Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add security stack

Browse Source
This commit is contained in:
VirtuBox
2019-07-19 15:21:17 +02:00
parent 120bf4eff1
commit 91212b7e82
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -18,7 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Support for Debian 10 buster (testing - not ready for production)
- Fail2ban with custom jails to secure WordPress & SSH
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
- ProFTPd stack
- ProFTPd stack with UFW & Fail2ban configuration
- Beta branch and command `wo update --beta` for beta releases
#### Fixed
@@ -36,14 +36,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
#### Changed
- phpRedisAdmin is now installed with the stack "--admin"
- phpRedisAdmin is now installed with the stack `--admin`
- Remove memcached - not required anymore
#### Fixed
- phpRedisAdmin installation
- Duplicated locations /robots.txt after upgrade to v3.9.5.3
- Let's Encrypt stack "wo site update --letsencrypt/--letsencrypt=off"
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
- pt-query-advisor dead link
- Netdata persistant configuration
@@ -92,7 +92,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Install script handle migration from EEv3
- load-balancing on unix socket for php-fpm
- stub_status vhost for metrics
- "--letsencrypt=subdomain" option
- `--letsencrypt=subdomain` option
- opcache optimization for php-fpm
- EasyEngine configuration backup before migration
- EasyEngine configuration cleanup after migration

27
wo/cli/plugins/stack.py
View File

@@ -50,6 +50,8 @@ class WOStackController(CementBaseController):
dict(help='Install web stack', action='store_true')),
(['--admin'],
dict(help='Install admin tools stack', action='store_true')),
(['--security'],
dict(help='Install security tools stack', action='store_true')),
(['--nginx'],
dict(help='Install Nginx stack', action='store_true')),
(['--php'],
@@ -1105,6 +1107,7 @@ class WOStackController(CementBaseController):
msg="Adding Fail2ban into Git")
WOService.reload_service(self, 'fail2ban')
# Proftpd configuration
if set(["proftpd-basic"]).issubset(set(apt_packages)):
if os.path.isfile("/etc/proftpd/proftpd.conf"):
Log.debug(self, "Setting up Proftpd configuration")
@@ -1124,13 +1127,19 @@ class WOStackController(CementBaseController):
"PassivePorts "
" "
" 49000 50000")
# add rule for proftpd with UFW
if WOAptGet.is_installed(self, 'ufw'):
try:
WOShellExec.cmd_exec(self, "ufw allow "
"49000:50000/tcp")
except CommandExecutionError as e:
Log.error(self, "Unable to add UFW rules")
Log.error(self, "Unable to add UFW rule")
if os.path.isfile("/etc/fail2ban/jail.d/custom.conf"):
with open("/etc/fail2ban/jail.d/custom.conf",
encoding='utf-8', mode='a') as f2bproftpd:
f2bproftpd.write("\n\n[proftpd]\nenabled = true\n")
WOService.reload_service(self, 'fail2ban')
WOGit.add(self, ["/etc/proftpd"],
msg="Adding ProFTPd into Git")
@@ -1453,12 +1462,14 @@ class WOStackController(CementBaseController):
(not self.app.pargs.netdata) and
(not self.app.pargs.dashboard) and
(not self.app.pargs.fail2ban) and
(not self.app.pargs.security) and
(not self.app.pargs.adminer) and (not self.app.pargs.utils) and
(not self.app.pargs.redis) and (not self.app.pargs.proftpd) and
(not self.app.pargs.phpredisadmin) and
(not self.app.pargs.php73)):
self.app.pargs.web = True
self.app.pargs.admin = True
self.app.pargs.security = True
if self.app.pargs.all:
self.app.pargs.web = True
@@ -1484,6 +1495,8 @@ class WOStackController(CementBaseController):
self.app.pargs.netdata = True
self.app.pargs.dashboard = True
self.app.pargs.phpredisadmin = True
if self.app.pargs.security:
self.app.pargs.fail2ban = True
# Redis
@@ -1785,10 +1798,12 @@ class WOStackController(CementBaseController):
(not self.app.pargs.adminer) and (not self.app.pargs.utils) and
(not self.app.pargs.composer) and (not self.app.pargs.netdata) and
(not self.app.pargs.fail2ban) and (not self.app.pargs.proftpd) and
(not self.app.pargs.security) and
(not self.app.pargs.all) and (not self.app.pargs.redis) and
(not self.app.pargs.phpredisadmin)):
self.app.pargs.web = True
self.app.pargs.admin = True
self.app.pargs.security = True
if self.app.pargs.all:
self.app.pargs.web = True
@@ -1809,6 +1824,8 @@ class WOStackController(CementBaseController):
self.app.pargs.netdata = True
self.app.pargs.dashboard = True
self.app.pargs.phpredisadmin = True
if self.app.pargs.security:
self.app.pargs.fail2ban = True
# NGINX
@@ -1974,11 +1991,13 @@ class WOStackController(CementBaseController):
(not self.app.pargs.wpcli) and (not self.app.pargs.phpmyadmin) and
(not self.app.pargs.adminer) and (not self.app.pargs.utils) and
(not self.app.pargs.composer) and (not self.app.pargs.netdata) and
(not self.app.pargs.fail2ban) and (not self.app.pargs.proftpd)
(not self.app.pargs.fail2ban) and (not self.app.pargs.proftpd) and
(not self.app.pargs.security) and
(not self.app.pargs.all) and (not self.app.pargs.redis) and
(not self.app.pargs.phpredisadmin)):
self.app.pargs.web = True
self.app.pargs.admin = True
self.app.pargs.security = True
if self.app.pargs.all:
self.app.pargs.web = True
@@ -2000,6 +2019,8 @@ class WOStackController(CementBaseController):
self.app.pargs.dashboard = True
self.app.pargs.phpredisadmin = True
if self.app.pargs.security:
self.app.pargs.fail2ban = True
# NGINX
if self.app.pargs.nginx:
if WOAptGet.is_installed(self, 'nginx-custom'):