Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix the fail2ban helper when using using --use_template arg #1743

Merged
merged 7 commits into from
Nov 27, 2023
Merged

fix the fail2ban helper when using using --use_template arg #1743

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ba5319f
fix the helper when using using --use_template arg
OniriCorpe Nov 26, 2023
8eed421
fix app name replacment 😞
OniriCorpe Nov 26, 2023
5f7a207
replace any '__VAR__' by their real variable using ynh_replace_vars
OniriCorpe Nov 26, 2023
5194180
fix some SC2086
OniriCorpe Nov 26, 2023
38415db
extract logpath from /etc/fail2ban/jail.d/$app.conf
OniriCorpe Nov 26, 2023
27c933e
fix comment
OniriCorpe Nov 26, 2023
15798b4
Update helpers/fail2ban
alexAubin Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions helpers/fail2ban
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ ynh_add_fail2ban_config() {
ports=${ports:-http,https}
use_template="${use_template:-0}"

if [ $use_template -ne 1 ]; then
if [ "$use_template" -ne 1 ]; then
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die --message="ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
Expand All @@ -86,28 +86,36 @@ port = __PORTS__
filter = __APP__
logpath = __LOGPATH__
maxretry = __MAX_RETRY__
" >$YNH_APP_BASEDIR/conf/f2b_jail.conf
" >"$YNH_APP_BASEDIR/conf/f2b_jail.conf"

echo "
[INCLUDES]
before = common.conf
[Definition]
failregex = __FAILREGEX__
ignoreregex =
" >$YNH_APP_BASEDIR/conf/f2b_filter.conf
" >"$YNH_APP_BASEDIR/conf/f2b_filter.conf"
fi

ynh_add_config --template="f2b_jail.conf" --destination="/etc/fail2ban/jail.d/$app.conf"
ynh_add_config --template="f2b_filter.conf" --destination="/etc/fail2ban/filter.d/$app.conf"

# if "$logpath" doesn't exist (as if using --use_template argument), assign
# "$logpath" using the one in the previously generated fail2ban conf file
if [ -z "${logpath:-}" ]; then
# the first sed deletes possibles spaces and the second one extract the path
logpath=$(grep logpath "/etc/fail2ban/jail.d/$app.conf" | sed "s/ //g" | sed "s/logpath=//g")
fi

# Create the folder and logfile if they doesn't exist,
# as fail2ban require an existing logfile before configuration
mkdir -p "/var/log/$app"
if [ ! -f "$logpath" ]; then
touch "$logpath"
chown -R "$app:$app" "/var/log/$app"
chmod -R u=rwX,g=rX,o= "/var/log/$app"
fi
# Make sure log folder's permissions are correct
chown -R "$app:$app" "/var/log/$app"
chmod -R u=rwX,g=rX,o= "/var/log/$app"

ynh_systemd_action --service_name=fail2ban --action=reload --line_match="(Started|Reloaded) Fail2Ban Service" --log_path=systemd

Expand Down