diff --git a/scripts/backup b/scripts/backup index 05535cb..14f4599 100755 --- a/scripts/backup +++ b/scripts/backup @@ -72,6 +72,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index a79e60f..6e35f95 100755 --- a/scripts/install +++ b/scripts/install @@ -284,6 +284,14 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/remove b/scripts/remove index 3bd5e14..0298c20 100755 --- a/scripts/remove +++ b/scripts/remove @@ -92,6 +92,14 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 + +ynh_remove_fail2ban_config + #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index 460ad56..9247bf9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -241,6 +241,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE THE FAIL2BAN CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 83bd7e8..1e54fd0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -410,6 +410,14 @@ ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Upgrading fail2ban configuration..." + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 + #================================================= # INTEGRATE SERVICE IN YUNOHOST #=================================================