mirror of
https://github.com/frappe/bench.git
synced 2024-11-11 15:51:03 +00:00
Merge pull request #506 from saurabh6790/setup_fail2ban
[fix] provision to setup maxretry, bantime and findtime explicitly for fail2ban
This commit is contained in:
commit
4e896b5b9e
@ -48,7 +48,7 @@ def check_uid():
|
||||
|
||||
def cmd_requires_root():
|
||||
if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts',
|
||||
'print', 'firewall', 'ssh-port', 'role'):
|
||||
'print', 'firewall', 'ssh-port', 'role', 'fail2ban'):
|
||||
return True
|
||||
if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production',
|
||||
'install'):
|
||||
|
@ -49,7 +49,11 @@ def install_nginx(user=None):
|
||||
setup_sudoers(user)
|
||||
|
||||
@click.command('fail2ban')
|
||||
def install_failtoban():
|
||||
@click.option('--maxretry', default=6, help="Number of matches (i.e. value of the counter) which triggers ban action on the IP.")
|
||||
@click.option('--bantime', default=600, help="The counter is set to zero if no match is found within 'findtime' seconds.")
|
||||
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban.')
|
||||
def install_failtoban(**kwargs):
|
||||
extra_vars.update(kwargs)
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban')
|
||||
|
||||
install.add_command(install_prerequisites)
|
||||
|
@ -208,6 +208,13 @@ def setup_roles(role, **kwargs):
|
||||
else:
|
||||
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars)
|
||||
|
||||
@click.command('fail2ban')
|
||||
@click.option('--maxretry', default=6, help="Number of matches (i.e. value of the counter) which triggers ban action on the IP. Default is 6 seconds" )
|
||||
@click.option('--bantime', default=600, help="The counter is set to zero if no match is found within 'findtime' seconds. Default is 600 seconds")
|
||||
@click.option('--findtime', default=600, help='Duration (in seconds) for IP to be banned for. Negative number for "permanent" ban. Default is 600 seconds')
|
||||
def setup_nginx_proxy_jail(**kwargs):
|
||||
from bench.utils import run_playbook
|
||||
run_playbook('prerequisites/setup_nginx_proxy_jail.yml', extra_vars=kwargs)
|
||||
|
||||
setup.add_command(setup_sudoers)
|
||||
setup.add_command(setup_nginx)
|
||||
@ -229,4 +236,5 @@ setup.add_command(remove_domain)
|
||||
setup.add_command(sync_domains)
|
||||
setup.add_command(setup_firewall)
|
||||
setup.add_command(set_ssh_port)
|
||||
setup.add_command(setup_roles)
|
||||
setup.add_command(setup_roles)
|
||||
setup.add_command(setup_nginx_proxy_jail)
|
@ -1,2 +1,5 @@
|
||||
---
|
||||
fail2ban_nginx_access_log: /var/log/nginx/access.log
|
||||
fail2ban_nginx_access_log: /var/log/nginx/access.log
|
||||
maxretry: 6
|
||||
bantime: 600
|
||||
findtime: 600
|
@ -0,0 +1,11 @@
|
||||
- name: Configure fail2ban jail options
|
||||
hosts: localhost
|
||||
become: yes
|
||||
become_user: root
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
||||
tasks:
|
||||
- name: Setup jail
|
||||
template: src="../templates/nginx-proxy-jail.conf.j2" dest="/etc/fail2ban/jail.d/nginx-proxy.conf"
|
||||
- name: restart service
|
||||
service: name=fail2ban state=restarted
|
@ -4,5 +4,6 @@ enabled = true
|
||||
filter = nginx-proxy
|
||||
logpath = {{ fail2ban_nginx_access_log }}
|
||||
action = iptables-multiport[name=NoNginxProxy, port="http,https"]
|
||||
maxretry = 2
|
||||
bantime = 86400
|
||||
maxretry = {{ maxretry }}
|
||||
bantime = {{ bantime }}
|
||||
findtime = {{ findtime }}
|
2
playbooks/prerequisites/setup_nginx_proxy_jail.yml
Normal file
2
playbooks/prerequisites/setup_nginx_proxy_jail.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml
|
Loading…
Reference in New Issue
Block a user