Fix Fail2ban

2019-07-18 14:32:41 +02:00
parent 595f80f132
commit 8906fa2c61
3 changed files with 17 additions and 6 deletions
--- a/wo/cli/plugins/stack.py
+++ b/wo/cli/plugins/stack.py
@@ -1093,6 +1093,17 @@ class WOStackController(CementBaseController):
                                    out=wo_fail2ban)
                    wo_fail2ban.close()

+                    Log.debug(self, "Setting up fail2ban wp filter")
+                    wo_fail2ban = open('/etc/fail2ban/filter.d/'
+                                       'nginx-forbidden.conf',
+                                       encoding='utf-8', mode='w')
+                    self.app.render((data), 'fail2ban-forbidden.mustache',
+                                    out=wo_fail2ban)
+                    wo_fail2ban.close()
+                WOGit.add(self, ["/etc/fail2ban"],
+                          msg="Adding Fail2ban into Git")
+                WOService.reload_service(self, 'fail2ban')
+
        if (packages):
            if any('/usr/local/bin/wp' == x[1] for x in packages):
                Log.debug(self, "Setting Privileges"
--- a/wo/cli/plugins/stack_services.py
+++ b/wo/cli/plugins/stack_services.py
@@ -70,7 +70,7 @@ class WOStackStatusController(CementBaseController):

        if self.app.pargs.fail2ban:
            if WOAptGet.is_installed(self, 'fail2ban'):
-                services = services + ['fail2ban-client']
+                services = services + ['fail2ban']
            else:
                Log.info(self, "fail2ban is not installed")

@@ -134,7 +134,7 @@ class WOStackStatusController(CementBaseController):

        if self.app.pargs.fail2ban:
            if WOAptGet.is_installed(self, 'fail2ban'):
-                services = services + ['fail2ban-client']
+                services = services + ['fail2ban']
            else:
                Log.info(self, "fail2ban is not installed")

@@ -201,7 +201,7 @@ class WOStackStatusController(CementBaseController):

        if self.app.pargs.fail2ban:
            if WOAptGet.is_installed(self, 'fail2ban'):
-                services = services + ['fail2ban-client']
+                services = services + ['fail2ban']
            else:
                Log.info(self, "fail2ban is not installed")

@@ -266,7 +266,7 @@ class WOStackStatusController(CementBaseController):

        if self.app.pargs.fail2ban:
            if WOAptGet.is_installed(self, 'fail2ban'):
-                services = services + ['fail2ban-client']
+                services = services + ['fail2ban']
            else:
                Log.info(self, "fail2ban is not installed")

@@ -332,7 +332,7 @@ class WOStackStatusController(CementBaseController):

        if self.app.pargs.fail2ban:
            if WOAptGet.is_installed(self, 'fail2ban'):
-                services = services + ['fail2ban-client']
+                services = services + ['fail2ban']
            else:
                Log.info(self, "fail2ban is not installed")

--- a/wo/cli/templates/fail2ban.mustache
+++ b/wo/cli/templates/fail2ban.mustache
@@ -17,7 +17,7 @@ maxretry = 5
 [nginx-forbidden]
 enabled = true
 filter = nginx-forbidden
-port = http,https
+action = iptables-multiport[name="wo-wordpress", port="http,https"]
 logpath = /var/log/nginx/*error*.log
 findtime = 60
 bantime = 6000