From 985a88aed5b7449823172dee054532245cf827da Mon Sep 17 00:00:00 2001
From: pp-r <64266134+pp-r@users.noreply.github.com>
Date: Fri, 8 May 2020 13:18:37 +0200
Subject: [PATCH] add fail2ban

---
 scripts/install | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index ef9306f..1c8aed9 100644
--- a/scripts/install
+++ b/scripts/install
@@ -328,11 +328,18 @@ chown -R $app: $final_path
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
-#ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
+ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
+
+# Create the log file is not already existing during install
+mkdir -p "/var/www/$app/var/logs/"
+touch "/var/www/$app/var/logs/prod.log"
+chown $app: "/var/www/$app/var/logs/prod.log"
 
 # Create a dedicated fail2ban config
 #ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 
+ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
+
 #=================================================
 # SETUP SSOWAT
 #=================================================