koozali
/
smeserver-fail2ban
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Suspend log monitoring during logrotate 

Instead of restarting fail2ban daemon
This commit is contained in:
Daniel Berteaud 2015-01-27 21:59:26 +01:00
parent 71c09c53f4
commit c203c38bf7
3 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
createlinks
View File

@ -17,7 +17,8 @@ safe_symlink("restart", "root/etc/e-smith/events/fail2ban-conf/services2adjust/f
safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/fail2ban");
safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/fail2ban");
safe_symlink("restart", "root/etc/e-smith/events/remoteaccess-update/services2adjust/fail2ban");
safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/fail2ban");
event_link("fail2ban-suspend-logs", "logrotate", "02");
event_link("fail2ban-resume-logs", "logrotate", "98");
safe_touch("root/var/log/fail2ban/daemon.log");

28
root/etc/e-smith/events/actions/fail2ban-resume-logs Normal file
View File

@ -0,0 +1,28 @@
#!/bin/sh
STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
if [ "$STATUS" != "enabled" ]; then
exit 0
fi
sleep 1
for JAIL in http-overflows http-noscript http-scan http-auth; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log
fi
done
for JAIL in pam-generic ftp; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/secure
fi
done
for JAIL in lemonldap; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/messages
fi
done

27
root/etc/e-smith/events/actions/fail2ban-suspend-logs Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
if [ "$STATUS" != "enabled" ]; then
exit 0
fi
for JAIL in http-overflows http-noscript http-scan http-auth; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/httpd/error_log
fi
done
for JAIL in pam-generic ftp; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/secure
fi
done
for JAIL in lemonldap; do
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
if [ $? -eq 0 ]; then
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/messages
fi
done