Merge pull request #44 from anmol26s/master

Added Fail2ban for Dokuwiki

conf/logautherror.src

@@ -0,0 +1,6 @@
+SOURCE_URL=https://github.com/mallchin/dokuwiki_plugin_logautherror/archive/master.zip
+SOURCE_SUM=ac36038a710d8f4823a006416ef28c46
+SOURCE_SUM_PRG=md5sum
+SOURCE_FORMAT=zip
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=

scripts/backup

@@ -49,6 +49,14 @@ ynh_script_progression --message="Backing up php-fpm configuration..." --weight=
 
 ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
 
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Backing up fail2ban configuration..."
+
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # END OF SCRIPT
 #=================================================

scripts/change_url

@@ -76,6 +76,15 @@ then
 	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi
 
+#=================================================
+# SPECIFIC MODIFICATIONS
+#=================================================
+# UPGRADE FAIL2BAN
+#=================================================
+ynh_script_progression --message="Reconfiguring fail2ban..." --weight=6
+
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $new_path.*$" --max_retry=5
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================

scripts/install

@@ -158,6 +158,13 @@ cp ../conf/plugins.local.php            $final_path/conf/plugins.local.php.bak
 ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
 ### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script
 
+#=================================================
+# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN
+#=================================================
+ynh_script_progression --message="Installing logautherror plugin for fail2ban..." --weight=2
+
+ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -201,6 +208,13 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755
 # chmod :   -rwxr-xr-x  1 root root  241 May  3 08:36 index.html   => BAD
 # find  :   -rw-r--r--  1 1001 1002  241 May  3 08:36 index.html   => GOOD
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Configuring fail2ban..." --weight=7
+
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
+
 #=================================================
 # SETUP SSOWAT
 #=================================================

scripts/remove

@@ -45,6 +45,13 @@ ynh_script_progression --message="Removing php-fpm configuration..." --weight=2
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing fail2ban configuration..." --weight=7
+
+ynh_remove_fail2ban_config
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/restore

@@ -91,6 +91,15 @@ chown -R $app:root $final_path/lib/tpl
 
 ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
 
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=7
+
+ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+ynh_systemd_action --action=restart --service_name=fail2ban
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -253,6 +253,13 @@ ynh_replace_string --match_string="__YNH_ADMIN_USER__" --replace_string="$admin"
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
 
+#=================================================
+# INSTALL LOGAUTHERROR PLUGIN FOR FAIL2BAN
+#=================================================
+ynh_script_progression --message="Upgrading logautherror plugin for fail2ban..." --weight=2
+
+ynh_setup_source --dest_dir="$final_path/lib/plugins/logautherror" --source_id=logautherror
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -296,6 +303,13 @@ find $final_path/lib -type d -print0 | xargs -0 chmod 0755
 # chmod :   -rwxr-xr-x  1 root root  241 May  3 08:36 index.html   => BAD
 # find  :   -rw-r--r--  1 1001 1002  241 May  3 08:36 index.html   => GOOD
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Reconfiguring fail2ban..." --weight=7
+
+ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
+
 #=================================================
 # SETUP SSOWAT
 #=================================================