diff --git a/conf/logautherror.src b/conf/logautherror.src new file mode 100644 index 0000000..56bab0d --- /dev/null +++ b/conf/logautherror.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/mallchin/dokuwiki_plugin_logautherror/archive/master.zip +SOURCE_SUM=ac36038a710d8f4823a006416ef28c46 +SOURCE_SUM_PRG=md5sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/scripts/backup b/scripts/backup index af18011..b931a0e 100755 --- a/scripts/backup +++ b/scripts/backup @@ -49,6 +49,14 @@ ynh_script_progression --message="Backing up php-fpm configuration..." --weight= ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Backing up fail2ban configuration..." + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index 14c221d..6851308 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -76,6 +76,15 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=6 + +ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $new_path.*$" --max_retry=5 + #================================================= # GENERIC FINALISATION #================================================= diff --git a/scripts/install b/scripts/install index 2d7974f..6421a75 100755 --- a/scripts/install +++ b/scripts/install @@ -158,6 +158,13 @@ cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak ynh_store_file_checksum --file="$final_path/conf/local.protected.php" ### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script +#================================================= +# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN +#================================================= +ynh_script_progression --message="Installing logautherror plugin for fail2ban..." --weight=2 + +ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror + #================================================= # GENERIC FINALIZATION #================================================= @@ -201,6 +208,13 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755 # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=7 + +ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index e925e64..6bb05bb 100755 --- a/scripts/remove +++ b/scripts/remove @@ -45,6 +45,13 @@ ynh_script_progression --message="Removing php-fpm configuration..." --weight=2 # Remove the dedicated php-fpm config ynh_remove_fpm_config +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing fail2ban configuration..." --weight=7 + +ynh_remove_fail2ban_config + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 0fdc450..0cf8f4a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -91,6 +91,15 @@ chown -R $app:root $final_path/lib/tpl ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=7 + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index cc93890..8e9eaaa 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -253,6 +253,13 @@ ynh_replace_string --match_string="__YNH_ADMIN_USER__" --replace_string="$admin" # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$final_path/conf/local.protected.php" +#================================================= +# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN +#================================================= +ynh_script_progression --message="Upgrading logautherror plugin for fail2ban..." --weight=2 + +ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror + #================================================= # GENERIC FINALIZATION #================================================= @@ -296,6 +303,13 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755 # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=7 + +ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: ,.*POST $path_url.*$" --max_retry=5 + #================================================= # SETUP SSOWAT #=================================================