mirror of
https://github.com/YunoHost-Apps/seafile_ynh.git
synced 2024-09-03 20:26:01 +02:00
Add fail2ban
This commit is contained in:
Josué Tille
parent
ff97d28f63
commit
d4aeefafb9
6 changed files with 67 additions and 7 deletions
21
conf/f2b_filter.conf
Normal file
21
conf/f2b_filter.conf
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# Fail2Ban filter for seafile
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
# Read common prefixes. If any customizations available -- read them from
|
||||
# common.local
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = seaf-server
|
||||
|
||||
failregex = Login attempt limit reached.*, ip: <HOST>
|
||||
|
||||
ignoreregex =
|
||||
|
||||
# DEV Notes:
|
||||
#
|
||||
# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
|
||||
# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3
|
||||
18
conf/f2b_jail.conf
Normal file
18
conf/f2b_jail.conf
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# All standard jails are in the file configuration located
|
||||
# /etc/fail2ban/jail.conf
|
||||
|
||||
# Warning you may override any other parameter (e.g. banaction,
|
||||
# action, port, logpath, etc) in that section within jail.local
|
||||
|
||||
# Change logpath with your file log used by seafile (e.g. seahub.log)
|
||||
# Also you can change the max retry var (3 attemps = 1 line written in the
|
||||
# seafile log)
|
||||
# So with this maxrety to 1, the user can try 3 times before his IP is banned
|
||||
|
||||
[seafile]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = seafile-auth
|
||||
logpath = __FINAL_PATH__/logs/seahub.log
|
||||
maxretry = 3
|
||||
|
|
@ -38,6 +38,8 @@ ynh_script_progression --message="Backing configuration..."
|
|||
ynh_backup --src_path /etc/nginx/conf.d/$domain.d/${app}.conf
|
||||
ynh_backup --src_path /etc/systemd/system/seafile.service
|
||||
ynh_backup --src_path /etc/systemd/system/seahub.service
|
||||
ynh_backup --src_path /etc/fail2ban/jail.d/$app.conf
|
||||
ynh_backup --src_path /etc/fail2ban/filter.d/$app.conf
|
||||
|
||||
# Backup mysql
|
||||
ynh_script_progression --message="Backing database"
|
||||
|
|
|
|||
|
|
@ -125,6 +125,7 @@ echo 'EMAIL_PORT = "25"' | tee -a $final_path/conf/seahub_settings.py
|
|||
echo 'DEFAULT_FROM_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
||||
echo 'SERVER_EMAIL = "seafile@'$domain'"' | tee -a $final_path/conf/seahub_settings.py
|
||||
echo 'EMAIL_HOST_PASSWORD = ""' | tee -a $final_path/conf/seahub_settings.py
|
||||
echo "TIME_ZONE = \"$(cat /etc/timezone)\"" | tee -a $final_path/conf/seahub_settings.py
|
||||
|
||||
# LDAP configuration
|
||||
echo '[LDAP]' | tee -a $final_path/conf/ccnet.conf
|
||||
|
|
@ -198,6 +199,10 @@ ynh_script_progression --message="Configuring log rotation..."
|
|||
ynh_use_logrotate $final_path/logs
|
||||
ln -s $final_path/logs /var/log/seafile
|
||||
|
||||
# Add fail2ban
|
||||
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
||||
ynh_add_fail2ban_config --use_template --others_var 'final_path'
|
||||
|
||||
# register yunohost service
|
||||
yunohost service add seafile
|
||||
yunohost service add seahub
|
||||
|
|
|
|||
|
|
@ -73,19 +73,24 @@ ln -s $final_path/logs /var/log/seafile
|
|||
ynh_script_progression --message="Protecting directory..."
|
||||
set_permission
|
||||
|
||||
# Add Seafile to YunoHost's monitored services
|
||||
yunohost service add seafile
|
||||
yunohost service add seahub
|
||||
|
||||
# Reload nginx
|
||||
systemctl reload nginx.service
|
||||
|
||||
# Enable service and start seafile
|
||||
ynh_script_progression --message="Reconfiguring application..."
|
||||
systemctl daemon-reload
|
||||
systemctl enable seafile
|
||||
systemctl enable seahub
|
||||
|
||||
# Add Seafile to YunoHost's monitored services
|
||||
yunohost service add seafile
|
||||
yunohost service add seahub
|
||||
|
||||
ynh_script_progression --message="Reloading services..."
|
||||
|
||||
# Reload nginx
|
||||
systemctl reload nginx.service
|
||||
|
||||
# Reload fail2ban
|
||||
ynh_systemd_action --service_name=fail2ban --action=reload
|
||||
|
||||
# Avoid the current effect
|
||||
sleep 5
|
||||
|
||||
|
|
|
|||
|
|
@ -176,6 +176,11 @@ then
|
|||
echo "LOGIN_URL = '$path_url/accounts/login/'" | tee -a $final_path/conf/seahub_settings.py
|
||||
fi
|
||||
|
||||
if [ $(grep -c "TIME_ZONE" $final_path/conf/seahub_settings.py) == 0 ]
|
||||
then
|
||||
echo "TIME_ZONE = \"$(cat /etc/timezone)\"" | tee -a $final_path/conf/seahub_settings.py
|
||||
fi
|
||||
|
||||
# Fix local warning
|
||||
ynh_replace_string --match_string en_US.UTF-8 --replace_string ${LANG:-'en_US.UTF-8'} --target_file $final_path/seafile-server-$seafile_version/seahub.sh
|
||||
|
||||
|
|
@ -217,6 +222,10 @@ set_permission
|
|||
ynh_script_progression --message="Configuring log rotation..."
|
||||
ynh_use_logrotate $final_path/logs --nonappend
|
||||
|
||||
# Add fail2ban
|
||||
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
||||
ynh_add_fail2ban_config --use_template --others_var 'final_path'
|
||||
|
||||
# register yunohost service
|
||||
ynh_script_progression --message="Register seafile service..."
|
||||
yunohost service add seafile
|
||||
|
|
|
|||
Loading…
Reference in a new issue