|
|
|
@ -255,8 +255,85 @@ chown root: $final_path/wp-config.php |
|
|
|
#================================================= |
|
|
|
ynh_script_progression --message="Configuring fail2ban..." --weight=7 |
|
|
|
|
|
|
|
ynh_add_fail2ban_config_mod () { |
|
|
|
# Declare an array to define the options of this helper. |
|
|
|
local legacy_args=lrmptv |
|
|
|
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) |
|
|
|
local logpath |
|
|
|
local failregex |
|
|
|
local max_retry |
|
|
|
local ports |
|
|
|
local others_var |
|
|
|
local use_template |
|
|
|
# Manage arguments with getopts |
|
|
|
ynh_handle_getopts_args "$@" |
|
|
|
use_template="${use_template:-0}" |
|
|
|
max_retry=${max_retry:-3} |
|
|
|
ports=${ports:-http,https} |
|
|
|
|
|
|
|
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" |
|
|
|
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" |
|
|
|
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" |
|
|
|
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" |
|
|
|
|
|
|
|
if [ $use_template -eq 1 ] |
|
|
|
then |
|
|
|
# Usage 2, templates |
|
|
|
cp ../conf/f2b_jail.conf $finalfail2banjailconf |
|
|
|
cp ../conf/f2b_filter.conf $finalfail2banfilterconf |
|
|
|
|
|
|
|
if [ -n "${app:-}" ] |
|
|
|
then |
|
|
|
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf" |
|
|
|
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf" |
|
|
|
fi |
|
|
|
|
|
|
|
# Replace all other variable given as arguments |
|
|
|
for var_to_replace in ${others_var:-}; do |
|
|
|
# ${var_to_replace^^} make the content of the variable on upper-cases |
|
|
|
# ${!var_to_replace} get the content of the variable named $var_to_replace |
|
|
|
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf" |
|
|
|
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf" |
|
|
|
done |
|
|
|
|
|
|
|
else |
|
|
|
# Usage 1, no template. Build a config file from scratch. |
|
|
|
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." |
|
|
|
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." |
|
|
|
|
|
|
|
tee $finalfail2banjailconf <<EOF |
|
|
|
[$app] |
|
|
|
enabled = true |
|
|
|
port = $ports |
|
|
|
filter = $app |
|
|
|
logpath = $logpath |
|
|
|
maxretry = $max_retry |
|
|
|
EOF |
|
|
|
|
|
|
|
tee $finalfail2banfilterconf <<EOF |
|
|
|
[INCLUDES] |
|
|
|
before = common.conf |
|
|
|
[Definition] |
|
|
|
failregex = $failregex |
|
|
|
ignoreregex = |
|
|
|
EOF |
|
|
|
fi |
|
|
|
|
|
|
|
# Common to usage 1 and 2. |
|
|
|
ynh_store_file_checksum "$finalfail2banjailconf" |
|
|
|
ynh_store_file_checksum "$finalfail2banfilterconf" |
|
|
|
|
|
|
|
ynh_systemd_action --service_name=fail2ban --action=reload --line_match="ed Fail2Ban Service" --log_path=systemd |
|
|
|
|
|
|
|
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")" |
|
|
|
if [[ -n "$fail2ban_error" ]]; then |
|
|
|
ynh_print_err --message="Fail2ban failed to load the jail for $app" |
|
|
|
ynh_print_warn --message="${fail2ban_error#*WARNING}" |
|
|
|
fi |
|
|
|
} |
|
|
|
|
|
|
|
# Create a dedicated fail2ban config |
|
|
|
ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from <HOST>" --max_retry=5 |
|
|
|
ynh_add_fail2ban_config_mod --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from <HOST>" --max_retry=5 |
|
|
|
|
|
|
|
#================================================= |
|
|
|
# SETUP SSOWAT |
|
|
|
|
Maniack Crudelis