mirror of
https://github.com/YunoHost-Apps/seafile_ynh.git
synced 2024-09-03 20:26:01 +02:00
Add fail2ban
This commit is contained in:
parent
ff97d28f63
commit
d4aeefafb9
6 changed files with 67 additions and 7 deletions
21
conf/f2b_filter.conf
Normal file
21
conf/f2b_filter.conf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Fail2Ban filter for seafile
|
||||||
|
#
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes. If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
_daemon = seaf-server
|
||||||
|
|
||||||
|
failregex = Login attempt limit reached.*, ip: <HOST>
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
# DEV Notes:
|
||||||
|
#
|
||||||
|
# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
|
||||||
|
# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3
|
18
conf/f2b_jail.conf
Normal file
18
conf/f2b_jail.conf
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# All standard jails are in the file configuration located
|
||||||
|
# /etc/fail2ban/jail.conf
|
||||||
|
|
||||||
|
# Warning you may override any other parameter (e.g. banaction,
|
||||||
|
# action, port, logpath, etc) in that section within jail.local
|
||||||
|
|
||||||
|
# Change logpath with your file log used by seafile (e.g. seahub.log)
|
||||||
|
# Also you can change the max retry var (3 attemps = 1 line written in the
|
||||||
|
# seafile log)
|
||||||
|
# So with this maxrety to 1, the user can try 3 times before his IP is banned
|
||||||
|
|
||||||
|
[seafile]
|
||||||
|
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = seafile-auth
|
||||||
|
logpath = __FINAL_PATH__/logs/seahub.log
|
||||||
|
maxretry = 3
|
|
@ -38,6 +38,8 @@ ynh_script_progression --message="Backing configuration..."
|
||||||
ynh_backup --src_path /etc/nginx/conf.d/$domain.d/${app}.conf
|
ynh_backup --src_path /etc/nginx/conf.d/$domain.d/${app}.conf
|
||||||
ynh_backup --src_path /etc/systemd/system/seafile.service
|
ynh_backup --src_path /etc/systemd/system/seafile.service
|
||||||
ynh_backup --src_path /etc/systemd/system/seahub.service
|
ynh_backup --src_path /etc/systemd/system/seahub.service
|
||||||
|
ynh_backup --src_path /etc/fail2ban/jail.d/$app.conf
|
||||||
|
ynh_backup --src_path /etc/fail2ban/filter.d/$app.conf
|
||||||
|
|
||||||
# Backup mysql
|
# Backup mysql
|
||||||
ynh_script_progression --message="Backing database"
|
ynh_script_progression --message="Backing database"
|
||||||
|
|
|
@ -125,6 +125,7 @@ echo 'EMAIL_PORT = "25"' | tee -a $final_path/conf/seahub_settings.py
|
||||||
echo 'DEFAULT_FROM_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
echo 'DEFAULT_FROM_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
||||||
echo 'SERVER_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
echo 'SERVER_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
||||||
echo 'EMAIL_HOST_PASSWORD = ""' | tee -a $final_path/conf/seahub_settings.py
|
echo 'EMAIL_HOST_PASSWORD = ""' | tee -a $final_path/conf/seahub_settings.py
|
||||||
|
echo "TIME_ZONE = \"$(cat /etc/timezone)\"" | tee -a $final_path/conf/seahub_settings.py
|
||||||
|
|
||||||
# LDAP configuration
|
# LDAP configuration
|
||||||
echo '[LDAP]' | tee -a $final_path/conf/ccnet.conf
|
echo '[LDAP]' | tee -a $final_path/conf/ccnet.conf
|
||||||
|
@ -198,6 +199,10 @@ ynh_script_progression --message="Configuring log rotation..."
