From 3151cab57e9a23cd1ed3f2c9e4e365737857f643 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Jan 2024 20:47:43 +0100 Subject: [PATCH] fail2ban support --- scripts/backup | 6 +++++- scripts/install | 3 +++ scripts/remove | 2 ++ scripts/restore | 8 +++++--- scripts/upgrade | 3 +++ 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/scripts/backup b/scripts/backup index f887e84..b47e55d 100755 --- a/scripts/backup +++ b/scripts/backup @@ -21,11 +21,15 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$install_dir" #================================================= -# BACKUP THE NGINX CONFIGURATION +# BACKUP SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +# Backup the Fail2Ban config +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index 4aaba2e..c7e949b 100755 --- a/scripts/install +++ b/scripts/install @@ -46,6 +46,9 @@ ynh_add_systemd_config yunohost service add "$app" --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="limiting requests, excess:.* by zone.*client: " + #================================================= # ADD A CONFIGURATION #================================================= diff --git a/scripts/remove b/scripts/remove index 3e175cb..dc4bfb6 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,6 +21,8 @@ ynh_remove_systemd_config ynh_remove_nginx_config +ynh_remove_fail2ban_config + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 695c64d..50ba918 100755 --- a/scripts/restore +++ b/scripts/restore @@ -22,8 +22,6 @@ chown -R "$app:www-data" "$install_dir" #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -33,10 +31,14 @@ systemctl enable "$app.service" --quiet yunohost service add "$app" --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE +# RELOAD NGINX AND THE APP SERVICE #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 diff --git a/scripts/upgrade b/scripts/upgrade index d8dc85b..d19fadb 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,6 +59,9 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_add_config --template="server.yml" --destination="$install_dir/server.yml" +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="limiting requests, excess:.* by zone.*client: " + #================================================= # ADD A CONFIGURATION #=================================================