Currently, so it seems to me, all jails are centrally defined in jail.conf or jail.local. I would love to have a jail.d directory where config snippets could put into.
This would be helpful with configuration management systems like puppet. The challenge with this is that a central config file has to be built with decentral information. This is possible but not efficient nor elegant.
I try to give an example.
On host xxx you have 2 services, ssh and apache. The ssh puppet class provides the ssh jail and the apache class provides the apache jail. ssh class does not know about apache. It would be easy if ssh and apache config could be separated, each one has a config file in jail.d. Only action for the ssh part would be to put a file in jail.d and restart fail2ban. Currently all fail2ban jails must be collectded and then cutted together, which is possible but complicated and not ideal in the puppet world.
I hope this make sense to you. Shall I make a feature request in the tracker ?
See also https://sourceforge.net/mailarchive/message.php?msg_id=27803810
Kind Regards, Markus Falb
On Wed, 13 Jun 2012, Markus Falb wrote:
> I hope this make sense to you. Shall I make a feature request in the tracker ?
sure -- why not... even better would be a pull request with a tentative
Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419