comfy 0.2.0

data/lib/templates/debian/files/.bashrc

@@ -0,0 +1,112 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+export PATH="$PATH:$HOME/.rvm/bin" # Add RVM to PATH for scripting

data/lib/templates/debian/files/.gitconfig

@@ -0,0 +1,7 @@
+[color]
+    diff = auto
+    status = auto
+    branch = auto
+    interactive = auto
+    ui = true
+    pager = true

data/lib/templates/debian/files/10-ipv6.conf

@@ -0,0 +1,5 @@
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+net.ipv6.conf.eth0.disable_ipv6 = 1
+net.ipv6.conf.eth1.disable_ipv6 = 1

data/lib/templates/debian/files/DEPOT-GPG-KEY.cfg

@@ -0,0 +1,32 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mQINBEvVSjABEACo7dd0akbgM+C+Oph64KHYaF2Cezsv2Ngc2W/OGZ3dhCdhxbE/
+7dnt4Mm5V5eLzuevgf90Pm/W1k0AAlYPqDmiHlom45G1J+XrQqWhZNPv7HCiAj/X
+7tiXV/Gp4BfQvJJasilAACTkqbsloANRktd9S1k5jRd+zfVvkNEoEUW9/HT6w6Z5
+ZRlYixw/ooDpcX4uK7rHeTtC0udLDwAWY281/zn8XMPEvLo7ql+5kABJIy6iZJ2o
+vyWyo4SwYkYOHPcni4Cy6jCGP9LZR61sweOcsdfc8vsvr120OdFuTpR9X9gm6K20
+tX8PDEy3GzMreVtrI/bJrcVbu+oz7cCycl+8qIkNtX+B2zC7tslE316xfoat7ZIb
+sYQcHXTlvedfMS7NtZ8NfOVernwt3tWffBmyTSrmlrqTGOwes6Vm2xhXZ7/h9K+W
+7zEFTID8idpHqnDdx9DFFuUeQ6IcmAOjE4Xny/bfw0jan3/0+Ncv1FX5NJzf7GdH
+4Xm85v2DNA689jHziJv3X/QLKtP4LEA0JmZD++9hAMd5XJ1lobSJZqytHlOKPjGg
+/eSwBaVgHENbEeHBMAET3QL5J1cFzUqS3HXrCoWh8MSoq3XYLPtLxZrSEX8z5WKh
+pE5FLx0FGSi5MFyHg2WqBDkqSTN3Doe1uh8SoT9vVFuPb1m4cAR1KzPGHwARAQAB
+tFhNZXRhQ2VudHJ1bSBQYWNrYWdlIFJlcG9zaXRvcnkgKE1ldGFDZW50cnVtIFBh
+Y2thZ2UgUmVwb3NpdG9yeSBQR1Aga2V5KSA8bWV0YUBjZXNuZXQuY3o+iQI8BBMB
+AgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAlF5lz0FCQtH540ACgkQVc75
+6MPItRlf1Q/+IonUahNhAYQLhkdZvIPyT099KBviqMYXs1DJO940wIfX26ijz/v0
+fiEWvD1TlCx7xmegUj0u8EoB4TE4DYl1cPUZyQF+B2m9dLBT7umEypvZpuHjcBZe
+LpBL2K04gJYtiDe8yMTWChlrg+gcSaF+FkB/K9YYyjlkfIXp15WHSlNXN+aiB/3P
+8GMJiRPU0g3ScnwBfrLAXUX8stlBFzk2OVcrWmXQoHha/1cEn7w8JEEN4dOQIuKs
+Y7rItaS80HFpfwP10cU/l6ohMOh5cpf36qWPVKsez+wgeO8ah/7ZOtEG3QTktk6x
+bWzSGJ55beYm88iBvQuYJ6Xk8cpXsuFmaRED09mvXvoRYhUKovt+m7W8dW1s4h0y
+/x3ER7jPiUSdGkepag1J+WQtzrsSPgWLt5x8C026iQcvK6e72lbLDSX9cA8QdPAM
+Vnc5cPF4Jxz1lW0OHKKW5nMKPUTp/YZMfZcQTM2rkpLEZHAdC3WgbnM3N+gGY3vN
+qpBTPoFAWVZTsM9BQ8A/bJJBgDXg0SSnChHe4hxwQJuXR+tAO8OSk2z8xCdeRZqK
+9WAMviqmYvoCZMI4F/QJfKlSAoHrfhQPWOo2iS3aKUlBJgWxaejiJAwNwKDujnU5
+F0Y8sXypxJudVbi6/Q9BE/tGOTKwtaFiB5Gon+mGrvvnJWTGe7VjzriIRgQQEQIA
+BgUCS9VRAAAKCRCKeUuOc6DkdYCfAJ9MhgOfaAlSRnaSfZ7sfzrIept/DQCfXiGM
+kO6S6OD1WngSJiCst3UTkW4=
+=nY1A
+-----END PGP PUBLIC KEY BLOCK-----

