Suspend log monitoring during logrotate

Instead of restarting fail2ban daemon
9 years ago · 35b64f0502
parent 97e122e4cb
commit 35b64f0502
3 changed files with 57 additions and 1 deletions
--- a/3
+++ b/3
@ -17,7 +17,8 @@ safe_symlink("restart", "root/etc/e-smith/events/fail2ban-conf/services2adjust/f
 safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/fail2ban");
 safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/fail2ban");
 safe_symlink("restart", "root/etc/e-smith/events/remoteaccess-update/services2adjust/fail2ban");
-safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/fail2ban");
+event_link("fail2ban-suspend-logs", "logrotate", "02");
+event_link("fail2ban-resume-logs", "logrotate", "98");

 safe_touch("root/var/log/fail2ban/daemon.log");

--- a/root/etc/e-smith/events/actions/fail2ban-resume-logs
+++ b/root/etc/e-smith/events/actions/fail2ban-resume-logs
@ -0,0 +1,28 @@
+#!/bin/sh
+
+STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
+if [ "$STATUS" != "enabled" ]; then
+  exit 0
+fi
+
+sleep 1
+for JAIL in http-overflows http-noscript http-scan http-auth; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log
+  fi
+done
+
+for JAIL in pam-generic ftp; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/secure
+  fi
+done
+
+for JAIL in lemonldap; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/messages
+  fi
+done
--- a/root/etc/e-smith/events/actions/fail2ban-suspend-logs
+++ b/root/etc/e-smith/events/actions/fail2ban-suspend-logs
@ -0,0 +1,27 @@
+#!/bin/sh
+
+STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
+if [ "$STATUS" != "enabled" ]; then
+  exit 0
+fi
+
+for JAIL in http-overflows http-noscript http-scan http-auth; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/httpd/error_log
+  fi
+done
+
+for JAIL in pam-generic ftp; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/secure
+  fi
+done
+
+for JAIL in lemonldap; do
+  /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/messages
+  fi
+done