mirror of
https://github.com/YunoHost-Apps/kanboard_ynh.git
synced 2024-09-03 19:36:17 +02:00
commit
bbe84a1fc0
6 changed files with 97 additions and 0 deletions
|
@ -8,3 +8,67 @@ if [ "$(lsb_release --codename --short)" == "jessie" ]; then
|
|||
else
|
||||
pkg_dependencies="php-gd php-zip php-dom php-mbstring"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# EXPERIMENTAL HELPERS
|
||||
#=================================================
|
||||
|
||||
# Create a dedicated fail2ban config (jail and filter conf files)
|
||||
#
|
||||
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
|
||||
# | arg: log_file - Log file to be checked by fail2ban
|
||||
# | arg: failregex - Failregex to be looked for by fail2ban
|
||||
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
|
||||
# | arg: ports - Ports blocked for a banned IP address - default: http,https
|
||||
ynh_add_fail2ban_config () {
|
||||
# Process parameters
|
||||
logpath=$1
|
||||
failregex=$2
|
||||
max_retry=${3:-3}
|
||||
ports=${4:-http,https}
|
||||
|
||||
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
|
||||
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
|
||||
|
||||
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
|
||||
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
|
||||
|
||||
sudo tee $finalfail2banjailconf <<EOF
|
||||
[$app]
|
||||
enabled = true
|
||||
port = $ports
|
||||
filter = $app
|
||||
logpath = $logpath
|
||||
maxretry = $max_retry
|
||||
EOF
|
||||
|
||||
sudo tee $finalfail2banfilterconf <<EOF
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
[Definition]
|
||||
failregex = $failregex
|
||||
ignoreregex =
|
||||
EOF
|
||||
|
||||
ynh_store_file_checksum "$finalfail2banjailconf"
|
||||
ynh_store_file_checksum "$finalfail2banfilterconf"
|
||||
|
||||
systemctl restart fail2ban
|
||||
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
|
||||
if [ -n "$fail2ban_error" ]
|
||||
then
|
||||
echo "[ERR] Fail2ban failed to load the jail for $app" >&2
|
||||
echo "WARNING${fail2ban_error#*WARNING}" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
# Remove the dedicated fail2ban config (jail and filter conf files)
|
||||
#
|
||||
# usage: ynh_remove_fail2ban_config
|
||||
ynh_remove_fail2ban_config () {
|
||||
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
|
||||
sudo systemctl restart fail2ban
|
||||
}
|
||||
|
|
|
@ -55,6 +55,13 @@ ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
|||
|
||||
ynh_backup "/etc/php5/fpm/pool.d/${app}.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE MYSQL DATABASE
|
||||
#=================================================
|
||||
|
|
|
@ -141,6 +141,12 @@ chown -R root:root "$final_path"
|
|||
chown -R "$app" "$final_path"/{data,plugins,sessions}
|
||||
chmod -R 700 "$final_path"/sessions
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" 5
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
|
|
|
@ -53,3 +53,9 @@ ynh_remove_nginx_config
|
|||
#=================================================
|
||||
|
||||
ynh_remove_fpm_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_remove_fail2ban_config
|
||||
|
|
|
@ -98,6 +98,14 @@ chmod -R 700 "$final_path"/sessions
|
|||
|
||||
ynh_restore_file "/etc/php5/fpm/pool.d/${app}.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
||||
systemctl restart fail2ban
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
|
|
@ -188,6 +188,12 @@ else
|
|||
ynh_app_setting_set "$app" unprotected_uris "/jsonrpc.php"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
ynh_add_fail2ban_config "/var/log/nginx/$domain-error.log" "^.*authentication failure\" while reading response header from upstream, client: <HOST>,.*$" 5
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue