Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Fixed Fail2Ban for centos

Browse Source
This commit is contained in:
Bram Prieshof
2020-12-09 21:35:01 +01:00
parent d6cebfefb2
commit 9e9211c475
10 changed files with 38 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
AppendCMS.sh
View File

@@ -8,7 +8,7 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run
source /etc/ICTM/selopts.list source /etc/ICTM/selopts.list
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
source /etc/ICTM/phpvar.list source /etc/ICTM/phpvar.list
if [ ! -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi
rm /tmp/pkg.list > $OUTPUT 2>&1 rm /tmp/pkg.list > $OUTPUT 2>&1
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)

1
AppendModule.sh
View File

@@ -12,6 +12,7 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run
source /etc/ICTM/selopts.list source /etc/ICTM/selopts.list
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
source /etc/ICTM/phpvar.list source /etc/ICTM/phpvar.list
if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi
rm /tmp/pkg.list rm /tmp/pkg.list
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)

7
CMS/nextcloud/conf.sh
View File

@@ -54,13 +54,8 @@ sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename
chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}" chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}"
#Nextcloud logging location
mkdir /var/log/nextcloud
chmod 774 -R /var/log/nextcloud
ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
#fail2ban #fail2ban
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
systemctl reload "$phpFPMService" systemctl reload "$phpFPMService"

2
CMS/wordpress/conf.sh
View File

@@ -44,7 +44,7 @@ systemctl reload $phpFPMService
if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local
if [ "$shortdist" = "el8" ]; then if [ "$shortdist" = "el8" ]; then
sed -i '/logpath/c\logpath = /var/log/secure' /etc/fail2ban/jail.d/wordpress-syslog.local sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local
fi fi
fi fi

4
CoreModules/generic/conf.sh
View File

@@ -44,6 +44,10 @@ curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/
if [ "$shortdist" = "el8" ]; then if [ "$shortdist" = "el8" ]; then
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te
checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te
semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod
semodule -i /tmp/fail2ban-allowhttpd.pp
fi fi
#Start fail2ban service #Start fail2ban service

1
SubModules/php-fpm/conf.sh
View File

@@ -20,6 +20,7 @@ if [ "$shortdist" = "el8" ]; then
echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "d /run/php 0755 www-data www-data - -" > /usr/lib/tmpfiles.d/php-custom.conf
#Centos php Bin #Centos php Bin
sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php
#Centos SeLinux #Centos SeLinux

4
SubModules/postfix/conf.sh
View File

@@ -13,4 +13,6 @@ root: $email
EOF EOF
newaliases newaliases
systemctl reload postfix postfix@- systemctl start postfix
systemctl enable postfix
systemctl reload postfix

6
SubModules/postfix/preconf.sh
View File

@@ -7,5 +7,7 @@ if [ -z "${domain}" ]; then
fi fi
fi fi
debconf-set-selections <<< "postfix postfix/mailname string $domain" if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
fi

2
config/fail2ban/Jails/nextcloud_unconfigured
View File

@@ -6,4 +6,4 @@ filter = nextcloud
maxretry = 15 maxretry = 15
bantime = 900 bantime = 900
findtime = 900 findtime = 900
logpath = /var/log/nextcloud/SITEname logpath = /var/www/DOMain/html/data/nextcloud.log

21
config/selinux/policies/fail2ban-allowhttpd.te Normal file
View File

@@ -0,0 +1,21 @@
module fail2ban-allowhttpd 1.1;
require {
type httpd_sys_rw_content_t;
type fail2ban_t;
type syslogd_var_run_t;
type fail2ban_client_t;
class capability dac_override;
class dir { read getattr search ioctl };
class file { getattr read open search ioctl };
}
#============= fail2ban_client_t ==============
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
allow fail2ban_client_t self:capability dac_override;
#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl };
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl };
allow fail2ban_t syslogd_var_run_t:dir read;
allow fail2ban_t syslogd_var_run_t:file { read getattr open };