diff options
| author | nachoparker <nacho@ownyourbits.com> | 2017-09-12 19:49:32 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2017-09-12 19:49:54 +0300 |
| commit | 020cfdcef9ce0cf588b5e54e3b123e2c69609e11 (patch) | |
| tree | 338eead3940f3fd1d0d2110a9ff68b63d8f35e07 | |
| parent | c982debf7981230c5b481dcc2af86815c654c99b (diff) | |
fail2ban: autodetect log pathv0.26.31
| -rw-r--r-- | etc/nextcloudpi-config.d/fail2ban.sh | 23 | ||||
| -rwxr-xr-x | update.sh | 4 |
2 files changed, 17 insertions, 10 deletions
diff --git a/etc/nextcloudpi-config.d/fail2ban.sh b/etc/nextcloudpi-config.d/fail2ban.sh index fa4c1fe9..0ebdf90c 100644 --- a/etc/nextcloudpi-config.d/fail2ban.sh +++ b/etc/nextcloudpi-config.d/fail2ban.sh @@ -15,9 +15,6 @@ ACTIVE_=no -# location of Nextcloud logs -NCLOG_=/var/www/nextcloud/data/nextcloud.log - # time to ban an IP that exceeded attempts BANTIME_=600 @@ -39,18 +36,27 @@ install() configure() { - [[ $ACTIVE_ != "yes" ]] && { service fail2ban stop; update-rc.d fail2ban disable; return; } + [[ $ACTIVE_ != "yes" ]] && { + service fail2ban stop + update-rc.d fail2ban disable + echo "fail2ban disabled" + return + } + + local NCLOG="/var/www/nextcloud/data/nextcloud.log" + local NCLOG1="$( sudo -u www-data /var/www/nextcloud/occ config:system:get logfile )" + + [[ "$NCLOG1" != "" ]] && NCLOG="$NCLOG1" - local BASEDIR=$( dirname "$NCLOG_" ) + local BASEDIR=$( dirname "$NCLOG" ) [ -d "$BASEDIR" ] || { echo -e "directory $BASEDIR not found"; return 1; } - sudo -u www-data touch "$NCLOG_" || { echo -e "ERROR: user www-data does not have write permissions on $NCLOG_"; return 1; } + sudo -u www-data touch "$NCLOG" || { echo -e "ERROR: user www-data does not have write permissions on $NCLOG"; return 1; } chown -R www-data "$BASEDIR" cd /var/www/nextcloud sudo -u www-data php occ config:system:set loglevel --value=2 sudo -u www-data php occ config:system:set log_type --value=file - sudo -u www-data php occ config:system:set logfile --value="$NCLOG_" cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF' [INCLUDES] @@ -112,12 +118,13 @@ maxretry = $MAXRETRY_ enabled = true port = http,https filter = nextcloud -logpath = $NCLOG_ +logpath = $NCLOG maxretry = $MAXRETRY_ EOF update-rc.d fail2ban defaults update-rc.d fail2ban enable service fail2ban restart + echo "fail2ban enabled" } cleanup() @@ -14,11 +14,11 @@ source /usr/local/etc/library.sh # fix automount, reinstall if its old version AMFILE=/usr/local/etc/nextcloudpi-config.d/nc-automount.sh -grep -q inotify-tools $AMFILE || rm $AMFILE +test -e $AMFILE && { grep -q inotify-tools $AMFILE || rm $AMFILE; } # fix modsecurity, reinstall if its old verion MSFILE=/usr/local/etc/nextcloudpi-config.d/modsecurity.sh -grep -q "NextCloudPi:" $MSFILE || rm $MSFILE +test -e $MSFILE && { grep -q "NextCloudPi:" $MSFILE || rm $MSFILE; } # copy all files in bin and etc for file in bin/* etc/*; do |