From c203c38bf7502bdabe312b32b164fc0751d501db Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 27 Jan 2015 21:59:26 +0100 Subject: [PATCH] Suspend log monitoring during logrotate Instead of restarting fail2ban daemon --- createlinks | 3 ++- .../e-smith/events/actions/fail2ban-resume-logs | 28 ++++++++++++++++++++++ .../e-smith/events/actions/fail2ban-suspend-logs | 27 +++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 root/etc/e-smith/events/actions/fail2ban-resume-logs create mode 100644 root/etc/e-smith/events/actions/fail2ban-suspend-logs diff --git a/createlinks b/createlinks index 14ec10f..ec74f9a 100644 --- a/createlinks +++ b/createlinks @@ -17,7 +17,8 @@ safe_symlink("restart", "root/etc/e-smith/events/fail2ban-conf/services2adjust/f safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/fail2ban"); safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/fail2ban"); safe_symlink("restart", "root/etc/e-smith/events/remoteaccess-update/services2adjust/fail2ban"); -safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/fail2ban"); +event_link("fail2ban-suspend-logs", "logrotate", "02"); +event_link("fail2ban-resume-logs", "logrotate", "98"); safe_touch("root/var/log/fail2ban/daemon.log"); diff --git a/root/etc/e-smith/events/actions/fail2ban-resume-logs b/root/etc/e-smith/events/actions/fail2ban-resume-logs new file mode 100644 index 0000000..07d7a04 --- /dev/null +++ b/root/etc/e-smith/events/actions/fail2ban-resume-logs @@ -0,0 +1,28 @@ +#!/bin/sh + +STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled) +if [ "$STATUS" != "enabled" ]; then + exit 0 +fi + +sleep 1 +for JAIL in http-overflows http-noscript http-scan http-auth; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log + fi +done + +for JAIL in pam-generic ftp; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/secure + fi +done + +for JAIL in lemonldap; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/messages + fi +done diff --git a/root/etc/e-smith/events/actions/fail2ban-suspend-logs b/root/etc/e-smith/events/actions/fail2ban-suspend-logs new file mode 100644 index 0000000..a92767f --- /dev/null +++ b/root/etc/e-smith/events/actions/fail2ban-suspend-logs @@ -0,0 +1,27 @@ +#!/bin/sh + +STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled) +if [ "$STATUS" != "enabled" ]; then + exit 0 +fi + +for JAIL in http-overflows http-noscript http-scan http-auth; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/httpd/error_log + fi +done + +for JAIL in pam-generic ftp; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/secure + fi +done + +for JAIL in lemonldap; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/messages + fi +done