Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #308 from WordOps/updating-configuration

Browse Source 
Several bug fixes
This commit is contained in:
VirtuBox
2020-08-20 13:50:14 +02:00
committed by GitHub
parent 21e7619822 f0cbc77602
commit dce6b111b0
7 changed files with 55 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
requirements.txt
View File

@@ -1,11 +1,11 @@
cement==2.10.12 cement==2.10.12
pystache>=0.5.4 pystache>=0.5.4
pynginxconfig>=0.3.4 pynginxconfig>=0.3.4
PyMySQL>=0.9.3 PyMySQL>=0.10.0
psutil>=5.6.7 psutil>=5.7.2
sh>=1.12.14 sh>=1.12.14
SQLAlchemy>=1.3.11 SQLAlchemy>=1.3.18
requests>=2.22.0 requests>=2.24.0
distro>=1.4.0 distro>=1.4.0
argcomplete>=1.10.3 argcomplete>=1.12.0
colorlog>=4.0.2 colorlog>=4.2.1

12
setup.py
View File

@@ -64,14 +64,14 @@ setup(name='wordops',
'cement == 2.10.12', 'cement == 2.10.12',
'pystache >= 0.5.4', 'pystache >= 0.5.4',
'pynginxconfig >= 0.3.4', 'pynginxconfig >= 0.3.4',
'PyMySQL >= 0.9.3', 'PyMySQL >= 0.10.0',
'psutil >= 5.6.7', 'psutil >= 5.7.2',
'sh >= 1.12.14', 'sh >= 1.12.14',
'SQLAlchemy >= 1.3.11', 'SQLAlchemy >= 1.3.18',
'requests >= 2.22.0', 'requests >= 2.24.0',
'distro >= 1.4.0', 'distro >= 1.4.0',
'argcomplete >= 1.10.3', 'argcomplete >= 1.12.0',
'colorlog >= 4.0.2', 'colorlog >= 4.2.1',
], ],
extras_require={ # Optional extras_require={ # Optional
'testing': ['nose', 'coverage'], 'testing': ['nose', 'coverage'],

25
tests/travis.sh
View File

@@ -15,11 +15,11 @@ export LANG='en_US.UTF-8'
export LC_ALL='C.UTF-8' export LC_ALL='C.UTF-8'
if [ -z "$1" ]; then if [ -z "$1" ]; then
{ {
apt-get -qq purge mysql* graphviz* redis* php73-* php-* apt-get -qq purge mysql* graphviz* redis* php73-* php-*
apt-get install -qq git python3-setuptools python3-dev python3-apt ccze tree apt-get install -qq git python3-setuptools python3-dev python3-apt ccze tree
sudo apt-get -qq autoremove --purge sudo apt-get -qq autoremove --purge
} > /dev/null 2>&1 } >/dev/null 2>&1
fi fi
exit_script() { exit_script() {
@@ -349,3 +349,18 @@ for stack in $stack_purge; do
fi fi
done done
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo stack fail2ban '
echo -e "${CGREEN}#############################################${CEND}"
if {
wo stack install --fail2ban
} >>/var/log/wo/test.log; then
echo -ne " purging $stack [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " purging $stack [${CRED}FAIL${CEND}]"
echo -ne '\n'
exit_script
fi

7
wo/cli/plugins/stack_pref.py
View File

@@ -1042,12 +1042,13 @@ def post_pref(self, apt_packages, packages, upgrade=False):
WOGit.add(self, ["/etc/fail2ban"], WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git") msg="Adding Fail2ban into Git")
Log.info(self, "Configuring Fail2Ban") Log.info(self, "Configuring Fail2Ban")
data = dict(release=WOVar.wo_version) nginxf2b = bool(os.path.exists('/var/log/nginx'))
data = dict(release=WOVar.wo_version, nginx=nginxf2b)
WOTemplate.deploy( WOTemplate.deploy(
self, self,
'/etc/fail2ban/jail.d/custom.conf', '/etc/fail2ban/jail.d/custom.conf',
'fail2ban.mustache', 'fail2ban.mustache',
data, overwrite=False) data, overwrite=True)
WOTemplate.deploy( WOTemplate.deploy(
self, self,
'/etc/fail2ban/filter.d/wo-wordpress.conf', '/etc/fail2ban/filter.d/wo-wordpress.conf',
@@ -1059,7 +1060,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
'fail2ban-forbidden.mustache', 'fail2ban-forbidden.mustache',
data, overwrite=False) data, overwrite=False)
if not WOService.reload_service(self, 'fail2ban'): if not WOShellExec.cmd_exec(self, 'fail2ban-client reload'):
WOGit.rollback( WOGit.rollback(
self, ['/etc/fail2ban'], msg="Rollback f2b config") self, ['/etc/fail2ban'], msg="Rollback f2b config")
WOService.restart_service(self, 'fail2ban') WOService.restart_service(self, 'fail2ban')

4
wo/cli/templates/fail2ban.mustache
View File

@@ -4,7 +4,7 @@ ignoreip = 127.0.0.1/8 ::1
[recidive] [recidive]
enabled = true enabled = true
[nginx-http-auth] {{#nginx}}[nginx-http-auth]
enabled = true enabled = true
logpath = /var/log/nginx/*error*.log logpath = /var/log/nginx/*error*.log
@@ -23,4 +23,4 @@ maxretry = 5
enabled = true enabled = true
filter = nginx-forbidden filter = nginx-forbidden
action = iptables-multiport[name="nginx-forbidden", port="http,https"] action = iptables-multiport[name="nginx-forbidden", port="http,https"]
logpath = /var/log/nginx/*error*.log logpath = /var/log/nginx/*error*.log{{/nginx}}

24
wo/cli/templates/proftpd-tls.mustache
View File

@@ -1,12 +1,20 @@
<IfModule mod_tls.c> <IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log TLSEngine on
TLSProtocol TLSv1.2 TLSRequired on
TLSCipherSuite AES256+EECDH:AES256+EDH TLSLog /var/log/proftpd/tls.log
TLSOptions NoCertRequest AllowClientRenegotiations NoSessionReuseRequired
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.crt # intermediate configuration from ssl-config.mozilla.org
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key TLSProtocol TLSv1.2 TLSv1.3
TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
TLSServerCipherPreference off
TLSessionTickets off
TLSOptions NoCertRequest AllowClientRenegotiations NoSessionReuseRequired
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.crt
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key
TLSVerifyClient off TLSVerifyClient off
TLSRequired on
RequireValidShell no RequireValidShell no
</IfModule> </IfModule>

2
wo/cli/templates/sshd.mustache
View File

@@ -28,7 +28,7 @@ ChallengeResponseAuthentication no
UsePAM yes UsePAM yes
X11Forwarding yes X11Forwarding yes
#PrintMotd no PrintMotd yes
# Allow client to pass locale environment variables # Allow client to pass locale environment variables
AcceptEnv LANG LC_* AcceptEnv LANG LC_*