mirror of
https://github.com/YunoHost-Apps/etherpad_mypads_ynh.git
synced 2024-09-03 18:36:09 +02:00
Add fail2ban
This commit is contained in:
parent
51ddcd64d6
commit
f7e7ea9735
6 changed files with 48 additions and 5 deletions
|
@ -66,3 +66,10 @@ ynh_backup "/etc/logrotate.d/$app"
|
|||
#=================================================
|
||||
|
||||
ynh_backup "/etc/systemd/system/$app.service"
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
|
||||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
source _sed
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS
|
||||
|
|
|
@ -170,7 +170,7 @@ ynh_replace_string "__PORT__" "$port" "$final_path/settings.json"
|
|||
ynh_replace_string "__DB_USER__" "$db_name" "$final_path/credentials.json"
|
||||
ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/credentials.json"
|
||||
ynh_replace_string "__ADMIN__" "$admin" "$final_path/credentials.json"
|
||||
ynh_print_OFF; ynh_replace_password_string "__PASSWD__" "$password" "$final_path/credentials.json"; ynh_print_ON
|
||||
ynh_print_OFF; ynh_replace_special_string "__PASSWD__" "$password" "$final_path/credentials.json"; ynh_print_ON
|
||||
if [ "$export" = "abiword" ]
|
||||
then
|
||||
abiword_path=`which abiword` # Récupère l'emplacement de l'exécutable de abiword
|
||||
|
@ -191,7 +191,6 @@ fi
|
|||
ynh_store_file_checksum "$final_path/settings.json" # Enregistre la somme de contrôle du fichier de config
|
||||
ynh_store_file_checksum "$final_path/credentials.json" # Enregistre la somme de contrôle du fichier de config
|
||||
|
||||
|
||||
#=================================================
|
||||
# SECURING FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
@ -257,6 +256,12 @@ then
|
|||
sed -i "$mod_line s@div>@&\n\t<center><br><font size="5"><a href="./mypads">Mypads</a></font></center>@" $final_path/src/templates/index.html # Pour ajouter un lien vers le plugin mypads depuis la page d'Etherpad.
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
ynh_add_fail2ban_config "/var/log/nginx/$domain-access.log" "<HOST> .* \"POST /mypads/api/auth/login HTTP/1.1\" 400" 5
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
|
|
|
@ -77,6 +77,12 @@ ynh_remove_nginx_config # Suppression de la configuration nginx
|
|||
|
||||
ynh_remove_logrotate # Suppression de la configuration de logrotate
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALISATION
|
||||
#=================================================
|
||||
|
|
|
@ -133,6 +133,14 @@ ynh_restore_file "/etc/systemd/system/$app.service"
|
|||
## Démarrage auto du service
|
||||
systemctl enable $app.service
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
||||
systemctl restart fail2ban
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
|
@ -10,7 +10,6 @@ source _common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
# Load common variables for all scripts.
|
||||
source _variables
|
||||
source _sed
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
|
@ -28,6 +27,7 @@ port=$(ynh_app_setting_get $app port)
|
|||
export=$(ynh_app_setting_get $app export)
|
||||
db_name=$(ynh_app_setting_get $app db_name)
|
||||
mypads=$(ynh_app_setting_get $app mypads)
|
||||
useldap=$(ynh_app_setting_get $app useldap)
|
||||
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
|
@ -78,6 +78,11 @@ if [ -z $mypads ]; then # Si mypads n'est pas renseigné dans app setting
|
|||
ynh_app_setting_set $app mypads $mypads
|
||||
fi
|
||||
|
||||
if [ -z $useldap ]; then # If useldap doesn't exist yet in settings.yml
|
||||
useldap=0
|
||||
ynh_app_setting_set $app useldap $useldap
|
||||
fi
|
||||
|
||||
if [ -z $path_url ]; then # Si path_url n'est pas renseigné dans app setting
|
||||
path_url="/"
|
||||
ynh_app_setting_set $app path $path_url
|
||||
|
@ -161,7 +166,7 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
|||
ynh_print_OFF; password=$(ynh_app_setting_get $app password); ynh_print_ON
|
||||
ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/credentials.json"
|
||||
ynh_replace_string "__ADMIN__" "$admin" "$final_path/credentials.json"
|
||||
ynh_print_OFF; ynh_replace_password_string "__PASSWD__" "$password" "$final_path/credentials.json"; ynh_print_ON
|
||||
ynh_print_OFF; ynh_replace_special_string "__PASSWD__" "$password" "$final_path/credentials.json"; ynh_print_ON
|
||||
if [ "$export" = "abiword" ]
|
||||
then
|
||||
abiword_path=`which abiword` # Récupère l'emplacement de l'exécutable de abiword
|
||||
|
@ -176,6 +181,13 @@ if test -z $language; then
|
|||
ynh_app_setting_set $app language $language
|
||||
fi
|
||||
ynh_replace_string "__LANGUAGE__" "$language" "$final_path/settings.json"
|
||||
|
||||
# Use ldap for mypads
|
||||
if [ $mypads -eq 1 ] && [ $useldap -eq 1 ]
|
||||
then
|
||||
ynh_replace_string "//noldap" "" "$final_path/settings.json"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$final_path/settings.json" # Réenregistre la somme de contrôle du fichier de config
|
||||
ynh_store_file_checksum "$final_path/credentials.json" # Réenregistre la somme de contrôle du fichier de config
|
||||
|
||||
|
@ -194,6 +206,12 @@ chown -R $app: $final_path
|
|||
chmod 600 "$final_path/credentials.json" # Restreint l'accès à credentials.json
|
||||
chown $app -R /var/log/$app/etherpad.log
|
||||
|
||||
#=================================================
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
ynh_add_fail2ban_config "/var/log/nginx/$domain-access.log" "<HOST> .* \"POST /mypads/api/auth/login HTTP/1.1\" 400" 5
|
||||
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
|
|
Loading…
Add table
Reference in a new issue