Implement recidive jail and add it during upgrade.

ScIT-Raphael · ScIT-Raphael · commit e2fe842c1945 · 2019-07-03T08:40:55.000+02:00
diff --git a/func/upgrade.sh b/func/upgrade.sh
@@ -123,7 +123,7 @@ upgrade_start_routine() {
 
 upgrade_phpmyadmin() {
     # Check if MariaDB/MySQL is installed on the server before attempting to install or upgrade phpMyAdmin
-    if [ $DB_SYSTEM = "mysql" ]; then
+    if [ "$DB_SYSTEM" = "mysql" ]; then
         # Define version check function
         function version_ge(){ test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o ! -z "$1" -a "$1" = "$2"; }
 
@@ -178,41 +178,44 @@ upgrade_set_version() {
 upgrade_rebuild_users() {
     for user in `ls /usr/local/hestia/data/users/`; do
         echo "(*) Rebuilding domains and account for user: $user..."
-        if [ ! -z $WEB_SYSTEM ]; then
+        if [ ! -z "$WEB_SYSTEM" ]; then
             $BIN/v-rebuild-web-domains $user >/dev/null 2>&1
         fi
-        if [ ! -z $DNS_SYSTEM ]; then
+        if [ ! -z "$DNS_SYSTEM" ]; then
             $BIN/v-rebuild-dns-domains $user >/dev/null 2>&1
         fi
-        if [ ! -z $MAIL_SYSTEM ]; then 
+        if [ ! -z "$MAIL_SYSTEM" ]; then 
             $BIN/v-rebuild-mail-domains $user >/dev/null 2>&1
         fi
     done
 }
 
 upgrade_restart_services() {
     echo "(*) Restarting services..."
-    if [ ! -z $MAIL_SYSTEM ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
         $BIN/v-restart-mail $restart
     fi
-    if [ ! -z $IMAP_SYSTEM ]; then
+    if [ ! -z "$IMAP_SYSTEM" ]; then
         $BIN/v-restart-service $IMAP_SYSTEM $restart
     fi
-    if [ ! -z $WEB_SYSTEM ]; then
+    if [ ! -z "$WEB_SYSTEM" ]; then
         $BIN/v-restart-web $restart
         $BIN/v-restart-proxy $restart
     fi
-    if [ ! -z $DNS_SYSTEM ]; then
+    if [ ! -z "$DNS_SYSTEM" ]; then
         $BIN/v-restart-dns $restart
     fi
     for v in `ls /etc/php/`; do
         if [ -e /etc/php/$v/fpm ]; then
             $BIN/v-restart-service php$v-fpm $restart
         fi
     done
-    if [ ! -z $FTP_SYSTEM ]; then
+    if [ ! -z "$FTP_SYSTEM" ]; then
         $BIN/v-restart-ftp $restart
     fi
+    if [ ! -z "$FIREWALL_EXTENSION" ]; then
+        $BIN/v-restart-service $FIREWALL_EXTENSION yes
+    fi
 
     # Restart SSH daemon and Hestia Control Panel service
     $BIN/v-restart-service ssh $restart
diff --git a/install/upgrade/versions/latest.sh b/install/upgrade/versions/latest.sh
@@ -62,4 +62,11 @@ fi
 if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
     echo "(*) Removing old NGINX configuration file from previous version of Hestia Control Panel..."
     rm -f /etc/nginx/conf.d/hestia.conf
+fi
+
+# Implement recidive jail for fail2ban
+if [ ! -z "$FIREWALL_EXTENSION" ]; then
+    if ! cat /etc/fail2ban/jail.local | grep -q "recidive"; then
+        echo -e "\n\n[recidive]\nenabled  = true\nmaxretry = 3\nfindtime = 86400\nbantime  = 864000" >> /etc/fail2ban/jail.local
+    fi
 fi
