ensure => installed
}
+ $extra_groups = $::mta ? {
+ 'postfix' => 'amavis',
+ default => 'Debian-exim'
+ }
+
+ user { 'clamav':
+ gid => clamav,
+ groups => [$extra_groups],
+ require => Package['clamav-daemon']
+ }
+
+ service { 'clamav-daemon':
+ ensure => running,
+ require => Package['clamav-daemon']
+ }
+
+ service { 'clamav-freshclam':
+ ensure => running,
+ require => Package['clamav-freshclam']
+ }
+
file { [
'/var/lib/clamav/mbl.ndb',
'/var/lib/clamav/MSRBL-Images.hdb',
'/var/lib/clamav/MSRBL-SPAM.ndb',
+ '/var/lib/clamav/msrbl-images.hdb',
+ '/var/lib/clamav/msrbl-spam.ndb',
]:
- ensure => absent
+ ensure => absent,
+ notify => Service['clamav-daemon']
}
file { '/etc/clamav-unofficial-sigs.dsa.conf':
require => Package['clamav-unofficial-sigs'],
elgar.debian.org: Edward Elgar (1857 - 1934)
englund.debian.org: Sven Einar Englund (June 17th, 1916 - June 27th, 1999)
eysler.debian.org: Edmund Samuel Eysler (March 12th, 1874 - October 4th, 1949)
+ falla.debian.org: Manuel de Falla y Matheu (November 23rd, 1876 - November 14th, 1946)
fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961)
fasch.debian.org: Johann Friedrich Fasch (1688 - 1758)
field.debian.org: John Field (1782 - 1837)
finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956)
+ fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746)
franck.debian.org: Melchior Franck (1579 - June 1st, 1639)
gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690)
glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857)
driver = redirect
domains = rt.debian.org
require_files = /usr/bin/rt-mailgate : RT_QUEUE_MAP
- local_parts = ${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
+ local_parts = ${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}{$local_part}{}}
local_part_suffix = +*
local_part_suffix_optional
pipe_transport = rt_pipe
- data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
+ data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-(comment|done)}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{${if match{$local_part}{.*-done.*}{correspond-resolve}{correspond}}}}"
headers_remove = Subject
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?[:\\s]*(.*)}}} {$1$2}{$h_subject:}}"
-
<%- end -%>
# exim4 fails the router if it can't change to the user/group for delivery
chain => 'FORWARD',
rule => 'def $ADDRESS_FANO=206.12.19.110;
def $ADDRESS_FINZI=206.12.19.111;
-def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
+def $ADDRESS_FISCHER=206.12.19.112;
+def $ADDRESS_FALLA=206.12.19.117;
+def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA);
policy ACCEPT;
mod state state (ESTABLISHED RELATED) ACCEPT;
interface br1 outerface br1 ACCEPT;
interface br2 outerface br0 jump from-kfreebsd;
+interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT;
interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
ULOG ulog-prefix "REJECT FORWARD: ";
REJECT reject-with icmp-admin-prohibited
--- /dev/null
+define munin::conf (
+ $ensure=present,
+ $content='',
+ $source=''
+) {
+
+ include munin
+
+ case $ensure {
+ present: {
+ if ! ($source or $content) {
+ fail ( "No configuration found for ${name}" )
+ }
+ }
+ absent: {}
+ default: { fail ( "Unknown ensure value: '$ensure'" ) }
+ }
+
+ if $source {
+ file { "/etc/munin/plugin-conf.d/${name}":
+ ensure => $ensure,
+ source => $source,
+ require => Package['munin-node'],
+ notify => Service['munin-node'],
+ }
+ } elsif $content {
+ file { "/etc/munin/plugin-conf.d/${name}":
+ ensure => $ensure,
+ content => $content,
+ require => Package['munin-node'],
+ notify => Service['munin-node'],
+ }
+ }
+}
--- /dev/null
+/var/log/vsftpd.log /var/log/ftp/*log
+{
+ create 640 root adm
+
+ # ftpd doesn't handle SIGHUP properly
+ missingok
+ notifempty
+ rotate 4
+ weekly
+}
notify => Service['vsftpd']
}
- munin::check { 'vsftpd': }
+ munin::check { 'vsftpd':
+ ensure => absent
+ }
munin::check { 'ps_vsftpd':
script => 'ps_'
}
description => 'Allow ftp access',
rule => '&SERVICE(tcp, 21)',
}
+
+ file { '/var/log/ftp':
+ ensure => directory,
+ mode => '0755'
+ }
+ file { '/etc/logrotate.d/vsftpd':
+ source => 'puppet:///modules/vsftpd/logrotate.conf',
+ require => [
+ Package['vsftpd'],
+ Package['debian.org']
+ ]
+ }
+
}
default: { fail ( "Invald ensure `$ensure' for $name" ) }
}
+ $ftpsite = $name
+
$fname = "/etc/vsftpd-${name}.conf"
file { $fname:
}
file { "/etc/logrotate.d/vsftpd-${name}":
- ensure => $ensure,
- content => template('vsftpd/logrotate.erb')
+ ensure => absent
+ }
+
+ munin::check { "vsftpd-${name}":
+ script => 'vsftpd'
+ }
+ munin::conf { "vsftpd-${name}":
+ content => template('vsftpd/munin.erb')
}
# We don't need a firewall rule because it's added in vsftp.pp
+++ /dev/null
-<%= scope.lookupvar('logfile') %>
-{
- create 640 root adm
-
- # ftpd doesn't handle SIGHUP properly
- missingok
- notifempty
- rotate 4
- weekly
-}
--- /dev/null
+[vsftpd-<%= scope.lookupvar('ftpsite') %>]
+user root
+env.logfile /var/log/ftp/<%= scope.lookupvar('ftpsite') %>.log
xferlog_enable=YES
xferlog_file=<%= scope.lookupvar('logfile') %>
+vsftpd_log_file=/var/log/ftp/<%= scope.lookupvar('ftpsite') %>.log
ftpd_banner=<%= scope.lookupvar('banner') %>
secure_chroot_dir=/var/run/vsftpd