Merge pull request #99 from YunoHost-Apps/fail2ban

Add fail2ban to improve security
2024-09-03 19:16:06 +02:00 · 2023-09-10 23:04:44 +02:00 · 2023-09-10 23:04:44 +02:00 · 2d9913f9fb
commit 2d9913f9fb
parent 8d030bdd79 ed9fc6c961
5 changed files with 39 additions and 0 deletions
--- a/scripts/backup
+++ b/scripts/backup
@ -72,6 +72,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_backup --src_path="/etc/logrotate.d/$app"
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
 ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -284,6 +284,14 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
 ynh_script_progression --message="Configuring fail2ban..." --weight=1
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP=<HOST> .* msg=\"Unauthorized:" --max_retry=5
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -92,6 +92,14 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight=
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
 ynh_remove_fail2ban_config
 #=================================================
 # CLOSE A PORT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -241,6 +241,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 # RESTORE THE FAIL2BAN CONFIGURATION
 #=================================================
 ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
 ynh_systemd_action --action=restart --service_name=fail2ban
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -410,6 +410,14 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
 ynh_script_progression --message="Upgrading fail2ban configuration..."
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP=<HOST> .* msg=\"Unauthorized:" --max_retry=5
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================