Add ability to override fail2ban.conf with fail2ban.local values. (#769)

* Add ability to override fail2ban.conf with fail2ban.local values.
This commit is contained in:
Marek Walczak 2017-12-07 19:27:31 +01:00 committed by Johan Smits
parent 835939d856
commit d62ea049e6
6 changed files with 47 additions and 2 deletions

View file

@ -0,0 +1,19 @@
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
# loglevel = INFO
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
# dbpurgeage = 604800

View file

View file

@ -983,6 +983,7 @@ function _setup_security_stack() {
# Fail2ban # Fail2ban
if [ "$ENABLE_FAIL2BAN" = 1 ]; then if [ "$ENABLE_FAIL2BAN" = 1 ]; then
notify 'inf' "Fail2ban enabled" notify 'inf' "Fail2ban enabled"
test -e /tmp/docker-mailserver/fail2ban-fail2ban.cf && cp /tmp/docker-mailserver/fail2ban-fail2ban.cf /etc/fail2ban/fail2ban.local
test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
else else
# Disable logrotate config for fail2ban if not enabled # Disable logrotate config for fail2ban if not enabled

2
test/config/chksum Normal file
View file

@ -0,0 +1,2 @@
SHA512 (postfix-accounts.cf) = 8eba4eedb76e8c3b740ca4eea5d7ad1c8695fd7fd39d3e5d161201101b5b63a1c1471ab85bd79d6ed4ba192c423275a3d1210a9596a06904434ab5707ad3753b
SHA512 (postfix-virtual.cf) = c5bff9b5c50886a72a559ee52b1230b751c3820cd12de3ffe2a632f8d2a7845fa33ddac397c62889f0680d096be24418f22c1b81fb93ad56fd4937869f16954b

View file

@ -0,0 +1,19 @@
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = DEBUG
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
# dbpurgeage = 604800

View file

@ -611,7 +611,7 @@ load 'test_helper/bats-assert/load'
assert_output 4 assert_output 4
} }
@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" { @test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {
rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain" rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain"
run docker run --rm \ run docker run --rm \
-v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \ -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
@ -732,6 +732,11 @@ load 'test_helper/bats-assert/load'
assert_success assert_success
} }
@test "checking fail2ban: fail2ban-fail2ban.cf overrides" {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG"
assert_success
}
@test "checking fail2ban: fail2ban-jail.cf overrides" { @test "checking fail2ban: fail2ban-jail.cf overrides" {
FILTERS=(sshd postfix dovecot postfix-sasl) FILTERS=(sshd postfix dovecot postfix-sasl)
@ -1385,4 +1390,3 @@ load 'test_helper/bats-assert/load'
run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'" run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
assert_success assert_success
} }