1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
piwigo_ynh/scripts/_common.sh

197 lines
7.1 KiB
Bash
Raw Normal View History

#!/bin/bash
2019-02-17 19:30:40 +01:00
#=================================================
# COMMON VARIABLES
#=================================================
2017-01-03 18:32:00 +01:00
pkg_dependencies="php5-gd php5-imagick imagemagick"
2017-09-23 10:25:23 +02:00
2019-02-17 19:30:40 +01:00
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
2017-09-10 09:25:22 +02:00
# Create a dedicated fail2ban config (jail and filter conf files)
#
2019-02-17 19:30:40 +01:00
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
ynh_add_fail2ban_config () {
2019-02-17 19:30:40 +01:00
# Declare an array to define the options of this helper.
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
2018-03-08 19:08:15 +01:00
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
2019-02-17 19:30:40 +01:00
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banjailconf"
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
2018-03-08 19:08:15 +01:00
maxretry = $max_retry
EOF
2019-02-17 19:30:40 +01:00
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
2018-03-08 19:08:15 +01:00
ignoreregex =
EOF
2019-02-17 19:30:40 +01:00
fi
2019-02-17 19:30:40 +01:00
# Common to usage 1 and 2.
2018-03-08 19:08:15 +01:00
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
2019-02-17 19:30:40 +01:00
systemctl try-reload-or-restart fail2ban
2018-03-08 19:08:15 +01:00
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
2019-02-17 19:30:40 +01:00
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err "Fail2ban failed to load the jail for $app"
ynh_print_warn "${fail2ban_error#*WARNING}"
2018-03-08 19:08:15 +01:00
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
2018-03-08 19:08:15 +01:00
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
2019-02-17 19:30:40 +01:00
systemctl try-reload-or-restart fail2ban
2017-09-10 09:25:22 +02:00
}
2019-02-17 19:28:37 +01:00
#=================================================
# Check available space before creating a temp directory.
2017-09-10 09:25:22 +02:00
#
2019-02-17 19:28:37 +01:00
# usage: ynh_smart_mktemp --min_size="Min size"
2017-09-10 09:25:22 +02:00
#
2019-02-17 19:28:37 +01:00
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [s]=min_size= )
local min_size
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
min_size="${min_size:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
2017-09-10 09:25:22 +02:00
}