data/lib/templates/debian/files/RPM-GPG-KEY-CERIT-SC.cfg

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBE7TvwsBEAC5gE01wDGBypwfjQGPwHK83ZyTzVwdATmtyQWbyJETgTPKSlSQ
+NhQAF7uBgqDGKUxvAXxmTXaJT+gDV5Wqdt09ani6+Fvac/IOD/FYczpPtOaufX4x
+GRAwAMRZd4HNIb+oVLkomI1A6bOFHKy1n4i8vVkemgxpgklJVD8EE+GMlMEG1vTB
+SuwIjqxiaixhw2ri7XlgxWnRL1f5tRCrHGNnuQ+gHpTqvM3u9wbNls6jpQYJOyIo
+rr6yd0F3w/ixavejmepyGrEPB0REsUiCMHUKK5evJiyyj6z9hxhkWhtb1DComfOp
+SGp39wet4gj37oSsdSiGOl4VFIh7YcWwRl3WBzs9jmWoBKPARvYcOl55BFda8Npt
+1rzX16xxd23FStYXUy4qsn4jbdR02Um+TnxZsBR+k5Szcm66AaFLFDlV1C4FMIqt
++zd3VrXbv9ATPN30ZGoauekgoh3TylVk5gAiraRT4zJA+WvX9dhMxepNcJcZXw5G
+VY2z1APEWmkempwufWtLeuv5EfIb6qAfyQVoy7O1CB/juKNy8kyaAyzxDcMjbdEa
+h+qocJYhbh6tPdwqEsOfKUwYPdeqbeWzRpnifjiBVpWWWkTtRd+m5LHsXqHWupGL
+Jzt4LZXwS2woN3oGqBXz4Ogq32dK5wdhAIoUNsY9kUkgdlB28nHZlJlAnwARAQAB
+tDJDRVJJVC1TQyBQYWNrYWdlIFJlcG9zaXRvcnkgPHBhY2thZ2VzQGNlcml0LXNj
+LmN6PokCPgQTAQIAKAUCTtO/CwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQ3DqaO9m5+z0ajQ//YcM8xgHeNr7CQpextlJ2MJWfgdl2W09vwHkp
+ldYCxaXz8TEMs76EwYeW2El6sqosQigCnkIGGBLzc3Iv9A9nNnRyFFt4dtoouML5
+wNgwaWq9qve1RecjQG7WFx+O0mmo3pdqLA3a4u3oDdMBCqXJwlONI0E4wxpszKM0
+J03+A5z1fRtmoqFAQKxddmI0FtAXKyt5GQFvX/mxO+vJ5xtHLll9+doU6ojcM92Y
+c8tf66vCyGWFAIl25qbvCrvIARLo2EqpOsjB+DfhlXs5qLnXFMrSxRBwOfl2X6LJ
+sEEzPPKhrdpj6DjVs08UEXYLbXvuS1/cOXqngDDRUaamcTsz3tGF1iMu4gKBLg6R
+3+ZOm8Lf/FP/irdaWB97zSVeJWhyquaHSDzPp+/IWQCOc5qWTjgfYBhuQ6QN1Lmz
+kTSdnGqU47xif7dHAw2W+QmIFzND+iUAcoMKvQdlwzosoTN1raApBXjtcMvwn3cv
+c+1NOQ1CxAEOycv9Vlja+I/vxJqNbSy2BO9FpiGM6aTFYwpr1RNC/o/a28Xqr+hZ
+SRueBQW8kkvrwPoE2sHqEmR0j76MssiEWLsxnyrJH8/u42xlv8aOAqf6Q7osShMj
+CROefhLCidIbW10erf5FjHkukcysuTO4FJcsnJHWy+F0jgubYza/mQLK6qY9ShIq
+OEkYIXo=
+=oPbY
+-----END PGP PUBLIC KEY BLOCK-----

data/lib/templates/debian/files/backports.list

@@ -0,0 +1,2 @@
+## Wheezy backports repository
+deb http://http.debian.net/debian wheezy-backports main

