From 24e4162af45572f350542804e73909b9b5884610 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 31 Jan 2023 11:14:50 +0100 Subject: [PATCH] Add fail2ban support --- manifest.json | 2 +- scripts/backup | 7 +++++++ scripts/install | 8 ++++++++ scripts/remove | 8 ++++++++ scripts/restore | 9 +++++++++ scripts/upgrade | 8 ++++++++ 6 files changed, 41 insertions(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 3193f21..9e44243 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Home automation platform", "fr": "Plateforme domotique" }, - "version": "2023.1.7~ynh1", + "version": "2023.1.7~ynh2", "url": "https://github.com/home-assistant/home-assistant", "upstream": { "license": "Apache-2.0", diff --git a/scripts/backup b/scripts/backup index 81e7a0e..023a201 100644 --- a/scripts/backup +++ b/scripts/backup @@ -58,6 +58,13 @@ ynh_backup --src_path="$data_path" --is_big ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # SPECIFIC BACKUP #================================================= diff --git a/scripts/install b/scripts/install index 368b2bf..1b4b7d4 100644 --- a/scripts/install +++ b/scripts/install @@ -183,6 +183,14 @@ ynh_store_file_checksum --file="/etc/systemd/system/$app.service" systemctl daemon-reload ynh_systemd_action --service_name=$app --action=restart +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="$log_file" --failregex="Login attempt or request with invalid authentication from " + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index 3f199f1..53cbdff 100644 --- a/scripts/remove +++ b/scripts/remove @@ -91,6 +91,14 @@ ynh_script_progression --message="Removing dependencies..." ynh_remove_app_dependencies +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 + +# Remove the dedicated Fail2Ban config +ynh_remove_fail2ban_config + #================================================= # SPECIFIC REMOVE #================================================= diff --git a/scripts/restore b/scripts/restore index a7a63d7..0ee07dd 100644 --- a/scripts/restore +++ b/scripts/restore @@ -79,6 +79,15 @@ ynh_restore_file --origin_path="$data_path" --not_mandatory mkdir -p $data_path +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # SPECIFIC RESTORATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 89ee4b2..59eeabf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -112,6 +112,14 @@ ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="$log_file" --failregex="Login attempt or request with invalid authentication from " + #================================================= # GENERIC FINALIZATION #=================================================