From 0eda746af5c6c8597dea8a4de54c513972401355 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 10 Jun 2024 13:36:00 +0200 Subject: [PATCH] helpers2.1: simplify ynh_add_fail2ban_config: remove unecessary/unused max_retry and ports options, remove --use_template: just generate the conf on-the-fly if --failregex/--logpath are provided, or use the f2b_stuff templates otherwise --- helpers/helpers.v2.1.d/fail2ban | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/helpers/helpers.v2.1.d/fail2ban b/helpers/helpers.v2.1.d/fail2ban index 8e7e34b7a..be9f2da95 100644 --- a/helpers/helpers.v2.1.d/fail2ban +++ b/helpers/helpers.v2.1.d/fail2ban @@ -2,13 +2,11 @@ # Create a dedicated fail2ban config (jail and filter conf files) # -# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] +# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter # | arg: -l, --logpath= - Log file to be checked by fail2ban # | arg: -r, --failregex= - Failregex to be looked for by fail2ban -# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 -# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https # -# usage 2: ynh_add_fail2ban_config --use_template +# usage 2: ynh_add_fail2ban_config # | arg: -t, --use_template - Use this helper in template mode # # This will use a template in `../conf/f2b_jail.conf` and `../conf/f2b_filter.conf` @@ -23,7 +21,7 @@ # port = http,https # filter = __APP__ # logpath = /var/log/__APP__/logfile.log -# maxretry = 3 +# maxretry = 5 # ``` # ``` # f2b_filter.conf: @@ -59,30 +57,23 @@ # Requires YunoHost version 4.1.0 or higher. ynh_add_fail2ban_config() { # ============ Argument parsing ============= - local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template) + local -A args_array=([l]=logpath= [r]=failregex=) local logpath local failregex - local max_retry - local ports - local use_template ynh_handle_getopts_args "$@" - max_retry=${max_retry:-3} - ports=${ports:-http,https} - use_template="${use_template:-0}" # =========================================== - if [ "$use_template" -ne 1 ]; then - # Usage 1, no template. Build a config file from scratch. + # If failregex is provided, Build a config file on-the-fly using $logpath and $failregex + if [[ -n "${failregex:-}" ]]; then test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." - test -n "$failregex" || ynh_die --message="ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." echo " [__APP__] enabled = true -port = __PORTS__ +port = http,https filter = __APP__ logpath = __LOGPATH__ -maxretry = __MAX_RETRY__ +maxretry = 5 " >"$YNH_APP_BASEDIR/conf/f2b_jail.conf" echo "