From 7c6e86a4ca2087e51d7d64a4b2c3732121ff4155 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 7 Apr 2019 12:57:35 +0200 Subject: [PATCH] add hsts --- README.md | 6 +- install | 14 +-- logo.png | Bin 0 -> 5978 bytes wo/cli/plugins/site.py | 145 ++++++++++++++++++++++---- wo/cli/plugins/site_functions.py | 97 +++++++++++------ wo/cli/templates/fail2ban-wp.mustache | 3 + wo/cli/templates/fail2ban.mustache | 24 +++++ wo/core/variables.py | 2 + 8 files changed, 228 insertions(+), 63 deletions(-) create mode 100644 logo.png create mode 100644 wo/cli/templates/fail2ban-wp.mustache create mode 100644 wo/cli/templates/fail2ban.mustache diff --git a/README.md b/README.md index 1b8cbe4..8b059ec 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -

- WordOps +

Wordops +
-

+

An essential toolset that eases WordPress site and server administration

diff --git a/install b/install index 05113d3..732770b 100644 --- a/install +++ b/install @@ -7,10 +7,10 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-04-03 +# Version 3.9.5 - 2019-04-05 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.3" +readonly wo_version_new="3.9.4.4" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -81,7 +81,11 @@ fi ### # 1 - Define variables for later use ### -wo_branch="$1" +if [ -n "$1" ]; then + wo_branch="$1" +else + wo_branch="master" +fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_install_log=/var/log/wo/install.log @@ -381,10 +385,6 @@ wo_install() { rm -rf /tmp/easyengine rm -rf /tmp/wordops - [ -z "$wo_branch" ] && { - wo_branch=master - } - git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet cd /tmp/wordops || exit 1 diff --git a/logo.png b/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..2fe842ef518e40c76cfd4c2fb0c174e5e15a37ee GIT binary patch literal 5978 zcmX|FbyQSQ_oV~@5$TYSlx~KQkdzv_5y=68Ap``ayQD*629QQ1ha6H$at3LJ6osKd zy5To|-}-&$kA3$!XRq_#TKB%U*4?qX+OJ56=!vkfut?O^l=ZQ&a3B~S@(>q;UOoEH zF$SE-sECm=F^a z6A}^<6&1x)FdT#b4Giby<;9?|u<-xa{s}OFNiq8W63m4EcK=8ISH}W=#WJkKGW<%V z8HHt3aesf0(O~J9V*yKX&1z$6XKRMmyb6Bib}XM?-B8-rq4&>N!HrV>9o8Ac{c}6h ze-3qG`?95mnJ}-*<*l!6fJIe;J@^aHmXKRM`f5(ypM>mb&SovEM2e8X&m;G?{eti2 z&gaY6zNJV)9AH#iUCIT%Ry=cdabs`{B;fe+i&?-FOjp zHgeYHI`7kXk?I5TUv4^xEsdOPa^Lz{Wzn4Q1fRdN78Nqsbg(&IWzr0sq_&y|-!DWp ztyqne0(%zDWG!3YZ#M;6WV+?Hx_$;O@In3qO=bXo2nJm15ilnRXc7iDaj9(DYj8j{ zfXy+j&%hA}GQg~kub@P;3y~S5S+#Zl61|RoZ-)`=_oA;ra2IoF_vYE9ErG?wgP_BA zb|@Jx$g)r(zT3{9B!RKT!+@!GcZ>iD%^9YtzB=Okbed{-K3^ZY-z~=2PR9$B`sU;E z`0d;DH}tn`V866M*Xjs>Y{J4lK13$Rd1Q#9xxGaAW(M$J4tnByyK6i}(?qZpb3^MC zRPWQ;2BW*706#9;CUQY2{JO;jFFU?8Cm(+;aR19hAVXgL;}7Izb=oz>Y2%ds40kfFNun+ZYVlD#sn0=8+4qdGb+%?