diff --git a/scripts/backup b/scripts/backup index 214b288..601ba33 100644 --- a/scripts/backup +++ b/scripts/backup @@ -33,6 +33,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP THE MYSQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index cb8c8a9..b3ce978 100644 --- a/scripts/install +++ b/scripts/install @@ -58,6 +58,18 @@ ynh_add_fpm_config # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# SETUP FAIL2BAN +#================================================= + +ynh_script_progression --message="Configuring fail2ban..." --weight=1 + +# Create the logfile, required before configuring fail2ban +touch "/var/log/${domain}-error.log" + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/${domain}-error.log" --failregex='"PHP message: LDAP Authentication failure" while reading response header from upstream, client: ' + #================================================= # SPECIFIC SETUP #================================================= diff --git a/scripts/remove b/scripts/remove index 61db822..6e2e4c1 100644 --- a/scripts/remove +++ b/scripts/remove @@ -20,6 +20,14 @@ ynh_remove_nginx_config # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 + +ynh_remove_fail2ban_config + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 8f4c828..9729fbb 100644 --- a/scripts/restore +++ b/scripts/restore @@ -53,6 +53,15 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4be4cb8..c6f9f52 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -41,6 +41,18 @@ ynh_add_fpm_config # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# SETUP FAIL2BAN +#================================================= + +ynh_script_progression --message="Upgrading fail2ban configuration..." --weight=1 + +# Create the logfile, required before configuring fail2ban +touch "/var/log/${domain}-error.log" + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/${domain}-error.log" --failregex='"PHP message: LDAP Authentication failure" while reading response header from upstream, client: ' + #================================================= # SPECIFIC UPGRADE #================================================= diff --git a/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php b/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php index d558a78..b82c02e 100644 --- a/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ b/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php @@ -75,5 +75,6 @@ class LDAPUserBindAuth extends AbstractExternalAuth { # WorkAround error_handler in failed bind of LDAP public static function exception_error_handler($errno, $errstr, $errfile, $errline) { + error_log('LDAP Authentication failure'); } }