mkdir -p './davfs2/certs/private'
mkdir -p './dbus-1/session.d'
mkdir -p './dhcp/ddns-keys'
-mkdir -p './fail2ban/action.d'
-mkdir -p './fail2ban/fail2ban.d'
-mkdir -p './fail2ban/filter.d/ignorecommands'
-mkdir -p './fail2ban/jail.d'
mkdir -p './glvnd/egl_vendor.d'
mkdir -p './guest-session'
mkdir -p './icinga/modules'
mkdir -p './letsencrypt/renewal-hooks/post'
mkdir -p './letsencrypt/renewal-hooks/pre'
mkdir -p './libpaper.d'
-mkdir -p './monit/conf-available'
mkdir -p './mono/certstore'
mkdir -p './mysql/mariadb.conf.d'
mkdir -p './netplan'
maybe chmod 0644 'bash_completion.d/desktop-file-validate'
maybe chmod 0644 'bash_completion.d/dkms'
maybe chmod 0644 'bash_completion.d/docker'
-maybe chmod 0644 'bash_completion.d/fail2ban'
maybe chmod 0644 'bash_completion.d/gem1.9.1'
maybe chmod 0644 'bash_completion.d/git-prompt'
maybe chmod 0644 'bash_completion.d/grub'
maybe chmod 0644 'default/devpts'
maybe chmod 0644 'default/docker'
maybe chmod 0644 'default/dovecot'
-maybe chmod 0644 'default/fail2ban'
maybe chmod 0644 'default/fetchmail'
maybe chmod 0644 'default/grub'
maybe chmod 0755 'default/grub.d'
maybe chmod 0644 'etckeeper/update-ignore.d/README'
maybe chmod 0755 'etckeeper/vcs.d'
maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd'
-maybe chmod 0755 'fail2ban'
-maybe chmod 0755 'fail2ban/action.d'
-maybe chmod 0755 'fail2ban/fail2ban.d'
-maybe chmod 0755 'fail2ban/filter.d'
-maybe chmod 0755 'fail2ban/filter.d/ignorecommands'
-maybe chmod 0755 'fail2ban/jail.d'
maybe chown 'fetchmail' 'fetchmailrc'
maybe chmod 0600 'fetchmailrc'
maybe chmod 0644 'ffserver.conf'
maybe chmod 0755 'init.d/dns-clean'
maybe chmod 0755 'init.d/docker'
maybe chmod 0755 'init.d/dovecot'
-maybe chmod 0755 'init.d/fail2ban'
maybe chmod 0755 'init.d/fetchmail'
maybe chmod 0755 'init.d/fhem'
maybe chmod 0755 'init.d/grub-common'
maybe chmod 0644 'ldap/schema/amavis.schema'
maybe chmod 0644 'legal'
maybe chmod 0755 'letsencrypt'
+maybe chmod 0600 'letsencrypt/.certbot.lock'
maybe chmod 0644 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
maybe chmod 0700 'letsencrypt/accounts'
maybe chmod 0700 'letsencrypt/accounts/acme-v01.api.letsencrypt.org'
maybe chmod 0644 'logrotate.d/cups-daemon'
maybe chmod 0644 'logrotate.d/dbconfig-common'
maybe chmod 0644 'logrotate.d/dpkg'
-maybe chmod 0644 'logrotate.d/fail2ban'
maybe chmod 0644 'logrotate.d/homematic'
maybe chmod 0644 'logrotate.d/iptraf'
maybe chmod 0644 'logrotate.d/iptraf-ng'
maybe chmod 0644 'modules'
maybe chmod 0755 'modules-load.d'
maybe chmod 0644 'modules-load.d/cups-filters.conf'
-maybe chmod 0755 'monit'
-maybe chmod 0755 'monit/conf-available'
-maybe chmod 0755 'monit/monitrc.d'
-maybe chmod 0644 'monit/monitrc.d/fail2ban'
maybe chmod 0755 'mono'
maybe chmod 0755 'mono/2.0'
maybe chmod 0755 'mono/2.0/Browsers'
+++ /dev/null
-# fail2ban bash-completion -*- shell-script -*-
-#
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-__fail2ban_jails () {
- "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g'
-}
-__fail2ban_jail_actions () {
- "$1" get "$2" actions 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
-}
-__fail2ban_jail_action_properties () {
- "$1" get "$2" actionproperties "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
-}
-__fail2ban_jail_action_methods () {
- "$1" get "$2" actionmethods "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
-}
-
-_fail2ban () {
- local cur prev words cword
- _init_completion || return
-
- case $prev in
- -V|--version|-h|--help)
- return 0 # No further completion valid
- ;;
- -c)
- _filedir -d # Directories
- return 0
- ;;
- -s|-p)
- _filedir # Files
