Add fail2ban (#92)

* fail2ban for LDAP authentication errors * fix log file path * fix regex * cleaning --------- Co-authored-by: ericgaspar <junk.eg@free.fr>
2024-09-03 18:16:11 +02:00 · 2024-01-13 14:15:15 +01:00 · 2024-01-13 14:15:15 +01:00 · 9da9eb03e1
commit 9da9eb03e1
parent 5794b5a64c
5 changed files with 31 additions and 3 deletions
--- a/scripts/backup
+++ b/scripts/backup
@ -33,6 +33,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
 ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # BACKUP THE MYSQL DATABASE
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -55,6 +55,17 @@ ynh_add_fpm_config
 ynh_add_nginx_config
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
 ynh_script_progression --message="Configuring fail2ban..." --weight=1
 # Create the logfile, required before configuring fail2ban
 touch "/var/log/${domain}-error.log"
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
 #=================================================
 # SPECIFIC SETUP
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -18,6 +18,8 @@ ynh_remove_nginx_config
 ynh_remove_fpm_config
 ynh_remove_fail2ban_config
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -45,14 +45,16 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./
 #=================================================
 # RESTORE SYSTEM CONFIGURATIONS
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
 ynh_systemd_action --action=restart --service_name=fail2ban
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -30,7 +30,7 @@ chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
 #=================================================
-# PHP-FPM CONFIGURATION
+# SYSTEM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
@ -38,6 +38,12 @@ ynh_add_fpm_config
 ynh_add_nginx_config
 # Create the logfile, required before configuring fail2ban
 touch "/var/log/${domain}-error.log"
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================