$mA@Bm^ddC}gUiD;={CN3iFl?Hv zk4_m7ElQGou(vTNWoP<>R5V1!)(48t0tLC6SiK=2(wD zH%Xsi@J-A?aAY95rg$ZCh}B66JI(ne+Z-2lFT_9prm~Fk(8>2=Xa|HPNIFG-}ZB>x6 z3A2BVsPmlyCwk&F(c3&&E}uylFbfX;xXQo}VO2k(-7vC07M%W0Z9~CVI83i7+2zUt zntDGzE#c^us!&h={=o^<#%>s5xFTf?$d9cyPlv=rE^Qj(>~X8p<*U!Amh-X3;8_}P z``4RojDu~Q3g@9aSxz36V7HiR^RUvzo;xyuYl8^jVEQ+_vaVwb`4bKDuy4mmvU=3* z(8nD$GC?ChhMrS9LN!r$7Ct(CU>?pM6LC?w1#^BFeF35&&FX}$`0fcgr(n#o}joOtUkW>0ExGeWvsS^ za%D9X(66AXnQptHc`>=LD@jI3WpyO2pV!fpyf%P4%!|$Ocu3}0+mV7?*;J0hsMuYV zW$HE2UqE;fXcBj*Juc>uVdVa|9V@+ zW=$c|iO(dhhC4jnuLpy(v}|{27XF$V0g6DREeKYDqqo?^uxRvY^0k7sm15eg;AUYq|BQ@BkUMh40rKHN=;TzY)cAtX8H9mI}I~=w?e)B@F z^T*ucrszTcEG)Dx?b~41xyKgmU?4#GO2A!ncS zW57wqtH?!Bi+Wb1)b9SYTG3U0>P9QWx2;OchT5xkC-=2IMClt3Icu;S&BH6iwUKk+ zvw@TGtz;6C3{Q&O>B@M>he$V-0S6whw(!N3IPyaOxD4~C#8hAm+>&kR(Knoalk-c9 z_kM$3r-85WrEE0Kd}fOKsF#HT>ST6k92g2p*H%{?Ofn3Y zq#0H`GX9l3$3Vz7{X{=8?$j}X-U}ZG!h>7x{6ryEpm*a-F4r@N4XkbEXVs&v=`(u+ ztLsi>h%lNHjL*}ZO+CKX{-F{U|4ibKZD4@Z`4o(85ZP<(q!N^B0Z4WI015>@k&H4E z@(?VXI?H}z5+HJM^R}&wx9y$`nvO(^XCoTT5N&jjzX;8#uCz}<6E2`Q^7x8?Wwn)o zZw_ltsPqJP>oD{S=+{V^xd?NrNxrNkfz@N|Ge6CGo@(CP!p0>B8NydtBk<>-WsVZH zqzEa_t2D)2sIo^`MEf8}lO53Xr-D4(Ozc`#e$$wz*F$b3OF;_C4GC(3!46uhEvP1{ zu#+5u8M>A>ZnYQjAC4Etg-m^^lF{3w!`@Dx&#G$O9z)x7=x^cQIiW>!)Z@cf)_RXT zF78AQf>CxWi)GN;Ei`M!PeCBjVPoATr z!*s-2ajt++8}vb=*q%hi5am%c$MCM}Pjw0%gtGyXGobXxH)R$LN*RrLyN)Gy9Z~m# z2e|8HL!~%Zmwaxn4VJXOea;=d3Wi8Jeu0;tjsPhDEbbF8Evdd_;cy);bXLd-xbff| zt-iFB%Y&gjQcomWuVgNqdHOmVxgh4F^@I^sS{$!kqhejH(h@y-Dt_4@IBsP&sZ$kgYRIgyf}y=xE^jH*VZP$|WB67ic^Pv1U}DQ|l=nH*97| zaSDnxFLzAHb-rV4!1a4xU14c0%GYW0xOMjN7$-Vt$23&kR7gzJ!K+{@c9sX=J}8g* z{qx0Pdkvs)gp#tVQ| zebv1hSadyz(HqxNvn1W#}*Q zOt}s}+hPLhC~97y#{%cWb~MmK^^xPDq?qoXsf-ZE{R-fWQly)_&`5!(f^pp8p_x|) zy2xi9d^rqF!wOXT(uC%dBlTYwi$a#v>tgamp&tQHIcl@-KLmuK*5oR7H+E=(n3Mps zF8zwX5^@j;th3&Y=Vo|=;3Bbo^*swD(aVji7Bgda6Wk~RTBStbDZ|4>b$Azr0h9}Z z_95y7LJ<+{s^^i~hsr^KL$HgY75^Pu#Z z;$vkEjUVly{N%1|@gH2&ptvs$e&>A1X#M<{chs6}h-J=j;LhVL2F6AU;7c2tJ zf7qUt%S3PpQ~n;7+IMQ>$dTp0c#PZyjl^+u3=*H<=^P3PfAf!fNCxGTpX8RjjJsJb z+eRe6WeR|E2VdJO9fW{?cmJ$PM7Z?s!4Y}Xts%!NaG345s;BWItvux?_-ojtDSm|3 z>S^Se(caI!HG|Xu@27{sIC$A2e&+;1*B;_Ef1q^ zlw`hr_m*zS7Bq~+J{eCAC*i;O7-Lr>pNn;T_xC=CthxLz`A0w+E|Pd_t}h-=fu=5i z?zzguzG}G1u;_h$*ac9lcCsXb*g~tgLJ1?2+4S&ONIaM5WR#KK-&Aur74c5vpx2V zS_<97ta6YPr2MexoY}m~42tj-o_C2`08Zt4qFxU^?*+LCRfF(7mAtopfEBYg9ZTSb z99M8jF#IN$wUFEHEb}u^DB@=$w)a}^QR$nHEJQ}A}%c{Hti{H;>}#K!19JUpM=Uv z+FbfDw~WXq71?LFmnS`7>U`bkS2U&78g|Eaz18i9yEIbX#CEEF+uPqLCC#|WFS(5W z5G0D`64Mo%Wq!(04p}pNvEH+>--szqel+0QpMr*bk#)oN;I41Pb!25sF@$4)^C_% zJABN*)u557wI6?z)OM#==OQ|t%6-jWkRhB48Faha7yVy~-p*6l)6d@~KS~mwIfyot zJQrvaV+BX)M=iCJeN+*8qp7d^X<{w{m3MwXz2;B|zhJc2b@F^go3_Dc6gu>{nVNn$Bbd!DD3#`ip(rN&q~SLU(;vn!5p4Ts?dv&-*`B@_8oDCz%alx|DYoA z+E*|vA?