Merge pull request #308 from WordOps/updating-configuration
Several bug fixes
This commit is contained in:
VirtuBox
@@ -1,11 +1,11 @@
|
||||
cement==2.10.12
|
||||
pystache>=0.5.4
|
||||
pynginxconfig>=0.3.4
|
||||
PyMySQL>=0.9.3
|
||||
psutil>=5.6.7
|
||||
PyMySQL>=0.10.0
|
||||
psutil>=5.7.2
|
||||
sh>=1.12.14
|
||||
SQLAlchemy>=1.3.11
|
||||
requests>=2.22.0
|
||||
SQLAlchemy>=1.3.18
|
||||
requests>=2.24.0
|
||||
distro>=1.4.0
|
||||
argcomplete>=1.10.3
|
||||
colorlog>=4.0.2
|
||||
argcomplete>=1.12.0
|
||||
colorlog>=4.2.1
|
||||
12
setup.py
12
setup.py
@@ -64,14 +64,14 @@ setup(name='wordops',
|
||||
'cement == 2.10.12',
|
||||
'pystache >= 0.5.4',
|
||||
'pynginxconfig >= 0.3.4',
|
||||
'PyMySQL >= 0.9.3',
|
||||
'psutil >= 5.6.7',
|
||||
'PyMySQL >= 0.10.0',
|
||||
'psutil >= 5.7.2',
|
||||
'sh >= 1.12.14',
|
||||
'SQLAlchemy >= 1.3.11',
|
||||
'requests >= 2.22.0',
|
||||
'SQLAlchemy >= 1.3.18',
|
||||
'requests >= 2.24.0',
|
||||
'distro >= 1.4.0',
|
||||
'argcomplete >= 1.10.3',
|
||||
'colorlog >= 4.0.2',
|
||||
'argcomplete >= 1.12.0',
|
||||
'colorlog >= 4.2.1',
|
||||
],
|
||||
extras_require={ # Optional
|
||||
'testing': ['nose', 'coverage'],
|
||||
|
||||
@@ -15,11 +15,11 @@ export LANG='en_US.UTF-8'
|
||||
export LC_ALL='C.UTF-8'
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
{
|
||||
apt-get -qq purge mysql* graphviz* redis* php73-* php-*
|
||||
apt-get install -qq git python3-setuptools python3-dev python3-apt ccze tree
|
||||
sudo apt-get -qq autoremove --purge
|
||||
} > /dev/null 2>&1
|
||||
{
|
||||
apt-get -qq purge mysql* graphviz* redis* php73-* php-*
|
||||
apt-get install -qq git python3-setuptools python3-dev python3-apt ccze tree
|
||||
sudo apt-get -qq autoremove --purge
|
||||
} >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
exit_script() {
|
||||
@@ -349,3 +349,18 @@ for stack in $stack_purge; do
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
echo -e "${CGREEN}#############################################${CEND}"
|
||||
echo -e ' wo stack fail2ban '
|
||||
echo -e "${CGREEN}#############################################${CEND}"
|
||||
if {
|
||||
wo stack install --fail2ban
|
||||
} >>/var/log/wo/test.log; then
|
||||
echo -ne " purging $stack [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " purging $stack [${CRED}FAIL${CEND}]"
|
||||
echo -ne '\n'
|
||||
exit_script
|
||||
|
||||
fi
|
||||
|
||||
@@ -1042,12 +1042,13 @@ def post_pref(self, apt_packages, packages, upgrade=False):
|
||||
WOGit.add(self, ["/etc/fail2ban"],
|
||||
msg="Adding Fail2ban into Git")
|
||||
Log.info(self, "Configuring Fail2Ban")
|
||||
data = dict(release=WOVar.wo_version)
|
||||
nginxf2b = bool(os.path.exists('/var/log/nginx'))
|
||||
data = dict(release=WOVar.wo_version, nginx=nginxf2b)
|
||||
WOTemplate.deploy(
|
||||
self,
|
||||
'/etc/fail2ban/jail.d/custom.conf',
|
||||
'fail2ban.mustache',
|
||||
data, overwrite=False)
|
||||
data, overwrite=True)
|
||||
WOTemplate.deploy(
|
||||
self,
|
||||
'/etc/fail2ban/filter.d/wo-wordpress.conf',
|
||||
@@ -1059,7 +1060,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
|
||||
'fail2ban-forbidden.mustache',
|
||||
data, overwrite=False)
|
||||
|
||||
if not WOService.reload_service(self, 'fail2ban'):
|
||||
if not WOShellExec.cmd_exec(self, 'fail2ban-client reload'):
|
||||
WOGit.rollback(
|
||||
self, ['/etc/fail2ban'], msg="Rollback f2b config")
|
||||
WOService.restart_service(self, 'fail2ban')
|
||||
|
||||
@@ -4,7 +4,7 @@ ignoreip = 127.0.0.1/8 ::1
|
||||
[recidive]
|
||||
enabled = true
|
||||
|
||||
[nginx-http-auth]
|
||||
{{#nginx}}[nginx-http-auth]
|
||||
enabled = true
|
||||
logpath = /var/log/nginx/*error*.log
|
||||
|
||||
@@ -23,4 +23,4 @@ maxretry = 5
|
||||
enabled = true
|
||||
filter = nginx-forbidden
|
||||
action = iptables-multiport[name="nginx-forbidden", port="http,https"]
|
||||
logpath = /var/log/nginx/*error*.log
|
||||
logpath = /var/log/nginx/*error*.log{{/nginx}}
|
||||
@@ -1,12 +1,20 @@
|
||||
<IfModule mod_tls.c>
|
||||
TLSEngine on
|
||||
TLSLog /var/log/proftpd/tls.log
|
||||
TLSProtocol TLSv1.2
|
||||
TLSCipherSuite AES256+EECDH:AES256+EDH
|
||||
TLSOptions NoCertRequest AllowClientRenegotiations NoSessionReuseRequired
|
||||
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.crt
|
||||
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key
|
||||
|
||||
TLSEngine on
|
||||
TLSRequired on
|
||||
TLSLog /var/log/proftpd/tls.log
|
||||
|
||||
# intermediate configuration from ssl-config.mozilla.org
|
||||
TLSProtocol TLSv1.2 TLSv1.3
|
||||
TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
TLSServerCipherPreference off
|
||||
TLSessionTickets off
|
||||
TLSOptions NoCertRequest AllowClientRenegotiations NoSessionReuseRequired
|
||||
|
||||
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.crt
|
||||
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key
|
||||
|
||||
TLSVerifyClient off
|
||||
TLSRequired on
|
||||
RequireValidShell no
|
||||
|
||||
</IfModule>
|
||||
@@ -28,7 +28,7 @@ ChallengeResponseAuthentication no
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
|
||||
#PrintMotd no
|
||||
PrintMotd yes
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
Reference in New Issue
Block a user