fail2ban for LDAP authentication errors

scripts/backup

@@ -33,6 +33,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # BACKUP THE MYSQL DATABASE
 #=================================================

scripts/install

@@ -58,6 +58,18 @@ ynh_add_fpm_config
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+
+ynh_script_progression --message="Configuring fail2ban..." --weight=1
+
+# Create the logfile, required before configuring fail2ban
+touch "/var/log/${domain}-error.log"
+
+# Create a dedicated fail2ban config
+ynh_add_fail2ban_config --logpath="/var/log/${domain}-error.log" --failregex='"PHP message: LDAP Authentication failure" while reading response header from upstream, client: <HOST>' 
+
 #=================================================
 # SPECIFIC SETUP
 #=================================================

scripts/remove

@@ -20,6 +20,14 @@ ynh_remove_nginx_config
 # Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
+
+ynh_remove_fail2ban_config
+
 #=================================================
 # END OF SCRIPT
 #=================================================

scripts/restore

@@ -53,6 +53,15 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=1
+
+ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+ynh_systemd_action --action=restart --service_name=fail2ban
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -41,6 +41,18 @@ ynh_add_fpm_config
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+
+ynh_script_progression --message="Upgrading fail2ban configuration..." --weight=1
+
+# Create the logfile, required before configuring fail2ban
+touch "/var/log/${domain}-error.log"
+
+# Create a dedicated fail2ban config
+ynh_add_fail2ban_config --logpath="/var/log/${domain}-error.log" --failregex='"PHP message: LDAP Authentication failure" while reading response header from upstream, client: <HOST>'
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================

sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php

@@ -75,5 +75,6 @@ class LDAPUserBindAuth extends AbstractExternalAuth {
 
     # WorkAround error_handler in failed bind of LDAP
     public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
+        error_log('LDAP Authentication failure');
     }
 }