=0OIX7$w+By{V&ARsRcKLli=L@$Ks5xjMl-7ZY+P*tBf3B2YQXm6(R~#BO zLu&alO0-DUsH6H5{?7?(9>@h+D(2cSH_fK@508Zr-{nm}FGnH1fxhm-mXC(*abo+8 zt%880KqSI@a8cV?kxB}lo@qw1>-v_9P0#*kBUt)1`F!pT)p`KSRjWl)iFRd6wqL5Ov0?k7k6W;wz_}@Y3x5_@ns4v6ROTXti6@fgW_=xk z!`yWFm5H`X-u{}1L}(9zd&oL9o<`Q_jL{>h5%f}b8a4nafD!Yfg?l7>b?6rX%;%6> z7R2g)rY8acpXVlj*QX!N5XQ=@6b55!T;I)jC+7=GHZnLUs$D)Xm9R zZq0e~Y`hM&ulzaK7=yCr^Zbnh59^#)&_GwQPi=f+ps9$btwjPn5})d%hNha|7AIxO z3cpp%IWn^x=6mk@Is+U-GPkCi?B+f#W$A<(bu|sC4)}ZF#aY%Jn};wGOt%XZI#wz7ccR z9AYZqwDg2j9px6Hr^l)e>4?S*`{n;yPs=2cMI(@Dj141p1{{(Hu^TnculLmml-inW<`E^<_xVc)?H_%HZh_`cC`B}+9_$buBzH=pg z6weoYvE;n2x;mg2v?SztD!!-+c5t6^-gToKCCCiHVrTzrQu%44#$-u>QYFF5L{hMx zS^BD2c!bo@pXM~F{yuC|%aWa;_84b?rbuJs7SK2>W zP$>^#DPSV2olei3H&9Ahf1nD^`{0H6*qf3WWK=O$BWj_yFea^lB>`hjC{~Ak#a`Xt z072;n=b16v#w9@v8_HG;`_6PLB=u>A_&Ucfqz+`}fEf`>9`^2Ok7S8U`DGw^cFweY zJP_eEgai^j4lT_=i02~OY(49rLBItpB}`GoxoZ9Myp4M zFO5b~G-B#|Qv~$VmU}@}*+!wQ8~V>r2ZNhvAQF9P6I7gMXV1W}Me)d{pDl_7jOxHw z2JpZ*DaiB277jQ<3@ErSr*ND4BPq?NPIdm#(rXdN6(LU3+Dg}pKQat zfPgwkc&)me1*L>n=r2;_UQ=58b~+f+0TpH0nuvKvp{D+c#>SWtV}n z?bZO5e9f!(>>DC~EE#o%m%nM+k@Ra?5e*>KW0C>zfITg||OLX_W{6b6KwRKnb=HZ*uO>d~kpF8haJq?v@q56^yG?3)a!C 0): @@ -1194,6 +1220,12 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1217,6 +1249,16 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") + .format(wo_site_webroot)): + setupHsts(self, wo_domain) + else: + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf.disabled" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf' + .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1243,6 +1285,14 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1269,7 +1319,8 @@ class WOSiteUpdateController(CementBaseController): "check issues with `nginx -t` command") updateSiteInfo(self, wo_domain, stype=stype, cache=cache, - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) @@ -1327,44 +1378,94 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_fastcgi",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and - (data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): + (data['wpredis'])) or (oldsitetype == 'wp' and + data['multisite'] and data['wpredis'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 else: try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":0,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":0,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1",' + '"redis_port":"6379","redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpsc' and not data['wpsc']: @@ -1374,7 +1475,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpredis' and not data['wpredis']: @@ -1384,7 +1486,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype != 'wpsc' and data['wpsc']: @@ -1401,10 +1504,12 @@ class WOSiteUpdateController(CementBaseController): try: if installwp_plugin(self, 'redis-cache', data): # search for wp-config.php - if WOFileUtils.isexist(self, "{0}/wp-config.php".format(wo_site_webroot)): + if WOFileUtils.isexist(self, "{0}/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/wp-config.php'.format( wo_site_webroot) - elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php".format(wo_site_webroot)): + elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/htdocs/wp-config.php'.format( wo_site_webroot) else: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index fb779aa..8b49670 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -96,8 +96,8 @@ def setupdomain(self, data): Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]") except CalledProcessError as e: Log.debug(self, "{0}".format(str(e))) - Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" - + Log.OKBLUE + "]") + Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + + Log.OKBLUE + "]") raise SiteError("created nginx configuration failed for site." " check with `nginx -t`") @@ -312,8 +312,8 @@ def setupwordpress(self, data): "--dbuser=\'{2}\' --dbhost=\'{3}\' " .format(data['wo_db_name'], wo_wp_prefix, data['wo_db_user'], data['wo_db_host'] - ) - + "--dbpass=\'{0}\' " + ) + + "--dbpass=\'{0}\' " "--extra-php<.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 +ignoreregex = diff --git a/wo/cli/templates/fail2ban.mustache b/wo/cli/templates/fail2ban.mustache new file mode 100644 index 0000000..10937f6 --- /dev/null +++ b/wo/cli/templates/fail2ban.mustache @@ -0,0 +1,24 @@ +[recidive] +enabled = true + +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true + +[wo-wordpress] +enabled = true +filter = wo-wordpress +action = iptables-multiport[name="wo-wordpress", port="http,https"] +logpath = /var/log/nginx/*access.log +maxretry = 5 + +[nginx-forbidden] +enabled = true +filter = nginx-forbidden +port = http,https +logpath = /var/log/nginx/*error*.log +findtime = 60 +bantime = 6000 +maxretry = 3 \ No newline at end of file diff --git a/wo/core/variables.py b/wo/core/variables.py index ab2eb2b..2aa6237 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -152,6 +152,8 @@ class WOVariables(): wo_mysql = ["mariadb-server", "percona-toolkit"] + wo_fail2ban = "fail2ban" + # Redis repo details if wo_platform_distro == 'ubuntu': wo_redis_repo = ("ppa:chris-lea/redis-server")