nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-13 10:30:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Ensure that fail2ban is not re-enabled on version increment

Browse Source 
Tests:

- Disable fail2ban. When version number of the app is incremented, setup is run,
fail2ban is reloaded but fail2ban is not enabled after setup.

- Disable fail2ban. When app is uninstalled and FreedomBox is run, setup is
performed and fail2ban is enabled.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This commit is contained in:
Sunil Mohan Adapa 2021-02-14 18:04:52 -08:00
parent 252d69f465
commit 69d4a65c00
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plinth/modules/security/__init__.py
View File

@ -59,7 +59,10 @@ class SecurityApp(app_module.App):
def setup(helper, old_version=None):
"""Install the required packages"""
helper.install(managed_packages)
setup_fail2ban()
if not old_version:
enable_fail2ban()
actions.superuser_run('service', ['reload', 'fail2ban'])
# Migrate to new config file.
enabled = get_restricted_access_enabled()
@ -68,10 +71,9 @@ def setup(helper, old_version=None):
set_restricted_access(True)
def setup_fail2ban():
def enable_fail2ban():
actions.superuser_run('service', ['unmask', 'fail2ban'])
actions.superuser_run('service', ['enable', 'fail2ban'])
actions.superuser_run('service', ['reload', 'fail2ban'])
def get_restricted_access_enabled():