github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding ProFTPD jail rule to Fail2Ban

Browse source
This commit is contained in:
myvesta 2025-05-25 13:51:13 +02:00
parent ff7bc2baa5
commit fa8dd64c5a
2 changed files with 42 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
install/vst-install-debian.sh
View file

@ -1690,6 +1690,20 @@ if [ "$fail2ban" = 'yes' ]; then
chmod 640 /var/log/auth.log chmod 640 /var/log/auth.log
chown root:adm /var/log/auth.log chown root:adm /var/log/auth.log
fi fi
if [ "$proftpd" = 'yes' ]; then
cat <<EOF >> /etc/fail2ban/jail.local
[proftpd]
enabled = true
filter = proftpd
action = vesta[name=FTP]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
maxretry = 5
EOF
fi
#update-rc.d fail2ban defaults #update-rc.d fail2ban defaults
currentservice='fail2ban' currentservice='fail2ban'
ensure_startup $currentservice ensure_startup $currentservice

27
src/deb/vesta/postinst
View file

@ -25,6 +25,29 @@ fi
echo "1" > /usr/local/vesta/data/upgrades/show_changelog echo "1" > /usr/local/vesta/data/upgrades/show_changelog
chmod a=rw /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog
# Adding ProFTPD to Fail2Ban
if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then
if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then
echo "== Adding ProFTPD to Fail2Ban"
cat <<EOF >> /etc/fail2ban/jail.local
[proftpd]
enabled = true
filter = proftpd
action = vesta[name=FTP]
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
maxretry = 5
EOF
fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
if [ $fail2ban_running -eq 1 ]; then
echo "== Restarting Fail2Ban"
systemctl restart fail2ban
fi
fi
fi
# Removing SpamHaus DNSBL # Removing SpamHaus DNSBL
if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then
sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf
@ -163,10 +186,14 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then
echo "== Enabling TLS for ProFTPD FTPS" echo "== Enabling TLS for ProFTPD FTPS"
wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf
sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf
proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running')
if [ $proftpd_running -eq 1 ]; then
echo "== Restarting ProFTPD"
systemctl restart proftpd systemctl restart proftpd
fi fi
fi fi
fi fi
fi
# Updating CloudFlare IP addresses # Updating CloudFlare IP addresses
if [ ! -f "/usr/local/vesta/data/upgrades/update-cloudflare-ips" ]; then if [ ! -f "/usr/local/vesta/data/upgrades/update-cloudflare-ips" ]; then