mirror of
https://github.com/YunoHost-Apps/snserver_ynh.git
synced 2024-09-03 20:26:22 +02:00
Add fail2ban Support
This commit is contained in:
parent
7474baadc1
commit
367762d45f
8 changed files with 52 additions and 21 deletions
6
conf/f2b_filter.conf
Normal file
6
conf/f2b_filter.conf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[INCLUDES]
|
||||||
|
before = common.conf
|
||||||
|
[Definition]
|
||||||
|
failregex = <HOST> .* .POST __PATH_URL__.*auth/sign_in HTTP/.... 401
|
||||||
|
ignoreregex =
|
||||||
|
datepattern = %%d/%%b/%%Y:%%H:%%M:%%S
|
6
conf/f2b_jail.conf
Normal file
6
conf/f2b_jail.conf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[__APP__]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = __APP__
|
||||||
|
logpath = /var/log/nginx/__DOMAIN__-access.log
|
||||||
|
maxretry = 5
|
|
@ -56,10 +56,10 @@ ynh_mysql_dump_db --database="$db_name" > db.sql
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP FAIL2BAN CONFIGURATION
|
# BACKUP FAIL2BAN CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
#ynh_print_info "Backing up fail2ban configuration..."
|
ynh_print_info "Backing up fail2ban configuration..."
|
||||||
|
|
||||||
#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
|
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
|
||||||
#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
|
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC BACKUP
|
# SPECIFIC BACKUP
|
||||||
|
|
|
@ -113,7 +113,20 @@ ynh_script_progression --message="Modifying a config file..." --weight=1
|
||||||
|
|
||||||
config_file="$final_path/live/.env"
|
config_file="$final_path/live/.env"
|
||||||
ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=$old_path" --replace_string="RAILS_RELATIVE_URL_ROOT=$new_path" --target_file="$config_file"
|
ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=$old_path" --replace_string="RAILS_RELATIVE_URL_ROOT=$new_path" --target_file="$config_file"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
# SETUP FAIL2BAN
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
|
||||||
|
|
||||||
|
domain=$new_domain
|
||||||
|
path_url=$new_path
|
||||||
|
# Create a dedicated fail2ban config
|
||||||
|
touch "/var/log/$app/$app.log"
|
||||||
|
ynh_add_fail2ban_config --use_template --others_var="\
|
||||||
|
domain \
|
||||||
|
path_url \
|
||||||
|
"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALISATION
|
# GENERIC FINALISATION
|
||||||
|
|
|
@ -59,7 +59,6 @@ port=$(ynh_find_port --port=3000)
|
||||||
# Open the port
|
# Open the port
|
||||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALL DEPENDENCIES
|
# INSTALL DEPENDENCIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -82,7 +81,6 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Setting up source files..." --weight=2
|
ynh_script_progression --message="Setting up source files..." --weight=2
|
||||||
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
mkdir -p $final_path
|
mkdir -p $final_path
|
||||||
|
@ -207,10 +205,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP FAIL2BAN
|
# SETUP FAIL2BAN
|
||||||
#=================================================
|
#=================================================
|
||||||
#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
|
ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
|
||||||
|
|
||||||
# Create a dedicated fail2ban config
|
# Create a dedicated fail2ban config
|
||||||
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
|
touch "/var/log/$app/$app.log"
|
||||||
|
ynh_add_fail2ban_config --use_template --others_var="\
|
||||||
|
domain \
|
||||||
|
path_url \
|
||||||
|
"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
|
|
|
@ -99,10 +99,10 @@ fi
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE FAIL2BAN CONFIGURATION
|
# REMOVE FAIL2BAN CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
#ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
|
ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
|
||||||
|
|
||||||
# Remove the dedicated fail2ban config
|
# Remove the dedicated fail2ban config
|
||||||
#ynh_remove_fail2ban_config
|
ynh_remove_fail2ban_config
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC REMOVE
|
# SPECIFIC REMOVE
|
||||||
|
|
|
@ -83,15 +83,6 @@ chown -R $app: "$final_path/live/tmp/"
|
||||||
mkdir -p "/var/log/$app"
|
mkdir -p "/var/log/$app"
|
||||||
chown -R $app: "/var/log/$app"
|
chown -R $app: "/var/log/$app"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RESTORE FAIL2BAN CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
#ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=1
|
|
||||||
|
|
||||||
#ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
|
||||||
#ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
|
||||||
#ynh_systemd_action --action=restart --service_name=fail2ban
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC RESTORATION
|
# SPECIFIC RESTORATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -102,7 +93,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=17
|
||||||
# Define and install dependencies
|
# Define and install dependencies
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALLING RUBY
|
# INSTALLING RUBY
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -149,6 +139,16 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE FAIL2BAN CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=
|
||||||
|
|
||||||
|
touch "/var/log/$app/$app.log"
|
||||||
|
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
||||||
|
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
||||||
|
ynh_systemd_action --action=restart --service_name=fail2ban
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -237,10 +237,14 @@ yunohost service add $app --description "Standard Notes - Syncing Server" --log
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP FAIL2BAN
|
# SETUP FAIL2BAN
|
||||||
#=================================================
|
#=================================================
|
||||||
#ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1
|
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=1
|
||||||
|
|
||||||
# Create a dedicated fail2ban config
|
# Create a dedicated fail2ban config
|
||||||
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
|
touch "/var/log/$app/$app.log"
|
||||||
|
ynh_add_fail2ban_config --use_template --others_var="\
|
||||||
|
domain \
|
||||||
|
path_url \
|
||||||
|
"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
|
|
Loading…
Reference in a new issue