular expressions should be verified to catch activity that you want to block. This parameter must be set to a non-empty array when not using the 'systemd' backend, however it must be empty if the 'systemd' backend is used.

Default value: []

logencoding

Data type: Optional[String]

Name of the encoding of log files. If set to "auto", fail2ban will use what is set in the system's locale setting.

Default value: undef

logtimezone

Data type: Optional[String]

Force a timezone if the logs don't specify them on timestamps.

Default value: undef

datepattern

Data type: Optional[String]

Change the format of dates recognized by the filter this jail uses.

Default value: undef

prefregex

Data type: Optional[String[1]]

Regular expression to parse common part in every message for this jail.

Default value: undef

failregex

Data type: Optional[Array[String[1]]]

Regular expressions to add to the failregex of the filter used by this jail.

Default value: undef

ignoreregex

Data type: Optional[Array[String[1]]]

Regular expressions to add to the ignoreregex of the filter used by this jail.

Default value: undef

ignoreself

Data type: Optional[Boolean]

If set to false, fail2ban will not ignore IP addresses, for this jail, that are bound to interfaces on the host.

Default value: undef

ignoreip

Data type: Optional[Array[String, 1]]

List of IPs or CIDR prefixes to ignore when identifying matches of failregex. The IPs that fit the descriptions in this parameter will never get banned by the jail.

Default value: undef

ignorecommand

Data type: Optional[String]

Command used to determine if an IP should found by a failregex be ignored. This can be used to have a more complex and dynamic method of listing and identifying IPs that should not get banned. It can be used also when ignoreip is present.

Default value: undef

ignorecache

Data type: Optional[String]

If set, caches the results from ignoreip, ignoreself and ignorecommand for a set amount of time to avoid calling ignorecommand repeatedly.

Default value: undef

maxretry

Data type: Optional[Integer[1]]

Number of failregex matches during findtime after which an IP gets banned.

Default value: undef

maxlines

Data type: Optional[Integer[1]]

Number of lines to buffer for filter's regex search when looking for multi-line regex matches.

Default value: undef

maxmatches

Data type: Optional[Variant[Integer[1], String]]

Number of matches stored in ticket.

Default value: undef

findtime

Data type: Optional[Fail2ban::Time]

Time period in seconds during which maxretry number of matches will get an IP banned.

Default value: undef

action

Data type: Optional[Variant[String, Array[String, 1]]]

List of actions that should be used to ban and unban IPs when maxretry matches of failregex has happened for an IP during findtime.

Default value: undef

bantime

Data type: Optional[Fail2ban::Time]

Time period in seconds for which an IP is banned if maxretry matches of failregex happen for the same IP during findtime.

Default value: undef

bantime_extra

Data type: Optional[Fail2ban::Bantime_extra]

Set of additional optional settings relating to bantime. The keys in this structure are set in the configuration file as bantime.$key. See the same parameter in class fail2ban for more details on the possible values.

Default value: undef

banaction

Data type: Optional[String]

Name of the action that is extrapolated in default action definitions, or in the action param. This can let you override the action name but keep the default parameters to the action.

Default value: undef

banaction_allports

Data type: Optional[String]

Action name that can be extrapolated by some of the default actions. This one is meant to ban all ports at once instead of specific ones. Setting this will change the action for this jail.

Default value: undef

chain

Data type: Optional[String]

Name of the iptables chain used by iptables-based actions.

Default value: undef

port

Data type: Optional[Fail2ban::Port]

Comma separated list of ports, port ranges or service names (as found in /etc/services) that should get blocked by the ban action.

Default value: undef

protocol

Data type: Optional[Fail2ban::Protocol]

Name of the protocol to ban using the action.

Default value: undef

mta

Data type: Optional[String]

Program name used for sending out email by actions that do so.

Default value: undef

destemail

Data type: Optional[String]

Email address used as recipient by actions that send out emails. Setting this will override destemail for this jail only.

Default value: undef

sender

Data type: Optional[String]

Email address set as sender by actions that send out emails.

Default value: undef

fail2ban_agent

Data type: Optional[String]

User-agent sent on HTTP requests that are made by some actions.

Default value: undef

additional_options

Data type: Hash[String, String]

Hash of additional values that should be declared for the jail. Keys represent the jail configuration value names and hash values are placed to the right of the "=". This can be used to declare arbitrary values for filters or actions to use. No syntax checking is done on the contents of this hash. Note that any keys in this hash that correspond to a parameter name for this defined type will get overridden by the value that the defined type's parameter was given (e.g. if there is mode => '0600' in additional_options, the value of mode in the file on disk will not take on the value '0600' since there is a resource parameter that already corresponds to this key name).

Default value: {}

Data types

Fail2ban::AutoOrFlag

A boolean flag that can also be set to the string 'auto'.

Alias of Variant[Boolean, Enum['auto']]

Fail2ban::Backend

Backend names that fail2ban understands Can be one of the pre-defined backend names, "systemd" with optionally a list of parameters between square brackets or a python-style variable

Alias of Variant[Enum['auto','pyinotify','gamin','polling'], Pattern[/^systemd(\[.*\]$)?/], Pattern[/%\(\w+\)s/]]

Fail2ban::Bantime_extra

Optional additional bantime.* options. See manifests/init.pp for details about what each option means.

Alias of

Struct[{
  Optional[increment] => Boolean,
  Optional[factor] => String[1],
  Optional[formula] => String[1],
  Optional[multipliers] => String[1],
  Optional[maxtime] => String[1],
  Optional[rndtime] => String[1],
  Optional[overalljails] => Boolean,
}]

Fail2ban::Dbfile

Where fail2ban's database gets stored. None disables storage

Alias of Variant[Stdlib::Absolutepath, Enum['None']]

Fail2ban::Loglevel

How much logging is needed from fail2ban

Alias of Enum['CRITICAL', 'ERROR', 'WARNING', 'NOTICE', 'INFO', 'DEBUG', 'TRACEDEBUG', 'HEAVYDEBUG']

Fail2ban::Logtarget

Where logs are sent

Alias of Variant[Stdlib::Absolutepath, Enum['STDOUT', 'STDERR', 'SYSLOG', 'SYSOUT', 'SYSTEMD-JOURNAL']]

Fail2ban::Port

Possible values for the port parameter ports can be specified by number, but you can also pass in a comma-separated list of values in a string. The values in the string can be port numbers (integers), a range of port numbers in the format 'number:number', service names (looked up in /etc/services) or 'all' which is translated to '0:65535'

Alias of Variant[Integer, String]

Fail2ban::Protocol

Options for protocol type This is used by the default action iptables-multiport to defined what protocol to ban for the specified ports.

Alias of Enum['tcp', 'udp', 'icmp', 'all']

Fail2ban::Syslogsocket

Path to a socket for communication with syslog, or 'auto' for letting fail2ban auto-discover the path.

Alias of Variant[Stdlib::Absolutepath, Enum['auto']]

Fail2ban::Time

Time in seconds for some configuration options can be specified either in an integer number of seconds, or an abbreviation that can help specify some time periods more easily

Time abbreviation can be combined to make a more precise amount. For example 1d3h20m

Alias of Variant[Integer[1], Pattern[/^(\d+(ye(a(r(s)?)?)?|yy?|mo(n(th(s)?)?)?|we(e(k(s)?)?)?|ww?|da(y(s)?)?|dd?|ho(u(r(s)?)?)?|hh?|mi(n(ute(s)?)?)?|mm?|se(c(ond(s)?)?)?|ss?))+$/]]

Fail2ban::Usedns

Possible values for usedns parameter

Alias of Enum['yes', 'no', 'warn', 'raw']