data/lib/templates/debian/files/cerit-cloudinit.list

@@ -0,0 +1,2 @@
+## CERIT-SC's cloud-init repository
+deb http://apt.cerit-sc.cz/cloud-init/ wheezy main

data/lib/templates/debian/files/cloud.cfg

@@ -0,0 +1,102 @@
+# If this is set, 'root' will not be able to ssh in and they 
+# will get a message to login instead as the above $user (ubuntu)
+disable_root: False
+user: root
+ssh_pwauth: False
+ssh_deletekeys: True
+ssh_genkeytypes: ['rsa', 'dsa']
+ssh_svcname: ssh
+
+# This will cause the set+update hostname module to not operate (if true)
+preserve_hostname: false
+cc_ready_cmd: ['/bin/true']
+mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
+syslog_fix_perms: ~
+manage_etc_hosts: True
+
+# Update and upgrade system on first boot
+apt_preserve_sources_list: True
+apt_update: True
+apt_upgrade: True
+package_reboot_if_required: True
+
+
+# work only with OpenNebula, use network based datasource,
+# so that we can successfully resolve IPv4 based hostname
+disable_ec2_metadata: True
+datasource_list: ['OpenNebula']
+datasource:
+  OpenNebula:
+    dsmode: net
+
+# The modules that run in the 'init' stage
+cloud_init_modules:
+ - migrator
+ - seed_random
+ - bootcmd
+ - write-files
+ - growpart
+ - resizefs
+ - set_hostname
+ - update_hostname
+ - update_etc_hosts
+ - ca-certs
+ - rsyslog
+ - users-groups
+ - ssh
+
+# The modules that run in the 'config' stage
+cloud_config_modules:
+# Emit the cloud config ready event
+# this can be used by upstart jobs for 'start on cloud-config'.
+ - emit_upstart
+ - disk_setup
+ - mounts
+ - ssh-import-id
+ - locale
+ - set-passwords
+ - grub-dpkg
+ - apt-pipelining
+ - apt-configure
+ - package-update-upgrade-install
+ - landscape
+ - timezone
+ - puppet
+ - chef
+ - salt-minion
+ - mcollective
+ - disable-ec2-metadata
+ - runcmd
+ - byobu
+
+# The modules that run in the 'final' stage
+cloud_final_modules:
+ - rightscale_userdata
+ - scripts-per-once
+ - scripts-per-boot
+ - scripts-per-instance
+ - scripts-user
+ - ssh-authkey-fingerprints
+ - keys-to-console
+ - phone-home
+ - final-message
+ - power-state-change
+
+# System and/or distro specific settings
+# (not accessible to handlers/transforms)
+system_info:
+   # This will affect which distro class gets used
+   distro: debian
+   # Other config here will be given to the distro class and/or path classes
+   paths:
+      cloud_dir: /var/lib/cloud/
+      templates_dir: /etc/cloud/templates/
+      upstart_dir: /etc/init/
+   package_mirrors:
+     - arches: [default]
+       failsafe:
+         primary: http://http.us.debian.org/debian/
+         security: http://security.debian.org/
+   ssh_svcname: ssh
+
+# vim:syntax=yaml

data/lib/templates/debian/files/depot.list

@@ -0,0 +1,4 @@
+# depot_all
+deb  ftp://depot1.mc.cesnet.cz/ all main
+# depot_squeeze
+deb  ftp://depot1.mc.cesnet.cz/ squeeze main

data/lib/templates/debian/files/depot_all.pref

@@ -0,0 +1,6 @@
+# depot_all
+Explanation: : depot_all
+Package: *
+Pin: origin "depot1.mc.cesnet.cz"
+Pin-Priority: 20
+

data/lib/templates/debian/files/depot_check_mk.pref

@@ -0,0 +1,5 @@
+# depot_check_mk
+Explanation: : depot_check_mk
+Package: check-mk*
+Pin: origin "depot1.mc.cesnet.cz"
+Pin-Priority: 1200

