search

YunoHost-Apps / monitorix_ynh

Monitorix package for YunoHost
GNU Affero General Public License v3.0
3 stars 10 forks source link

Custom fail2ban configuration #17

Closed supermamie closed 4 years ago

supermamie commented 4 years ago

According to this post on the forum, the default conf bother some people. It may be possible to adapt the default configuration when the app is installed/upgraded ? I used sudo fail2ban-client status | grep 'Jail list:' | sed 's/.*Jail list://' | sed 's/,//g' to have the list of jails and manually ordered them, but it could be done automatically with some pre-determined jails. Something like : 

# FAIL2BAN graph
# -----------------------------------------------------------------------------
<fail2ban>
#        list = Security, Overload / Abuse
        list = YunoHost, Mail, Default, SSH, Apps
        <desc>
#                0 = [apache], [apache-mod-security], [apache-overflows], [courierauth], [ssh], [sshd], [pam-generic], [php-url-fopen], [vsftpd]
#                1 = [apache-evasive], [apache-badbots], [named-refused-udp], [named-refused-tcp]
                0 = [yunohost]
                1 = [postfix], [postfix-sasl], [dovecot]
                2 = [recidive], [pam-generic], [nginx-http-auth]
                3 = [sshd], [sshd-ddos]
                4 = ************
        </desc>
        graphs_per_row = 2
        rigid = 0
        limit = 100
</fail2ban>

This is just my conf, tho order can be improved and the default jails that I removed can be added back The logic should be : test for every jail if it exist, if not, remove it from the config. All jails not listed goes to the Apps category

Is it something doable ?

Josue-T commented 4 years ago

Hello,

According to this post on the forum

Which post ?

It may be possible to adapt the default configuration when the app is installed/upgraded ?

Yes, seeing the actual configuration provieded by the app, I agree that there are a lot of improvement to do. I'll try to do something on this side.

supermamie commented 4 years ago

Which post ?

Oops, here : https://forum.yunohost.org/t/fail2ban-genere-des-milliers-de-lignes-davertissements/11389

Note that the configuration can be made in a separate generated file, not specially in the main one. (On my server I have all my modifications in a specific file)

Josue-T commented 4 years ago

Oops, here : https://forum.yunohost.org/t/fail2ban-genere-des-milliers-de-lignes-davertissements/11389

Ah yes I didn't see this. Thanks for the feedback.

A fix should be available here: https://github.com/YunoHost-Apps/monitorix_ynh/pull/18

Note that the configuration can be made in a separate generated file, not specially in the main one. (On my server I have all my modifications in a specific file)

As described here ?

supermamie commented 4 years ago

A fix should be available here: #18

I made a little comment about the list config.

And another one : for the « default » jails, can we be sure that they are really here ?

As described here ?

Yes exactly, I used the monitorix doc to do it on my side, but this is exactly this.

Josue-T commented 4 years ago

Should be fixed in testing

olberger commented 10 months ago

As described here ?

FWIW, the docs seem to be here: https://github.com/YunoHost-Apps/monitorix_ynh/blob/master/doc/ADMIN.md#custom-config