Merge branch '133-fail2ban-page' into 'master'

ajout du services bannisement See merge request !19

Merge branch '133-fail2ban-page' into 'master'
08c9559f · David Beniamine · b9be0883 · 52304779 · 08c9559f · 08c9559f
Commit 08c9559f authored 3 months ago by David Beniamine
--- a/upgrade/Traefik.sh
+++ b/upgrade/Traefik.sh
@@ -49,6 +49,18 @@ sed -i "s/IGNORE_IPS=.*/IGNORE_IPS=$iptetrix/" .env

 docker-compose up -d --build

+# Services ban
+cd /home/dockerweb/
+
+if [ ! -d "ban" ]; then
+  git clone https://gitlab.tetras-libre.fr/nocloud/docker/ban.git
+  cd /home/dockerweb/ban
+  cp .env.sample .env
+else
+  cd /home/dockerweb/ban
+  git pull
+fi
+
 # MAJ traefik
 cd /home/dockerweb/traefik
 git pull

--- a/upgrade/traefik_fail2ban.sh
+++ b/upgrade/traefik_fail2ban.sh
@@ -7,6 +7,7 @@ logpath = /home/dockerweb/traefik/log/access.log
 chain = DOCKER-USER
 mode = aggressive
 findtime = 4h
+banaction = docker-page
 EOF
 cat <<EOF > /etc/fail2ban/jail.d/nocloud_base.conf
 [sshd]
@@ -21,5 +22,17 @@ banaction = %(banaction_allports)s
 bantime  = 1w
 findtime = 1d
 EOF
-fail2ban-client reload
+cat <<EOF > /etc/fail2ban/action.d/docker-page.conf
+[Definition]
+
+actionstart =
+
+actionstop =
+
+actioncheck =

+actionban = cd /home/dockerweb/ban; bash ban.sh <ip>
+
+actionunban = cd /home/dockerweb/ban; bash unban.sh <ip>
+EOF
+fail2ban-client reload