diff --git a/conf/data/configs/application.ini b/conf/data/configs/application.ini index 71a4cc5..88b62ca 100644 --- a/conf/data/configs/application.ini +++ b/conf/data/configs/application.ini @@ -169,7 +169,7 @@ write_on_timeout_only = 0 ; Required for development purposes only. ; Disabling this option is not recommended. hide_passwords = On -time_offset = 0 +time_offset = __TIME_ZONE__ session_filter = "" ; Log filename. @@ -201,9 +201,9 @@ session_filter = "" filename = "log-{date:Y-m-d}.txt" ; Enable auth logging in a separate file (for fail2ban) -auth_logging = Off -auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" -auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" +auth_logging = On +auth_logging_filename = "fail2ban/auth-fail.log" +auth_logging_format = "[{date:Y-m-d H:i:s T}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" [debug] ; Special option required for development purposes diff --git a/scripts/backup b/scripts/backup index a1d85d7..dee9312 100644 --- a/scripts/backup +++ b/scripts/backup @@ -57,6 +57,23 @@ ynh_script_progression --message="Backing up the MySQL database..." ynh_mysql_dump_db --database="$db_name" > db.sql +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Backing up fail2ban configuration..." + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= +ynh_script_progression --message="Backing up logrotate configuration..." + +ynh_backup --src_path="/etc/logrotate.d/$app" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 9f01527..d87194d 100644 --- a/scripts/install +++ b/scripts/install @@ -136,6 +136,7 @@ ynh_replace_string --match_string="__MYSQLUSER__" --replace_string=$db_name --ta ynh_replace_string --match_string="__MYSQLPASSWORD__" --replace_string="$db_pwd" --target_file="$application_file" ynh_replace_string --match_string="__LANGTOCHANGE__" --replace_string=$lang --target_file="$application_file" ynh_replace_string --match_string="__PLUGINSTOENABLE__" --replace_string="$plugins" --target_file="$application_file" +ynh_replace_string --match_string="__TIME_ZONE__" --replace_string="$(date +%:::z)" --target_file="$application_file" # Set admin password @@ -183,6 +184,25 @@ find $final_path/. -type d -exec chmod 755 {} \; find $final_path/. -type f -exec chmod 644 {} \; chown -R $app: $final_path +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." + +mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban +touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=8 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=.*$" + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index 966deae..c1e303f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -54,6 +54,22 @@ ynh_script_progression --message="Removing php-fpm configuration..." --weight=2 # Remove the dedicated php-fpm config ynh_remove_fpm_config +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing fail2ban configuration..." --weight=8 + +# Remove the dedicated fail2ban config +ynh_remove_fail2ban_config + #================================================= # SPECIFIC REMOVE #================================================= diff --git a/scripts/restore b/scripts/restore index b8b9f18..8d80b4b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -83,6 +83,20 @@ chown -R $app: $final_path ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=6 + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index b01e320..47222e9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -121,6 +121,9 @@ ynh_add_fpm_config #================================================= ynh_script_progression --message="Upgrading rainloop configuration..." +# Upgrade time_offset value for fail2ban +ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = $(date +%:::z)" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini" + # update SSO cp ../sources/sso/sso.php "$final_path/index.php" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/index.php" @@ -134,6 +137,17 @@ fi # Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server cp -rf ../sources/pgpback "$final_path/" +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=2 + +mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban +touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log --non-append + #================================================= # GENERIC FINALIZATION #================================================= @@ -145,6 +159,14 @@ chown -R $app: $final_path find $final_path/. -type d -exec chmod 755 {} \; find $final_path/. -type f -exec chmod 644 {} \; +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=9 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=.*$" + #================================================= # SETUP SSOWAT #=================================================