Add ability to override fail2ban.conf with fail2ban.local values. (#769)

* Add ability to override fail2ban.conf with fail2ban.local values.
2017-12-07 19:27:31 +01:00 · 2017-12-07 19:27:31 +01:00 · d62ea049e6
parent 835939d856
commit d62ea049e6
6 changed files with 47 additions and 2 deletions
--- a/config/fail2ban-fail2ban.cf
+++ b/config/fail2ban-fail2ban.cf
@ -0,0 +1,19 @@
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+
+# loglevel = INFO
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
+# dbpurgeage = 604800
--- a/config/postfix-accounts.cf.bak
+++ b/config/postfix-accounts.cf.bak
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@ -983,6 +983,7 @@ function _setup_security_stack() {
 	# Fail2ban
 	if [ "$ENABLE_FAIL2BAN" = 1 ]; then
 		notify 'inf' "Fail2ban enabled"
+		test -e /tmp/docker-mailserver/fail2ban-fail2ban.cf && cp /tmp/docker-mailserver/fail2ban-fail2ban.cf /etc/fail2ban/fail2ban.local
 		test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
 	else
 		# Disable logrotate config for fail2ban if not enabled
--- a/test/config/chksum
+++ b/test/config/chksum
@ -0,0 +1,2 @@
+SHA512 (postfix-accounts.cf) = 8eba4eedb76e8c3b740ca4eea5d7ad1c8695fd7fd39d3e5d161201101b5b63a1c1471ab85bd79d6ed4ba192c423275a3d1210a9596a06904434ab5707ad3753b
+SHA512 (postfix-virtual.cf) = c5bff9b5c50886a72a559ee52b1230b751c3820cd12de3ffe2a632f8d2a7845fa33ddac397c62889f0680d096be24418f22c1b81fb93ad56fd4937869f16954b
--- a/test/config/fail2ban-fail2ban.cf
+++ b/test/config/fail2ban-fail2ban.cf
@ -0,0 +1,19 @@
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+
+loglevel = DEBUG
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
+# dbpurgeage = 604800
--- a/test/tests.bats
+++ b/test/tests.bats
@ -611,7 +611,7 @@ load 'test_helper/bats-assert/load'
  assert_output 4
 }

-@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {  
+@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {
  rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain"
  run docker run --rm \
    -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
@ -732,6 +732,11 @@ load 'test_helper/bats-assert/load'
  assert_success
 }

+@test "checking fail2ban: fail2ban-fail2ban.cf overrides" {
+  run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG"
+  assert_success
+}
+
@test "checking fail2ban: fail2ban-jail.cf overrides" {
  FILTERS=(sshd postfix dovecot postfix-sasl)

@ -1385,4 +1390,3 @@ load 'test_helper/bats-assert/load'
  run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
  assert_success
 }
-