data/lib/templates/debian/files/fail2ban.local

@@ -0,0 +1,3 @@
+[Definition]
+
+logtarget = SYSLOG

data/lib/templates/debian/files/getty@ttyS0.service

@@ -0,0 +1,47 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Getty on %I
+Documentation=man:agetty(8) man:systemd-getty-generator(8)
+Documentation=http://0pointer.de/blog/projects/serial-console.html
+After=systemd-user-sessions.service plymouth-quit-wait.service
+After=rc-local.service
+
+# If additional gettys are spawned during boot then we should make
+# sure that this is synchronized before getty.target, even though
+# getty.target didn't actually pull it in.
+Before=getty.target
+IgnoreOnIsolate=yes
+
+# On systems without virtual consoles, don't start any getty. Note
+# that serial gettys are covered by serial-getty@.service, not this
+# unit.
+ConditionPathExists=/dev/tty0
+
+[Service]
+# the VT is cleared by TTYVTDisallocate
+ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM
+Type=idle
+Restart=always
+RestartSec=0
+UtmpIdentifier=%I
+TTYPath=/dev/%I
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+KillMode=process
+IgnoreSIGPIPE=no
+SendSIGHUP=yes
+
+# Unset locale for the console getty since the console has problems
+# displaying some internationalized messages.
+Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION=
+
+[Install]
+WantedBy=getty.target
+Alias=getty@ttys0.service

data/lib/templates/debian/files/grub

@@ -0,0 +1,34 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttys0,115200n8"
+GRUB_CMDLINE_LINUX=""
+GRUB_TERMINAL=console
+GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"

data/lib/templates/debian/files/inittab

@@ -0,0 +1,69 @@
+# /etc/inittab: init(8) configuration.
+# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
+
+# The default runlevel.
+id:2:initdefault:
+
+# Boot-time system configuration/initialization script.
+# This is run first except when booting in emergency (-b) mode.
+si::sysinit:/etc/init.d/rcS
+
+# What to do in single-user mode.
+~~:S:wait:/sbin/sulogin
+
+# /etc/init.d executes the S and K scripts upon change
+# of runlevel.
+#
+# Runlevel 0 is halt.
+# Runlevel 1 is single-user.
+# Runlevels 2-5 are multi-user.
+# Runlevel 6 is reboot.
+
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+
+# What to do when CTRL-ALT-DEL is pressed.
+ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
+
+# Action on special keypress (ALT-UpArrow).
+#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
+
+# What to do when the power fails/returns.
+pf::powerwait:/etc/init.d/powerfail start
+pn::powerfailnow:/etc/init.d/powerfail now
+po::powerokwait:/etc/init.d/powerfail stop
+
+# /sbin/getty invocations for the runlevels.
+#
+# The "id" field MUST be the same as the last
+# characters of the device (after "tty").
+#
+# Format:
+#  <id>:<runlevels>:<action>:<process>
+#
+# Note that on most Debian systems tty7 is used by the X Window System,
+# so if you want to add more getty's go ahead but skip tty7 if you run X.
+#
+1:2345:respawn:/sbin/getty 38400 tty1
+2:23:respawn:/sbin/getty 38400 tty2
+3:23:respawn:/sbin/getty 38400 tty3
+4:23:respawn:/sbin/getty 38400 tty4
+5:23:respawn:/sbin/getty 38400 tty5
+6:23:respawn:/sbin/getty 38400 tty6
+
+# Example how to put a getty on a serial line (for a terminal)
+#
+#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
+#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
+ge0:2345:respawn:/sbin/mingetty --autologin root ttyS0 linux
+#ge1:2345:respawn:/sbin/mingetty ttyS0 linux
+# Example how to put a getty on a modem line.
+#
+#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3

data/lib/templates/debian/files/interfaces

@@ -0,0 +1,15 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug eth0
+iface eth0 inet dhcp
+
+# The secondary network interface
+allow-hotplug eth1
+iface eth1 inet dhcp
+

data/lib/templates/debian/files/iptables-multiport.local

@@ -0,0 +1,6 @@
+[Definition]
+
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j REJECT
+
+actionunban = iptables -D fail2ban-<name> -s <ip> -j REJECT
+

data/lib/templates/debian/files/jail.local

@@ -0,0 +1,17 @@
+[DEFAULT]
+
+# Seznam vygenerovany skriptem /software/meta-admin/scripts/get_nodes_ips
+# Vygeneruje pouze C site, tzn. je tam o nekolik set hostu vic nez ve skutecnosti
+
+ignoreip = 127.0.0.1 147.228.1.0/24 147.251.17.0/24 147.228.240.0/24 147.228.241.0/24 147.231.11.0/24 147.231.18.0/24 147.251.11.0/24 147.251.252.0/24 147.251.254.0/24 147.251.3.0/24 147.251.84.0/24 147.251.9.0/24 195.113.0.0/24 195.113.123.0/24 195.113.209.0/24 195.113.214.0/24 78.128.210.0/24
+
+[ssh]
+
+enabled = true
+port    = ssh
+filter  = sshd
+logpath  = /var/log/auth.log
+maxretry = 100
+findtime = 86400
+bantime  = 1209600
+