From 76aa3570570b6d3685bc63381cfaf5bf7a9f2a2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 21 Aug 2023 10:13:29 +0200 Subject: [PATCH] add fail2ban --- scripts/backup | 7 +++++++ scripts/install | 3 +++ scripts/remove | 4 +++- scripts/restore | 4 ++++ scripts/upgrade | 3 +++ 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/backup b/scripts/backup index b96008b..762c36c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -33,6 +33,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP VARIOUS FILES #================================================= diff --git a/scripts/install b/scripts/install index e98a0bf..6615d07 100644 --- a/scripts/install +++ b/scripts/install @@ -88,6 +88,9 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authenticate\: failed login attempt.*\"ip\"\:\"\".*$" + #================================================= # INSTALL FRIENDICA #================================================= diff --git a/scripts/remove b/scripts/remove index 8c19578..425b544 100644 --- a/scripts/remove +++ b/scripts/remove @@ -21,7 +21,9 @@ ynh_remove_nginx_config ynh_remove_fpm_config # Remove the app-specific logrotate config -ynh_remove_logrotate +#ynh_remove_logrotate + +ynh_remove_fail2ban_config # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" diff --git a/scripts/restore b/scripts/restore index 34a2258..1493b31 100644 --- a/scripts/restore +++ b/scripts/restore @@ -41,6 +41,10 @@ ynh_restore_file "/etc/cron.d/$app" chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 65f0acb..467396e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -122,6 +122,9 @@ ynh_add_nginx_config # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=low --footprint=low +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authenticate\: failed login attempt.*\"ip\"\:\"\".*$" + #================================================= # STORE THE CONFIG FILE CHECKSUM #=================================================