Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure fail2ban for ubuntu & debian #29

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Configure fail2ban for ubuntu & debian #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3f421af
Configure fail2ban for ubuntu & debian
mrrobot47 Jul 13, 2020
2a89ff3
Add trailing line
mrrobot47 Jul 29, 2020
48fb55a
Update name
mrrobot47 Jul 29, 2020
450062b
Remove wrong comment
mrrobot47 Jul 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions addons/fail2ban/jail.local.snippet
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[easyengine-nginx-req-limit]
enabled = true
filter = easyengine-nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /opt/easyengine/sites/*/logs/nginx/error.log
findtime = 600
bantime = 86400
maxretry = 5
13 changes: 13 additions & 0 deletions addons/fail2ban/rtcamp-nginx-req-limit.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Fail2Ban configuration file
#
# supports: ngx_http_limit_req_module module

[Definition]

failregex = limiting requests, excess:.* by zone.*client: <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
25 changes: 25 additions & 0 deletions functions
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,3 +306,28 @@ function pull_easyengine_images() {
ee_log_info1 "Pulling EasyEngine docker images"
"$EE4_BINARY" cli info
}

function install_addons() {
install_fail2ban
}

function install_fail2ban() {

if ! command -v lsb_release >/dev/null 2>&1; then
return
fi
# Only configure fail2ban if Ubuntu/Debain distro is detected.
distro=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//)
if [[ 'Ubuntu' == "$distro" ]] || [[ 'Debian' == "$distro" ]]; then
# Check if fail2ban exists. If not install it.
if ! command -v fail2ban >/dev/null 2>&1; then
ee_log_info1 "Installing fail2ban"
apt install fail2ban -y
wget -O /etc/fail2ban/filter.d/rtcamp-nginx-req-limit.conf https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/rtcamp-nginx-req-limit.conf
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
wget -O - https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/jail.local.snippet >> /etc/fail2ban/jail.local
service fail2ban restart
ee_log_info1 "fail2ban configured"
fi
fi
}
2 changes: 2 additions & 0 deletions setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ function do_install() {
download_and_install_easyengine
ee_log_info1 "Pulling EasyEngine docker images"
pull_easyengine_images
ee_log_info1 "Installing addons"
install_addons
ee_log_info1 "Run \"ee help site\" for more information on how to create a site."
}

Expand Down