- return 0
- ;;
- *)
- if [[ "$cur" == "-"* ]];then
- COMPREPLY=( $( compgen -W \
- "$( _parse_help "$1" --help 2>/dev/null) -V" \
- -- "$cur") )
- return 0
- fi
- ;;
- esac
-
- if [[ "$1" == *"fail2ban-regex" ]];then
- _filedir
- return 0
- elif [[ "$1" == *"fail2ban-client" ]];then
- local cmd jail action
- case $prev in
- "$1")
- COMPREPLY=( $( compgen -W \
- "$( "$1" --help 2>/dev/null | awk '/^ [a-z]+/{print $1}')" \
- -- "$cur") )
- return 0
- ;;
- start|reload|stop|status)
- COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
- return 0
- ;;
- set|get)
- COMPREPLY=( $( compgen -W \
- "$( "$1" --help 2>/dev/null | awk '/^ '$prev' [^<]/{print $2}')" \
- -- "$cur") )
- COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
- return 0
- ;;
- *)
- if [[ "${words[$cword-2]}" == "add" ]];then
- COMPREPLY=( $( compgen -W "auto polling gamin pyinotify systemd" -- "$cur" ) )
- return 0
- elif [[ "${words[$cword-2]}" == "set" || "${words[$cword-2]}" == "get" ]];then
- cmd="${words[cword-2]}"
- # Handle in section below
- elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then
- cmd="${words[$cword-3]}"
- jail="${words[$cword-2]}"
- # Handle in section below
- elif [[ "${words[$cword-4]}" == "set" || "${words[$cword-4]}" == "get" && ${words[$cword-2]} == action* ]];then
- cmd="${words[$cword-4]}"
- jail="${words[$cword-3]}"
- action="${words[$cword-1]}"
- # Handle in section below
- fi
- ;;
- esac
-
- if [[ -z "$jail" && -n "$cmd" ]];then
- case $prev in
- loglevel)
- if [[ "$cmd" == "set" ]];then
- COMPREPLY=( $( compgen -W "CRITICAL ERROR WARNING NOTICE INFO DEBUG" -- "$cur" ) )
- fi
- return 0
- ;;
- logtarget)
- if [[ "$cmd" == "set" ]];then
- COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG SYSOUT" -- "$cur" ) )
- _filedir # And files
- fi
- return 0
- ;;
- *) # Jail name
- COMPREPLY=( $( compgen -W \
- "$( "$1" --help 2>/dev/null | awk '/^ '${cmd}' <JAIL>/{print $3}')" \
- -- "$cur") )
- return 0
- ;;
- esac
- elif [[ -n "$jail" && -n "$action" ]];then
- case ${words[$cwords-3]} in
- action)
- COMPREPLY=( $( compgen -W \
- "$( __fail2ban_jail_action_properties "$1" "$jail" "$action")" \
- -- "$cur" ) )
- if [[ "$cmd" == "set" ]];then
- COMPREPLY+=( $(compgen -W "$(__fail2ban_jail_action_methods "$1" "$jail" "$action")" -- "$cur" ) )
- fi
- return 0
- ;;
- esac
- elif [[ -n "$jail" && $prev == action* ]];then
- case $prev in
- action|actionproperties|actionmethods)
- COMPREPLY=( $(compgen -W "$(__fail2ban_jail_actions "$1" "$jail")" -- "$cur" ) )
- return 0
- ;;
- esac
- elif [[ -n "$jail" && "$cmd" == "set" ]];then
- case $prev in
- addlogpath)
- _filedir
- return 0
- ;;
- dellogpath|delignoreip)
- COMPREPLY=( $( compgen -W \
- "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \
- -- "$cur" ) )
- if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then
- _filedir
- fi
- return 0
- ;;
- delfailregex|delignoreregex)
- COMPREPLY=( $( compgen -W \
- "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \
- -- "$cur" ) )
- return 0
- ;;
- unbanip)
- COMPREPLY=( $( compgen -W \
- "$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \
- -- "$cur" ) )
- return 0
- ;;
- idle)
- COMPREPLY=( $( compgen -W "on off" -- "$cur" ) )
- return 0
- ;;
- usedns)
- COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) )
- return 0
- ;;
- esac
- fi
-
- fi # fail2ban-client
-} &&
-complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex
+++ /dev/null
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Author: Cyril Jaquier
-#
-# $Revision$
-
-# Command line options for Fail2Ban. Refer to "fail2ban-client -h" for
-# valid options.
