YunoHost-Apps/rainloop_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/rainloop_ynh.git synced 2024-09-03 20:16:18 +02:00
Code Issues Activity Actions

Use fail2ban

Browse source
This commit is contained in:
Maniack Crudelis 2019-05-18 16:48:43 +02:00
parent 3ea4dc5cf6
commit dcfc516a1a
6 changed files with 93 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
conf/data/configs/application.ini
View file

@ -169,7 +169,7 @@ write_on_timeout_only = 0
; Required for development purposes only. ; Required for development purposes only.
; Disabling this option is not recommended. ; Disabling this option is not recommended.
hide_passwords = On hide_passwords = On
time_offset = 0 time_offset = __TIME_ZONE__
session_filter = "" session_filter = ""
; Log filename. ; Log filename.
@ -201,9 +201,9 @@ session_filter = ""
filename = "log-{date:Y-m-d}.txt" filename = "log-{date:Y-m-d}.txt"
; Enable auth logging in a separate file (for fail2ban) ; Enable auth logging in a separate file (for fail2ban)
auth_logging = Off auth_logging = On
auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" auth_logging_filename = "fail2ban/auth-fail.log"
auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" auth_logging_format = "[{date:Y-m-d H:i:s T}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
[debug] [debug]
; Special option required for development purposes ; Special option required for development purposes

17
scripts/backup
View file

@ -57,6 +57,23 @@ ynh_script_progression --message="Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" > db.sql ynh_mysql_dump_db --database="$db_name" > db.sql
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up fail2ban configuration..."
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_script_progression --message="Backing up logrotate configuration..."
ynh_backup --src_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

20
scripts/install
View file

@ -136,6 +136,7 @@ ynh_replace_string --match_string="__MYSQLUSER__" --replace_string=$db_name --ta
ynh_replace_string --match_string="__MYSQLPASSWORD__" --replace_string="$db_pwd" --target_file="$application_file" ynh_replace_string --match_string="__MYSQLPASSWORD__" --replace_string="$db_pwd" --target_file="$application_file"
ynh_replace_string --match_string="__LANGTOCHANGE__" --replace_string=$lang --target_file="$application_file" ynh_replace_string --match_string="__LANGTOCHANGE__" --replace_string=$lang --target_file="$application_file"
ynh_replace_string --match_string="__PLUGINSTOENABLE__" --replace_string="$plugins" --target_file="$application_file" ynh_replace_string --match_string="__PLUGINSTOENABLE__" --replace_string="$plugins" --target_file="$application_file"
ynh_replace_string --match_string="__TIME_ZONE__" --replace_string="$(date +%:::z)" --target_file="$application_file"
# Set admin password # Set admin password
@ -183,6 +184,25 @@ find $final_path/. -type d -exec chmod 755 {} \;
find $final_path/. -type f -exec chmod 644 {} \; find $final_path/. -type f -exec chmod 644 {} \;
chown -R $app: $final_path chown -R $app: $final_path
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban
touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=8
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=<HOST>.*$"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================

16
scripts/remove
View file

@ -54,6 +54,22 @@ ynh_script_progression --message="Removing php-fpm configuration..." --weight=2
# Remove the dedicated php-fpm config # Remove the dedicated php-fpm config
ynh_remove_fpm_config ynh_remove_fpm_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing fail2ban configuration..." --weight=8
# Remove the dedicated fail2ban config
ynh_remove_fail2ban_config
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
#================================================= #=================================================

14
scripts/restore
View file

@ -83,6 +83,20 @@ chown -R $app: $final_path
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=6
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION

22
scripts/upgrade
View file

@ -121,6 +121,9 @@ ynh_add_fpm_config
#================================================= #=================================================
ynh_script_progression --message="Upgrading rainloop configuration..." ynh_script_progression --message="Upgrading rainloop configuration..."
# Upgrade time_offset value for fail2ban
ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = $(date +%:::z)" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini"
# update SSO # update SSO
cp ../sources/sso/sso.php "$final_path/index.php" cp ../sources/sso/sso.php "$final_path/index.php"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/index.php" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/index.php"
@ -134,6 +137,17 @@ fi
# Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server # Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server
cp -rf ../sources/pgpback "$final_path/" cp -rf ../sources/pgpback "$final_path/"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=2
mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban
touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log --non-append
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -145,6 +159,14 @@ chown -R $app: $final_path
find $final_path/. -type d -exec chmod 755 {} \; find $final_path/. -type d -exec chmod 755 {} \;
find $final_path/. -type f -exec chmod 644 {} \; find $final_path/. -type f -exec chmod 644 {} \;
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=9
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=<HOST>.*$"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================