kanboard_ynh/scripts/_common.sh

#!/bin/bash
#
# Common variables
#

if [ "$(lsb_release --codename --short)" == "jessie" ]; then
	pkg_dependencies="php5-gd"
else
	pkg_dependencies="php-gd php-zip php-dom php-mbstring"
fi

#=================================================
# EXPERIMENTAL HELPERS
#=================================================

# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
# | arg: log_file - Log file to be checked by fail2ban
# | arg: failregex - Failregex to be looked for by fail2ban
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
# | arg: ports - Ports blocked for a banned IP address - default: http,https
ynh_add_fail2ban_config () {
   # Process parameters
   logpath=$1
   failregex=$2
   max_retry=${3:-3}
   ports=${4:-http,https}
   
  test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
  test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
  
  finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
  finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
  ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
  
  sudo tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF

  sudo tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF

  ynh_store_file_checksum "$finalfail2banjailconf"
  ynh_store_file_checksum "$finalfail2banfilterconf"
  
  systemctl restart fail2ban
  local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
  if [ -n "$fail2ban_error" ]
  then
    echo "[ERR] Fail2ban failed to load the jail for $app" >&2
    echo "WARNING${fail2ban_error#*WARNING}" >&2
  fi
}

# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
  ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
  ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
  sudo systemctl restart fail2ban
}
Use ynh_setup_source 2017-10-19 11:33:09 +02:00			`#!/bin/bash`
Download sources during installation and upgrade to 1.0.36 (#38) * Download sources (except dependencies) during installation and upgrade to 1.0.35 * Download dependencies during installation Upgrade to 1.0.36 * Download kanboard zip from kanboard.net website * Take review into account 2017-01-17 17:51:12 +01:00			`#`
			`# Common variables`
			`#`

move dependencies setting to common.sh 2018-07-27 08:07:02 +02:00			`if [ "$(lsb_release --codename --short)" == "jessie" ]; then`
			`pkg_dependencies="php5-gd"`
			`else`
			`pkg_dependencies="php-gd php-zip php-dom php-mbstring"`
			`fi`
Added Fail2ban 2018-11-20 22:43:27 +01:00
			`#=================================================`
			`# EXPERIMENTAL HELPERS`
			`#=================================================`

			`# Create a dedicated fail2ban config (jail and filter conf files)`
			`#`
			`# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]`
			`# \| arg: log_file - Log file to be checked by fail2ban`
			`# \| arg: failregex - Failregex to be looked for by fail2ban`
			`# \| arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3`
			`# \| arg: ports - Ports blocked for a banned IP address - default: http,https`
			`ynh_add_fail2ban_config () {`
			`# Process parameters`
			`logpath=$1`
			`failregex=$2`
			`max_retry=${3:-3}`
			`ports=${4:-http,https}`

			`test -n "$logpath" \|\| ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."`
			`test -n "$failregex" \|\| ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."`

			`finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"`
			`finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"`
			`ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1`
			`ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1`

			`sudo tee $finalfail2banjailconf <<EOF`
			`[$app]`
			`enabled = true`
			`port = $ports`
			`filter = $app`
			`logpath = $logpath`
			`maxretry = $max_retry`
			`EOF`

			`sudo tee $finalfail2banfilterconf <<EOF`
			`[INCLUDES]`
			`before = common.conf`
			`[Definition]`
			`failregex = $failregex`
			`ignoreregex =`
			`EOF`

			`ynh_store_file_checksum "$finalfail2banjailconf"`
			`ynh_store_file_checksum "$finalfail2banfilterconf"`

			`systemctl restart fail2ban`
			`local fail2ban_error="$(journalctl -u fail2ban \| tail -n50 \| grep "WARNING.$app.")"`
			`if [ -n "$fail2ban_error" ]`
			`then`
			`echo "[ERR] Fail2ban failed to load the jail for $app" >&2`
			`echo "WARNING${fail2ban_error#*WARNING}" >&2`
			`fi`
			`}`

			`# Remove the dedicated fail2ban config (jail and filter conf files)`
			`#`
			`# usage: ynh_remove_fail2ban_config`
			`ynh_remove_fail2ban_config () {`
			`ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"`
			`ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"`
			`sudo systemctl restart fail2ban`
			`}`