From 367762d45f0b5af2751acc4bd3f66fc219f03f6e Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sat, 2 Jan 2021 19:42:20 +0100 Subject: [PATCH] Add fail2ban Support --- conf/f2b_filter.conf | 6 ++++++ conf/f2b_jail.conf | 6 ++++++ scripts/backup | 6 +++--- scripts/change_url | 13 +++++++++++++ scripts/install | 10 ++++++---- scripts/remove | 4 ++-- scripts/restore | 20 ++++++++++---------- scripts/upgrade | 8 ++++++-- 8 files changed, 52 insertions(+), 21 deletions(-) create mode 100644 conf/f2b_filter.conf create mode 100644 conf/f2b_jail.conf diff --git a/conf/f2b_filter.conf b/conf/f2b_filter.conf new file mode 100644 index 0000000..6bbbd0b --- /dev/null +++ b/conf/f2b_filter.conf @@ -0,0 +1,6 @@ +[INCLUDES] +before = common.conf +[Definition] +failregex = .* .POST __PATH_URL__.*auth/sign_in HTTP/.... 401 +ignoreregex = +datepattern = %%d/%%b/%%Y:%%H:%%M:%%S diff --git a/conf/f2b_jail.conf b/conf/f2b_jail.conf new file mode 100644 index 0000000..e1b81a1 --- /dev/null +++ b/conf/f2b_jail.conf @@ -0,0 +1,6 @@ +[__APP__] +enabled = true +port = http,https +filter = __APP__ +logpath = /var/log/nginx/__DOMAIN__-access.log +maxretry = 5 diff --git a/scripts/backup b/scripts/backup index 2ba18bf..cfd3af5 100755 --- a/scripts/backup +++ b/scripts/backup @@ -56,10 +56,10 @@ ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -#ynh_print_info "Backing up fail2ban configuration..." +ynh_print_info "Backing up fail2ban configuration..." -#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP diff --git a/scripts/change_url b/scripts/change_url index f04724e..c8f0e5d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -113,7 +113,20 @@ ynh_script_progression --message="Modifying a config file..." --weight=1 config_file="$final_path/live/.env" ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=$old_path" --replace_string="RAILS_RELATIVE_URL_ROOT=$new_path" --target_file="$config_file" + #================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 + +domain=$new_domain +path_url=$new_path +# Create a dedicated fail2ban config +touch "/var/log/$app/$app.log" +ynh_add_fail2ban_config --use_template --others_var="\ + domain \ + path_url \ + " #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index bfd6a8b..2b5d347 100755 --- a/scripts/install +++ b/scripts/install @@ -59,7 +59,6 @@ port=$(ynh_find_port --port=3000) # Open the port ynh_app_setting_set --app=$app --key=port --value=$port - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -82,7 +81,6 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= ynh_script_progression --message="Setting up source files..." --weight=2 - ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src mkdir -p $final_path @@ -207,10 +205,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log #================================================= # SETUP FAIL2BAN #================================================= -#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 +ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 # Create a dedicated fail2ban config -#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +touch "/var/log/$app/$app.log" +ynh_add_fail2ban_config --use_template --others_var="\ + domain \ + path_url \ + " #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index 3bd0d9c..99575ef 100755 --- a/scripts/remove +++ b/scripts/remove @@ -99,10 +99,10 @@ fi #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -#ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 +ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 # Remove the dedicated fail2ban config -#ynh_remove_fail2ban_config +ynh_remove_fail2ban_config #================================================= # SPECIFIC REMOVE diff --git a/scripts/restore b/scripts/restore index 73106e4..115efcc 100755 --- a/scripts/restore +++ b/scripts/restore @@ -83,15 +83,6 @@ chown -R $app: "$final_path/live/tmp/" mkdir -p "/var/log/$app" chown -R $app: "/var/log/$app" -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -#ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=1 - -#ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -#ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -#ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # SPECIFIC RESTORATION #================================================= @@ -102,7 +93,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=17 # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies - #================================================= # INSTALLING RUBY #================================================= @@ -149,6 +139,16 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --weight= + +touch "/var/log/$app/$app.log" +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5fd9337..2f3f194 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -237,10 +237,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log #================================================= # SETUP FAIL2BAN #================================================= -#ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1 +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1 # Create a dedicated fail2ban config -#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +touch "/var/log/$app/$app.log" +ynh_add_fail2ban_config --use_template --others_var="\ + domain \ + path_url \ + " #================================================= # SETUP SSOWAT