-
Notifications
You must be signed in to change notification settings - Fork 15
/
manifest.jps
172 lines (157 loc) · 5.59 KB
/
manifest.jps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Fail2Ban
id: fail2ban
version: 0.9.6
type: update
jpsVersion: '0.8'
categories:
- apps/others
- apps/management-and-monitoring
description: Fail2Ban scans log files like and bans IP addresses that make too many
password failures. It updates firewall rules to reject the IP address. These rules
can be defined by the user. Fail2Ban can read multiple log files such as sshd or
Apache Web server ones.
settings:
removeSettings:
fields:
- caption: Banned IP
name: bannedip
required: true
type: string
regex: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
regexText: Not valid IP address.
homepage: http://www.fail2ban.org/
logo: /images/Fail2Ban.png
baseUrl: https://raw.githubusercontent.com/jelastic-jps/fail2ban/master/
targetNodes:
nodeType:
- tomcat6
- tomcat7
- tomcat8
- tomcat85
- tomcat9
- tomcat
- tomee
- tomee-dockerized
- glassfish3
- glassfish4
- glassfish
- jetty6
- apache
- apache2
- nginxphp
- apache2-ruby
- nginx-ruby
- nginx
- nginx-dockerized
- nginxphp-dockerized
- haproxy
- apache-lb
- varnish
- varnish-dockerized
globals:
installScript: "${baseUrl}/scripts/install.sh"
setupScript: "${baseUrl}/scripts/setup.sh"
removeScript: "${baseUrl}/scripts/remove.sh"
documentationLink: http://www.fail2ban.org/wiki/index.php/Manual
txtPath: /var/lib/jelastic/keys/bannedip.txt
menu:
- caption: Service Status
confirmText: You are going to check Fail2Ban service status. Continue?
loadingText: Checking..
procedure: statusFail2ban
- caption: Service Restart
confirmText: You are going to restart Fail2Ban. Continue?
loadingText: Restarting..
procedure: restartFail2ban
successText: Fail2Ban was restarted.
- caption: Service Stop
confirmText: You are going to stop Fail2Ban. Continue?
loadingText: Stopping..
procedure: stopFail2ban
successText: Fail2Ban was stopped.
buttons:
- caption: Check if IP is banned
confirmText: You are going to check if the IP is banned. Continue?
loadingText: Checking..
procedure: checkIP
settings: removeSettings
successText: The IP was removed.
- caption: Unban IP
confirmText: You are going to remove the IP from the Ban list. Continue?
loadingText: Performing the IP removing..
procedure: removeIP
settings: removeSettings
successText: The IP was removed.
onInstall:
- installFail2ban
- setupFail2ban
onUninstall: removeFail2Ban
onBeforeRedeployContainer [${targetNodes.nodeGroup}]: removeFail2Ban
onAfterRedeployContainer [${targetNodes.nodeGroup}]:
- installFail2ban
- setupFail2ban
- cmd [${targetNodes.nodeGroup}]: cat ${globals.txtPath}
- removeIP:
bannedip: ${response.out}
actions:
removeIP:
- cmd [${targetNodes.nodeGroup}]: echo '${this.bannedip}' > /var/lib/jelastic/keys/bannedip.txt; for jail in $(fail2ban-client status | awk -F 'Jail list:' '{ print $2}' | grep -oE '[a-z0-9\-]*'); do fail2ban-client set $jail unbanip ${this.bannedip} 2>&1 | echo '${this.bannedip} was unbanned at '$jail; done
user: root
- message: ${response.out}.
script: |
return {result: 'info', message: message.replace(/\n/g, ' \n')}
checkIP:
- cmd [${targetNodes.nodeGroup}]: echo -n "${this.bannedip} "; list="$(fail2ban-client banned ${this.bannedip} | grep -v '[[]]')"; if [ $? -ne 0 ]; then echo "is not banned"; else echo "is banned in ${list}";fi;
user: root
- message: ${response.out}.
script: |
return {result: 'info', message: message.replace(/\n/g, ' \n')}
installFail2ban:
cmd [${targetNodes.nodeGroup}]:
- curl -sSfL "${globals.installScript}" -o /var/lib/jelastic/keys/install.sh 2>&1
- "/bin/bash /var/lib/jelastic/keys/install.sh"
- curl -sSfL "${baseUrl}/scripts/sudo_fail2ban" -o /etc/sudoers.d/fail2ban
- chmod 640 /etc/sudoers.d/fail2ban;
- curl -fsSL '${baseUrl}/scripts/profile_fail2ban' -o /etc/profile.d/fail2ban.sh;
- chown -R jelastic /etc/fail2ban
user: root
setupFail2ban:
cmd [${targetNodes.nodeGroup}]:
- curl -sSfL "${globals.setupScript}" -o /var/lib/jelastic/keys/setup.sh 2>&1
- /bin/bash /var/lib/jelastic/keys/setup.sh "${user.email}" "${baseUrl}"
user: root
removeFail2Ban:
cmd [${targetNodes.nodeGroup}]:
- curl -sSfL "${globals.removeScript}" -o /var/lib/jelastic/keys/remove.sh 2>&1
- "/bin/bash /var/lib/jelastic/keys/remove.sh"
- rm -f /etc/sudoers.d/fail2ban /etc/profile.d/fail2ban.sh
user: root
restartFail2ban:
- cmd [${targetNodes.nodeGroup}]:
- systemctl restart fail2ban 2>/dev/null 1>/dev/null
- systemctl is-active fail2ban
- echo -n ""
user: root
- message: Fail2Ban was restarted. Service is ${response.out}.
script: |
return {result: 'success', message: message.replace(/\n/g, ' \n')}
stopFail2ban:
- cmd [${targetNodes.nodeGroup}]:
- systemctl stop fail2ban 2>/dev/null 1>/dev/null
- systemctl is-active fail2ban
- echo -n ""
user: root
- message: Fail2Ban was stopped. Service is ${response.out}.
script: |
return {result: 'success', message: message.replace(/\n/g, ' \n')}
statusFail2ban:
- cmd [${targetNodes.nodeGroup}]:
- systemctl is-active fail2ban
- echo -n ""
user: root
- message: Fail2Ban service is ${response.out}.
script: |
return {result: 'success', message: message.replace(/\n/g, ' \n')}
success: Addon was successufully installed with default Jelastic configuration. If
you desire to set custom behaviour for your environment - please please refer to
[documentation](${globals.documentationLink})