mirror of
https://github.com/YunoHost-Apps/wallabag2_ynh.git
synced 2024-10-01 13:35:06 +02:00
Add Fail2ban support (#65)
* Readme: Add welcome UI screenshoot It's always nice to have a quick look at the UI of the software you're going to install :) * Testing (#56) * Fix 413 request entity too large (#55) * [fix] 413 Request Entity Too Large * Remove ini file for php (#57) Have a look to YunoHost-Apps/nextcloud_ynh#138 for more information * Add fail2ban config * Add Fail2ban config removal helper * Enhance fail2ban config look * Add fail2ban backup * Restore fail2ban config * Add fail2ban config during upgrade To make sure any older version will get fail2ban support * Update minimum version to 3.5 This is needed for fail2ban helpers * Add fail2ban info * Fail2ban: Fix missing log file during install * Fix feil2ban regex * Fix fail2ban regex - 2 * Use ynh_systemd_action * Use long getopts arguments * Fix duplicated comment and remove blank space * Fix fail2ban regex in upgrade script * Improve regex - install This allow empty username (not possible, but may still block some extra brute force spammers) and username with spaces * Improve regex - upgrade This allow empty username (not possible, but may still block some extra brute force spammers) and username with spaces * Fix missing log file for fail2ban * Indentation and variable usage
This commit is contained in:
parent
afadf3c74c
commit
ae76c98612
7 changed files with 52 additions and 4 deletions
|
@ -3,6 +3,9 @@
|
|||
|
||||
This is a Wallabag v2 package for YunoHost.
|
||||
|
||||

|
||||
|
||||
|
||||
---
|
||||
|
||||
**NB: Since @jeromelebleu is no longer maintaining this package, I (@lapineige) take over this repository. But I have limited time and experience, so feel free to help !**
|
||||
|
@ -26,6 +29,7 @@ this package:
|
|||
* Integrate with YunoHost users and SSO - i.e. logout button
|
||||
* Allow one user to be the administrator (set at the installation)
|
||||
* Asynchronous import using Redis (need to be enabled in the *Internal Settings*). RabbitMQ import not supported (yet ?)
|
||||
* Supports fail2ban - protects you from password brute force attacks.
|
||||
|
||||
## Known issue(s)
|
||||
- Removing a Yunohost's user won't delete the related wallabag user, but only desactivate it. You need to manualy remove it from wallabag before. See: https://github.com/YunoHost-Apps/wallabag2_ynh/issues/39
|
||||
|
@ -45,7 +49,7 @@ For the migration process, please refer to the
|
|||
* YunoHost website: https://yunohost.org/
|
||||
* [Video demo](https://player.vimeo.com/video/167435064)
|
||||
|
||||
|
||||
---
|
||||
---
|
||||
Wallabag pour Yunohost - [Version Française]
|
||||
---
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
},
|
||||
"multi_instance": true,
|
||||
"requirements": {
|
||||
"yunohost": ">= 2.7.12"
|
||||
"yunohost": ">= 3.5.0"
|
||||
},
|
||||
"services": [
|
||||
"nginx",
|
||||
|
|
|
@ -52,3 +52,10 @@ ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
|
|||
|
||||
ynh_mysql_dump_db "$db_name" > db.sql
|
||||
CHECK_SIZE "db.sql"
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
|
|
@ -130,6 +130,18 @@ exec_console $app "$final_path" fos:user:promote --super "$admin"
|
|||
# Configure Wallabag instance URL
|
||||
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'"
|
||||
|
||||
#=================================================
|
||||
# CONFIGURE FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
# Create the log file is not already existing during install
|
||||
mkdir -p "/var/www/$app/var/logs/"
|
||||
touch "/var/www/$app/var/logs/prod.log"
|
||||
chown $app: "/var/www/$app/var/logs/prod.log"
|
||||
# Add fail2ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
|
||||
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
|
|
@ -55,8 +55,14 @@ ynh_remove_nginx_config
|
|||
systemctl restart php5-fpm
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
|
||||
ynh_system_user_delete $app
|
||||
ynh_system_user_delete $app
|
||||
|
|
|
@ -76,6 +76,14 @@ ynh_system_user_create $app # Recreate the dedicated user, if not existing
|
|||
|
||||
chown -R $app: $final_path
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
ynh_systemd_action --action=reload --service_name=fail2ban # Reload instead of restart for better performance
|
||||
|
||||
#=================================================
|
||||
# RESTORE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
|
|
|
@ -113,6 +113,17 @@ exec_console $app "${final_path}" cache:clear
|
|||
# Configure Wallabag instance URL
|
||||
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'"
|
||||
|
||||
# Set-up fail2ban
|
||||
# Create the log file is not already existing
|
||||
if [ ! -f "$final_path/var/logs/prod.log" ]
|
||||
then
|
||||
mkdir -p "$final_path/var/logs/"
|
||||
touch "$final_path/var/logs/prod.log"
|
||||
chown $app: "$final_path/var/logs/prod.log"
|
||||
fi
|
||||
# Add fail2ban config
|
||||
ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5 # same as install config
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
@ -139,4 +150,4 @@ ynh_app_setting_set "$app" unprotected_uris "/"
|
|||
# RELOAD NGINX
|
||||
#=================================================
|
||||
systemctl restart php5-fpm
|
||||
systemctl reload nginx
|
||||
systemctl reload nginx
|
||||
|
|
Loading…
Add table
Reference in a new issue