Fail2ban

[OniriCorpe]

Problem

• 62

• 118 (sorry I can't commit to that draft, so I had to open a new PR 😕)

this PR closes what I mentioned above

Solution

• I added all the config needed to configure fail2ban and manage it in all relevant scripts

The regex: <HOST> .* \"GET /api/.*\" 401

It captures all failed API requests with wrong login/password, like this one: IP_ADRESS - - [01/Nov/2023:04:34:02 +0100] "GET /api/greader.php/accounts/ClientLogin?Email=user&Passwd=wrongpassword HTTP/2.0" 401 13 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" This log is the same on v1.21.0 and on v1.22.1 (I verified), so everything should work regardless of version! :)

As a bonus:

• I fixes SC2086 linter security alerts
• I tidying up scripts
• I also reduced (not really relevant) warnings that freshrss returns and which may worry users

PR Status

• [x] Code finished and ready to be reviewed/tested
• [ ] The fix/enhancement were manually tested (if applicable)

[yunohost-bot]

:v:

[yunohost-bot]

Alrighty!

[yunohost-bot]

May the CI gods be with you!

[yunohost-bot]

Alrighty!

[lapineige]

Thanks a lot ! :rocket: