From 1fd422792f2fd95c3dd03494d5d3ba04806ce65f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 17 May 2022 10:44:08 +0200 Subject: [PATCH] Add Fail2ban --- scripts/backup | 7 +++++++ scripts/install | 8 ++++++++ scripts/remove | 8 ++++++++ scripts/restore | 9 +++++++++ scripts/upgrade | 8 ++++++++ 5 files changed, 40 insertions(+) diff --git a/scripts/backup b/scripts/backup index 07bba6a..c26c773 100755 --- a/scripts/backup +++ b/scripts/backup @@ -63,6 +63,13 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index c84ec01..2669bc8 100755 --- a/scripts/install +++ b/scripts/install @@ -110,6 +110,14 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="$final_path/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip= user=.* host=.* port=.*$" + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index d50ca04..c3ccb12 100755 --- a/scripts/remove +++ b/scripts/remove @@ -59,6 +59,14 @@ ynh_script_progression --message="Removing dependencies..." --weight=5 # Remove metapackage and its dependencies ynh_remove_app_dependencies +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 + +# Remove the dedicated Fail2Ban config +ynh_remove_fail2ban_config + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 2361430..0143d2d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -76,6 +76,15 @@ ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weig ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # SPECIFIC RESTORATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 614d56f..6824d07 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,6 +97,14 @@ ynh_script_progression --message="Upgrading logrotate configuration..." --weight # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="$final_path/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip= user=.* host=.* port=.*$" + #================================================= # RELOAD NGINX #=================================================