-FAIL2BAN_OPTS=""
-
-# Run fail2ban as a different user. If not set, fail2ban
-# will run as root.
-#
-# The user is not created automatically.
-# The user can be created e.g. with
-# useradd --system --no-create-home --home-dir / --groups adm fail2ban
-# Log files are readable by group adm by default. Adding the fail2ban
-# user to this group allows it to read the logfiles.
-#
-# Another manual step that needs to be taken is to allow write access
-# for fail2ban user to fail2ban log files. The /etc/init.d/fail2ban
-# script will change the ownership when starting fail2ban. Logrotate
-# needs to be configured separately, see /etc/logrotate.d/fail2ban.
-#
-# FAIL2BAN_USER="fail2ban"
+++ /dev/null
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: fail2ban
-# Required-Start: $local_fs $remote_fs
-# Required-Stop: $local_fs $remote_fs
-# Should-Start: $time $network $syslog $named iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm ufw
-# Should-Stop: $network $syslog $named iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm ufw
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Start/stop fail2ban
-# Description: Start/stop fail2ban, a daemon scanning the log files and
-# banning potential attackers.
-### END INIT INFO
-
-# Author: Aaron Isotton <aaron@isotton.com>
-# Modified: by Yaroslav Halchenko <debian@onerussian.com>
-# reindented + minor corrections + to work on sarge without modifications
-# Modified: by Glenn Aaldering <glenn@openvideo.nl>
-# added exit codes for status command
-# Modified: by Juan Karlo de Guzman <jkarlodg@gmail.com>
-# corrected the DAEMON's path and the SOCKFILE
-# rename this file: (sudo) mv /etc/init.d/fail2ban.init /etc/init.d/fail2ban
-# same with the logrotate file: (sudo) mv /etc/logrotate.d/fail2ban.logrotate /etc/logrotate.d/fail2ban
-#
-PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin
-DESC="authentication failure monitor"
-NAME=fail2ban
-
-# fail2ban-client is not a daemon itself but starts a daemon and
-# loads its with configuration
-DAEMON=/usr/bin/$NAME-client
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Ad-hoc way to parse out socket file name
-SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
- | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
-[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban.sock'
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Run as root by default.
-FAIL2BAN_USER=root
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-DAEMON_ARGS="$FAIL2BAN_OPTS"
-
-# Load the VERBOSE setting and other rcS variables
-[ -f /etc/default/rcS ] && . /etc/default/rcS
-
-# Predefine what can be missing from lsb source later on -- necessary to run
-# on sarge. Just present it in a bit more compact way from what was shipped
-log_daemon_msg () {
- [ -z "$1" ] && return 1
- echo -n "$1:"
- [ -z "$2" ] || echo -n " $2"
-}
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
-# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
-# so we must be ok
-. /lib/lsb/init-functions
-
-#
-# Shortcut function for abnormal init script interruption
-#
-report_bug()
-{
- echo $*
- echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
- exit 1
-}
-
-#
-# Helper function to check if socket is present, which is often left after
-# abnormal exit of fail2ban and needs to be removed
-#
-check_socket()
-{
- # Return
- # 0 if socket is present and readable
- # 1 if socket file is not present
- # 2 if socket file is present but not readable
- # 3 if socket file is present but is not a socket
- [ -e "$SOCKFILE" ] || return 1
- [ -r "$SOCKFILE" ] || return 2
- [ -S "$SOCKFILE" ] || return 3
- return 0
-}
-
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
- do_status && return 1
-
- if [ -e "$SOCKFILE" ]; then
- log_failure_msg "Socket file $SOCKFILE is present"
- [ "$1" = "force-start" ] \
- && log_success_msg "Starting anyway as requested" \
- || return 2
- DAEMON_ARGS="$DAEMON_ARGS -x"
- fi
-
- # Assure that /var/run/fail2ban exists
- [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
-
- if [ "$FAIL2BAN_USER" != "root" ]; then
- # Make the socket directory, IP lists and fail2ban log
- # files writable by fail2ban
- chown "$FAIL2BAN_USER" /var/run/fail2ban
- # Create the logfile if it doesn't exist
- touch /var/log/fail2ban.log
- chown "$FAIL2BAN_USER" /var/log/fail2ban.log
- find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
- fi
-
- start-stop-daemon --start --quiet --chuid "$FAIL2BAN_USER" --exec $DAEMON -- \
- $DAEMON_ARGS start > /dev/null\
- || return 2
-
- return 0
-}
-
-
-#
-# Function that checks the status of fail2ban and returns
-# corresponding code
-#
-do_status()
-{
- $DAEMON ping > /dev/null 2>&1
- return $?
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- $DAEMON status > /dev/null 2>&1 || return 1
- $DAEMON stop > /dev/null || return 2
-
- # now we need actually to wait a bit since it might take time
- # for server to react on client's stop request. Especially
- # important for restart command on slow boxes
- count=1
- while do_status && [ $count -lt 60 ]; do
- sleep 1
- count=$(($count+1))
- done
- [ $count -lt 60 ] || return 3 # failed to stop
-
- return 0
-}
-
-#
-# Function to reload configuration
-#
-do_reload() {
- $DAEMON reload > /dev/null && return 0 || return 1
- return 0
-}
-
-# yoh:
-# shortcut function to don't duplicate case statements and to don't use
-# bashisms (arrays). Fixes #368218
-#
-log_end_msg_wrapper()
-{
- if [ "$3" != "no" ]; then
- [ $1 -lt $2 ] && value=0 || value=1
- log_end_msg $value
- fi
-}
-
-command="$1"
-case "$command" in
- start|force-start)
- [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
- do_start "$command"
- log_end_msg_wrapper $? 2 "$VERBOSE"
- ;;
-
- stop)
- [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
- do_stop
- log_end_msg_wrapper $? 2 "$VERBOSE"
- ;;
-
- restart|force-reload)
- log_daemon_msg "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- log_end_msg_wrapper $? 1 "always"
- ;;
- *)
- # Failed to stop
- log_end_msg 1
- ;;
- esac
- ;;
-
- reload|force-reload)
- log_daemon_msg "Reloading $DESC" "$NAME"
- do_reload
- log_end_msg $?
- ;;
-
- status)
- log_daemon_msg "Status of $DESC"
- do_status
- case $? in
- 0) log_success_msg " $NAME is running" ;;
- 255)
- check_socket
- case $? in
- 1) log_failure_msg " $NAME is not running" && exit 3 ;;
- 0) log_failure_msg " $NAME is not running but $SOCKFILE exists" && exit 3 ;;
- 2) log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown" && exit 3 ;;
- 3) log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown" && exit 3 ;;
- *) report_bug "Unknown return code from $NAME:check_socket." && exit 4 ;;
- esac
- ;;
- *) report_bug "Unknown $NAME status code" && exit 4
- esac
- ;;
- *)
- echo "Usage: $SCRIPTNAME {start|force-start|stop|restart|force-reload|status}" >&2
- exit 3
- ;;
-esac
-
-:
+++ /dev/null
-/var/log/fail2ban.log {
-
- weekly
- rotate 4
- compress
-
- delaycompress
- missingok
- postrotate
- fail2ban-client flushlogs 1>/dev/null
- endscript
-
- # If fail2ban runs as non-root it still needs to have write access
- # to logfiles.
- # create 640 fail2ban adm
- create 640 root adm
-}
+++ /dev/null
-check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
- group services
- start program = "/etc/init.d/fail2ban force-start"
- stop program = "/etc/init.d/fail2ban stop"
- if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
- if 5 restarts within 5 cycles then timeout
-
-check file fail2ban_log with path /var/log/fail2ban.log
- if match "ERROR|WARNING" then alert
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
--- /dev/null
+../init.d/ufw
\ No newline at end of file
+++ /dev/null
-../init.d/ufw
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-/lib/systemd/system/fail2ban.service
\ No newline at end of file
+++ /dev/null
-/lib/systemd/system/unifi.service
\ No newline at end of file
projects / homeserver / commitdiff