Skip to content
Snippets Groups Projects
Commit 69a60e8a authored by Elian Loraux's avatar Elian Loraux
Browse files

add ingore domain for fail2ban in .env

parent 29243588
Branches
No related tags found
1 merge request!21Services desk 81 redistributivite securimag
......@@ -13,6 +13,11 @@ export DOMAIN="dev.tetras-libre.fr"
export SERVER_ADMIN="sysadmin@tetras-libre.fr"
export IGNORE_DOMAINES=(
"tetrix.tetras-libre.fr"
"piculus.tetras-libre.fr"
)
# can be set to nginx
export WEB_SERVER="apache2"
# You can define here some services that are badly detected by checkrestart
......
#!/bin/bash
set -o nounset # Treat unset variables as an error
echo "RUN $(basename "$0") ==="
DIR=$(realpath $(dirname $0)/..)
if [ ! -e $DIR/main.env ]
then
echo "Please copy in racine of NoCloud Auto Installer main.env.sample to main.env and edit it"
exit 1
else
echo "Environment file loaded"
fi
. $DIR/main.env
if [ -z "$(grep '^alias ls=' /root/.bashrc)" ]
then
......@@ -35,10 +47,21 @@ syntax on
filetype plugin indent on
EOF
ignoreips=()
for domaine in "${IGNORE_DOMAINES[@]}"; do
# Utilise dig pour obtenir l'adresse IP
ip=$(dig +short "$domaine")
ignoreips=("${ignoreips[@]}" $ip)
# Affiche le nom de domaine et l'adresse IP
echo "$domaine : $ip"
done
cat <<EOF > /etc/fail2ban/jail.local
[DEFAULT]
# Ignore Tetras Libre IPs
ignoreip = 127.0.0.1/8 ::1 $(dig +short servermon.tetras-libre.fr | tail -n 1) $(dig +short tetrix.tetras-libre.fr | tail -n 1) $(docker network inspect traefik | awk '/Subnet/{print $2}' | sed -e 's/"//g' -e 's/,$//')
ignoreip = 127.0.0.1/8 ::1 ${ignoreips[@]} $(docker network inspect traefik | awk '/Subnet/{print $2}' | sed -e 's/"//g' -e 's/,$//')
EOF
fail2ban-client reload
#!/usr/bin/env bash
set -o nounset # Treat unset variables as an error
echo "RUN $(basename "$0") ==="
DIR=$(realpath $(dirname $0)/..)
if [ ! -e $DIR/main.env ]
then
echo "Please copy in racine of NoCloud Auto Installer main.env.sample to main.env and edit it"
exit 1
else
echo "Environment file loaded"
fi
. $DIR/main.env
ignoreips=()
for domaine in "${IGNORE_DOMAINES[@]}"; do
# Utilise dig pour obtenir l'adresse IP
ip=$(dig +short "$domaine")
ignoreips=("${ignoreips[@]}" $ip)
# Affiche le nom de domaine et l'adresse IP
echo "$domaine : $ip"
done
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment