From: David Galloway <dgallowa@redhat.com>
Date: Thu, 15 Nov 2018 15:30:42 +0000 (-0500)
Subject: public_facing: Support multiline regex fail2ban filters
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ca1e910fa9952cdcec6362373fd495c4e43a33ce;p=ceph-cm-ansible.git

public_facing: Support multiline regex fail2ban filters

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst
index 1edf7eda..b5a29ade 100644
--- a/roles/public_facing/README.rst
+++ b/roles/public_facing/README.rst
@@ -60,11 +60,14 @@ If required, define these in your ansible inventory ``host_vars`` file.
       - "80"
       - "443"
 
-``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use.  For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal.  See filter example::
+``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use.  For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal.  ``maxlines`` is an optional variable.  See filter example::
 
     f2b_filters:
       apache-cachet:
-      failregex: "<HOST> .*GET /auth/login.*$"
+        failregex: "<HOST> .*GET /auth/login.*$"
+      example-filter:
+        failregex: "<HOST> .*foo$"
+        maxlines: 3
 
 Common Tasks
 ++++++++++++
diff --git a/roles/public_facing/templates/f2b.filter.j2 b/roles/public_facing/templates/f2b.filter.j2
index 4cc8df06..86db2b78 100644
--- a/roles/public_facing/templates/f2b.filter.j2
+++ b/roles/public_facing/templates/f2b.filter.j2
@@ -3,3 +3,8 @@
 #
 [Definition]
 failregex = {{ item.value.failregex }}
+
+{% if item.value.maxlines is defined %}
+[Init]
+maxlines = {{ item.value.maxlines }}
+{% endif %}