|
||||||
ynh_use_logrotate $final_path/logs
|
ynh_use_logrotate $final_path/logs
|
||||||
ln -s $final_path/logs /var/log/seafile
|
ln -s $final_path/logs /var/log/seafile
|
||||||
|
|
||||||
|
# Add fail2ban
|
||||||
|
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
||||||
|
ynh_add_fail2ban_config --use_template --others_var 'final_path'
|
||||||
|
|
||||||
# register yunohost service
|
# register yunohost service
|
||||||
yunohost service add seafile
|
yunohost service add seafile
|
||||||
yunohost service add seahub
|
yunohost service add seahub
|
||||||
|
|
|
@ -73,19 +73,24 @@ ln -s $final_path/logs /var/log/seafile
|
||||||
ynh_script_progression --message="Protecting directory..."
|
ynh_script_progression --message="Protecting directory..."
|
||||||
set_permission
|
set_permission
|
||||||
|
|
||||||
# Add Seafile to YunoHost's monitored services
|
|
||||||
yunohost service add seafile
|
|
||||||
yunohost service add seahub
|
|
||||||
|
|
||||||
# Reload nginx
|
|
||||||
systemctl reload nginx.service
|
|
||||||
|
|
||||||
# Enable service and start seafile
|
# Enable service and start seafile
|
||||||
ynh_script_progression --message="Reconfiguring application..."
|
ynh_script_progression --message="Reconfiguring application..."
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable seafile
|
systemctl enable seafile
|
||||||
systemctl enable seahub
|
systemctl enable seahub
|
||||||
|
|
||||||
|
# Add Seafile to YunoHost's monitored services
|
||||||
|
yunohost service add seafile
|
||||||
|
yunohost service add seahub
|
||||||
|
|
||||||
|
ynh_script_progression --message="Reloading services..."
|
||||||
|
|
||||||
|
# Reload nginx
|
||||||
|
systemctl reload nginx.service
|
||||||
|
|
||||||
|
# Reload fail2ban
|
||||||
|
ynh_systemd_action --service_name=fail2ban --action=reload
|
||||||
|
|
||||||
# Avoid the current effect
|
# Avoid the current effect
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
||||||
|
|
|
@ -176,6 +176,11 @@ then
|
||||||
echo "LOGIN_URL = '$path_url/accounts/login/'" | tee -a $final_path/conf/seahub_settings.py
|
echo "LOGIN_URL = '$path_url/accounts/login/'" | tee -a $final_path/conf/seahub_settings.py
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ $(grep -c "TIME_ZONE" $final_path/conf/seahub_settings.py) == 0 ]
|
||||||
|
then
|
||||||
|
echo "TIME_ZONE = \"$(cat /etc/timezone)\"" | tee -a $final_path/conf/seahub_settings.py
|
||||||
|
fi
|
||||||
|
|
||||||
# Fix local warning
|
# Fix local warning
|
||||||
ynh_replace_string --match_string en_US.UTF-8 --replace_string ${LANG:-'en_US.UTF-8'} --target_file $final_path/seafile-server-$seafile_version/seahub.sh
|
ynh_replace_string --match_string en_US.UTF-8 --replace_string ${LANG:-'en_US.UTF-8'} --target_file $final_path/seafile-server-$seafile_version/seahub.sh
|
||||||
|
|
||||||
|
@ -217,6 +222,10 @@ set_permission
|
||||||
ynh_script_progression --message="Configuring log rotation..."
|
ynh_script_progression --message="Configuring log rotation..."
|
||||||
ynh_use_logrotate $final_path/logs --nonappend
|
ynh_use_logrotate $final_path/logs --nonappend
|
||||||
|
|
||||||
|
# Add fail2ban
|
||||||
|
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
||||||
|
ynh_add_fail2ban_config --use_template --others_var 'final_path'
|
||||||
|
|
||||||
# register yunohost service
|
# register yunohost service
|
||||||
ynh_script_progression --message="Register seafile service..."
|
ynh_script_progression --message="Register seafile service..."
|
||||||
yunohost service add seafile
|
yunohost service add seafile
|
||||||
|
|
Loading…
Reference in a new issue