Add ability to override fail2ban.conf with fail2ban.local values. (#769

) * Add ability to override fail2ban.conf with fail2ban.local values.
docker-mailserver · Dec 7, 2017 · d62ea04 · d62ea04
1 parent 835939d
commit d62ea04
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 2 deletions.
diff --git a/config/fail2ban-fail2ban.cf b/config/fail2ban-fail2ban.cf
@@ -0,0 +1,19 @@
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+
+# loglevel = INFO
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
+# dbpurgeage = 604800
diff --git a/config/postfix-accounts.cf.bak b/config/postfix-accounts.cf.bak
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
@@ -983,6 +983,7 @@ function _setup_security_stack() {
 	# Fail2ban
 	if [ "$ENABLE_FAIL2BAN" = 1 ]; then
 		notify 'inf' "Fail2ban enabled"
+		test -e /tmp/docker-mailserver/fail2ban-fail2ban.cf && cp /tmp/docker-mailserver/fail2ban-fail2ban.cf /etc/fail2ban/fail2ban.local
 		test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
 	else
 		# Disable logrotate config for fail2ban if not enabled

diff --git a/test/config/chksum b/test/config/chksum
@@ -0,0 +1,2 @@
+SHA512 (postfix-accounts.cf) = 8eba4eedb76e8c3b740ca4eea5d7ad1c8695fd7fd39d3e5d161201101b5b63a1c1471ab85bd79d6ed4ba192c423275a3d1210a9596a06904434ab5707ad3753b
+SHA512 (postfix-virtual.cf) = c5bff9b5c50886a72a559ee52b1230b751c3820cd12de3ffe2a632f8d2a7845fa33ddac397c62889f0680d096be24418f22c1b81fb93ad56fd4937869f16954b
diff --git a/test/config/fail2ban-fail2ban.cf b/test/config/fail2ban-fail2ban.cf
@@ -0,0 +1,19 @@
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+
+loglevel = DEBUG
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours), 604800 (1week)
+# dbpurgeage = 604800
diff --git a/test/tests.bats b/test/tests.bats
@@ -611,7 +611,7 @@ load 'test_helper/bats-assert/load'
   assert_output 4
 }
 
-@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {  
+@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {
   rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain"
   run docker run --rm \
     -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
@@ -732,6 +732,11 @@ load 'test_helper/bats-assert/load'
   assert_success
 }
 
+@test "checking fail2ban: fail2ban-fail2ban.cf overrides" {
+  run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get loglevel | grep DEBUG"
+  assert_success
+}
+
 @test "checking fail2ban: fail2ban-jail.cf overrides" {
   FILTERS=(sshd postfix dovecot postfix-sasl)
 
@@ -1385,4 +1390,3 @@ load 'test_helper/bats-assert/load'
   run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
   assert_success
 }
-