security: Ensure that fail2ban is not re-enabled on version increment

Tests:

- Disable fail2ban. When version number of the app is incremented, setup is run,
fail2ban is reloaded but fail2ban is not enabled after setup.

- Disable fail2ban. When app is uninstalled and FreedomBox is run, setup is
performed and fail2ban is enabled.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>

plinth/modules/security/__init__.py

@@ -59,7 +59,10 @@ class SecurityApp(app_module.App):
 def setup(helper, old_version=None):
     """Install the required packages"""
     helper.install(managed_packages)
-    setup_fail2ban()
+    if not old_version:
+        enable_fail2ban()
+
+    actions.superuser_run('service', ['reload', 'fail2ban'])
 
     # Migrate to new config file.
     enabled = get_restricted_access_enabled()
@@ -68,10 +71,9 @@ def setup(helper, old_version=None):
         set_restricted_access(True)
 
 
-def setup_fail2ban():
+def enable_fail2ban():
     actions.superuser_run('service', ['unmask', 'fail2ban'])
     actions.superuser_run('service', ['enable', 'fail2ban'])
-    actions.superuser_run('service', ['reload', 'fail2ban'])
 
 
 def get_restricted_access_enabled():