From 69d4a65c003f682fff0bfe918169dff1629a1f1d Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sun, 14 Feb 2021 18:04:52 -0800 Subject: [PATCH] security: Ensure that fail2ban is not re-enabled on version increment Tests: - Disable fail2ban. When version number of the app is incremented, setup is run, fail2ban is reloaded but fail2ban is not enabled after setup. - Disable fail2ban. When app is uninstalled and FreedomBox is run, setup is performed and fail2ban is enabled. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- plinth/modules/security/__init__.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/plinth/modules/security/__init__.py b/plinth/modules/security/__init__.py index 0f98425f2..0432290ce 100644 --- a/plinth/modules/security/__init__.py +++ b/plinth/modules/security/__init__.py @@ -59,7 +59,10 @@ class SecurityApp(app_module.App): def setup(helper, old_version=None): """Install the required packages""" helper.install(managed_packages) - setup_fail2ban() + if not old_version: + enable_fail2ban() + + actions.superuser_run('service', ['reload', 'fail2ban']) # Migrate to new config file. enabled = get_restricted_access_enabled() @@ -68,10 +71,9 @@ def setup(helper, old_version=None): set_restricted_access(True) -def setup_fail2ban(): +def enable_fail2ban(): actions.superuser_run('service', ['unmask', 'fail2ban']) actions.superuser_run('service', ['enable', 'fail2ban']) - actions.superuser_run('service', ['reload', 'fail2ban']) def get_restricted_access_enabled():