Fix fail2ban and add logautherror plugin

conf/logautherror.src

@@ -0,0 +1,6 @@
+SOURCE_URL=https://github.com/mallchin/dokuwiki_plugin_logautherror/archive/master.zip
+SOURCE_SUM=ac36038a710d8f4823a006416ef28c46
+SOURCE_SUM_PRG=md5sum
+SOURCE_FORMAT=zip
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=

scripts/_common.sh

@@ -11,67 +11,3 @@ ynh_delete_file_checksum () {
 	local checksum_setting_name=checksum_${1//[\/ ]/_}	# Replace all '/' and ' ' by '_'
 	ynh_app_setting_delete $app $checksum_setting_name
 }
-
-#=================================================
-# EXPERIMENTAL HELPERS
-#=================================================
-
-# Create a dedicated fail2ban config (jail and filter conf files)
-#
-# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
-# | arg: log_file - Log file to be checked by fail2ban
-# | arg: failregex - Failregex to be looked for by fail2ban
-# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
-# | arg: ports - Ports blocked for a banned IP address - default: http,https
-ynh_add_fail2ban_config () {
-   # Process parameters
-   logpath=$1
-   failregex=$2
-   max_retry=${3:-3}
-   ports=${4:-http,https}
-   
-  test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
-  test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
-  
-  finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
-  finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
-  ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
-  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
-  
-  sudo tee $finalfail2banjailconf <<EOF
-[$app]
-enabled = true
-port = $ports
-filter = $app
-logpath = $logpath
-maxretry = $max_retry
-EOF
-
-  sudo tee $finalfail2banfilterconf <<EOF
-[INCLUDES]
-before = common.conf
-[Definition]
-failregex = $failregex
-ignoreregex =
-EOF
-
-  ynh_store_file_checksum "$finalfail2banjailconf"
-  ynh_store_file_checksum "$finalfail2banfilterconf"
-  
-  systemctl restart fail2ban
-  local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
-  if [ -n "$fail2ban_error" ]
-  then
-    echo "[ERR] Fail2ban failed to load the jail for $app" >&2
-    echo "WARNING${fail2ban_error#*WARNING}" >&2
-  fi
-}
-
-# Remove the dedicated fail2ban config (jail and filter conf files)
-#
-# usage: ynh_remove_fail2ban_config
-ynh_remove_fail2ban_config () {
-  ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
-  ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
-  sudo systemctl restart fail2ban
-}

scripts/change_url

@@ -84,7 +84,7 @@ then
 	# Store file checksum for the new config file location
 	ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
 	# Fail2ban configuration
-	ynh_add_fail2ban_config "/var/log/nginx/$new_domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" 5
+	ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
 
 fi
 

scripts/install

@@ -166,7 +166,12 @@ ynh_store_file_checksum "$final_path/conf/local.protected.php"
 ### Files can be modified by user, no need to store checksum as they cannot be overwritten safely by package
 #ynh_store_file_checksum "$final_path/conf/local.php"
 #ynh_store_file_checksum "$final_path/conf/acl.auth.php"
+
 #=================================================
+# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN
+#=================================================
+
+ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
 
 #=================================================
 # GENERIC FINALIZATION
@@ -215,7 +220,7 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755
 # SETUP FAIL2BAN
 #=================================================
 
-ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" 5
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
 
 #=================================================
 # SETUP SSOWAT

scripts/upgrade

@@ -244,6 +244,12 @@ ynh_replace_string "__YNH_ADMIN_USER__" "$admin"  "$final_path/conf/local.protec
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum "$final_path/conf/local.protected.php"
 
+#=================================================
+# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN
+#=================================================
+
+ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -291,7 +297,7 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755
 # SETUP FAIL2BAN
 #=================================================
 
-ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" 5
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
 
 #=================================================
 # SETUP SSOWAT