Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
M
mailinabox
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
mailinabox
Commits
83d8dbca
Commit
83d8dbca
authored
Aug 18, 2016
by
Joshua Tauberer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fail2ban won't start until the roundcube log file is created
fixes #911
parent
cdd0a821
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
31 additions
and
10 deletions
+31
-10
CHANGELOG.md
CHANGELOG.md
+5
-0
start.sh
setup/start.sh
+8
-1
system.sh
setup/system.sh
+5
-0
webmail.sh
setup/webmail.sh
+3
-0
fail2ban.py
tests/fail2ban.py
+10
-9
No files found.
CHANGELOG.md
View file @
83d8dbca
CHANGELOG
CHANGELOG
=========
=========
In Development
--------------
*
fail2ban won't start if Roundcube had not yet been used - new installations probably do not have fail2ban running.
v0.19 (August 13, 2016)
v0.19 (August 13, 2016)
-----------------------
-----------------------
...
...
setup/start.sh
View file @
83d8dbca
...
@@ -111,15 +111,22 @@ source setup/zpush.sh
...
@@ -111,15 +111,22 @@ source setup/zpush.sh
source
setup/management.sh
source
setup/management.sh
source
setup/munin.sh
source
setup/munin.sh
#
Ping the management daemon to write the DNS and nginx configuration files
.
#
Wait for the management daemon to start..
.
until
nc
-z
-w
4 127.0.0.1 10222
until
nc
-z
-w
4 127.0.0.1 10222
do
do
echo
Waiting
for
the Mail-in-a-Box management daemon to start...
echo
Waiting
for
the Mail-in-a-Box management daemon to start...
sleep
2
sleep
2
done
done
# ...and then have it write the DNS and nginx configuration files and start those
# services.
tools/dns_update
tools/dns_update
tools/web_update
tools/web_update
# Give fail2ban another restart. The log files may not all have been present when
# fail2ban was first configured, but they should exist now.
restart_service fail2ban
# If DNS is already working, try to provision TLS certficates from Let's Encrypt.
# If DNS is already working, try to provision TLS certficates from Let's Encrypt.
# Suppress extra reasons why domains aren't getting a new certificate.
# Suppress extra reasons why domains aren't getting a new certificate.
management/ssl_certificates.py
-q
management/ssl_certificates.py
-q
...
...
setup/system.sh
View file @
83d8dbca
...
@@ -299,4 +299,9 @@ cat conf/fail2ban/jails.conf \
...
@@ -299,4 +299,9 @@ cat conf/fail2ban/jails.conf \
>
/etc/fail2ban/jail.d/mailinabox.conf
>
/etc/fail2ban/jail.d/mailinabox.conf
cp
-f
conf/fail2ban/filter.d/
*
/etc/fail2ban/filter.d/
cp
-f
conf/fail2ban/filter.d/
*
/etc/fail2ban/filter.d/
# On first installation, the log files that the jails look at don't all exist.
# e.g., The roundcube error log isn't normally created until someone logs into
# Roundcube for the first time. This causes fail2ban to fail to start. Later
# scripts will ensure the files exist and then fail2ban is given another
# restart at the very end of setup.
restart_service fail2ban
restart_service fail2ban
setup/webmail.sh
View file @
83d8dbca
...
@@ -133,6 +133,9 @@ EOF
...
@@ -133,6 +133,9 @@ EOF
mkdir
-p
/var/log/roundcubemail /tmp/roundcubemail
$STORAGE_ROOT
/mail/roundcube
mkdir
-p
/var/log/roundcubemail /tmp/roundcubemail
$STORAGE_ROOT
/mail/roundcube
chown
-R
www-data.www-data /var/log/roundcubemail /tmp/roundcubemail
$STORAGE_ROOT
/mail/roundcube
chown
-R
www-data.www-data /var/log/roundcubemail /tmp/roundcubemail
$STORAGE_ROOT
/mail/roundcube
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
sudo
-u
www-data
touch
/var/log/roundcubemail/errors
# Password changing plugin settings
# Password changing plugin settings
# The config comes empty by default, so we need the settings
# The config comes empty by default, so we need the settings
# we're not planning to change in config.inc.dist...
# we're not planning to change in config.inc.dist...
...
...
tests/fail2ban.py
View file @
83d8dbca
# Test that a box's fail2ban setting are working
# Test that a box's fail2ban setting are working
# correctly by attempting a bunch of failed logins.
# correctly by attempting a bunch of failed logins.
#
Specify SSH login information the command line -
#
#
we use that to reset fail2ban after each test,
#
Specify a SSH login command (which we use to reset
#
and we extract the hostname from that to open
#
fail2ban after each test) and the hostname to
#
connections
to.
#
try to log in
to.
######################################################################
######################################################################
import
sys
,
os
,
time
,
functools
import
sys
,
os
,
time
,
functools
# parse command line
# parse command line
if
len
(
sys
.
argv
)
<
2
:
if
len
(
sys
.
argv
)
!=
3
:
print
(
"Usage: tests/fail2ban.py
user@
hostname"
)
print
(
"Usage: tests/fail2ban.py
\"
ssh user@hostname
\"
hostname"
)
sys
.
exit
(
1
)
sys
.
exit
(
1
)
ssh_
user
,
hostname
=
sys
.
argv
[
1
]
.
split
(
"@"
,
1
)
ssh_
command
,
hostname
=
sys
.
argv
[
1
:
3
]
# define some test types
# define some test types
...
@@ -85,7 +85,8 @@ def http_test(url, expected_status, postdata=None, qsargs=None, auth=None):
...
@@ -85,7 +85,8 @@ def http_test(url, expected_status, postdata=None, qsargs=None, auth=None):
auth
=
HTTPBasicAuth
(
*
auth
)
if
auth
else
None
,
auth
=
HTTPBasicAuth
(
*
auth
)
if
auth
else
None
,
data
=
postdata
,
data
=
postdata
,
headers
=
{
'User-Agent'
:
'Mail-in-a-Box fail2ban tester'
},
headers
=
{
'User-Agent'
:
'Mail-in-a-Box fail2ban tester'
},
timeout
=
8
)
timeout
=
8
,
verify
=
False
)
# don't bother with HTTPS validation, it may not be configured yet
except
requests
.
exceptions
.
ConnectTimeout
as
e
:
except
requests
.
exceptions
.
ConnectTimeout
as
e
:
raise
IsBlocked
()
raise
IsBlocked
()
except
requests
.
exceptions
.
ConnectionError
as
e
:
except
requests
.
exceptions
.
ConnectionError
as
e
:
...
@@ -106,7 +107,7 @@ def restart_fail2ban_service(final=False):
...
@@ -106,7 +107,7 @@ def restart_fail2ban_service(final=False):
if
not
final
:
if
not
final
:
# Stop recidive jails during testing.
# Stop recidive jails during testing.
command
+=
" && sudo fail2ban-client stop recidive"
command
+=
" && sudo fail2ban-client stop recidive"
os
.
system
(
"
ssh
%
s@
%
s
\"
%
s
\"
"
%
(
ssh_user
,
hostname
,
command
))
os
.
system
(
"
%
s
\"
%
s
\"
"
%
(
ssh_command
,
command
))
def
testfunc_runner
(
i
,
testfunc
,
*
args
):
def
testfunc_runner
(
i
,
testfunc
,
*
args
):
print
(
i
+
1
,
end
=
" "
,
flush
=
True
)
print
(
i
+
1
,
end
=
" "
,
flush
=
True
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment