wordpress: Update fail2ban filter

- Name of the jail has to be less than 29 characters for an iptables/nft chain
to be created.

- Make the regular expressions more specific to avoid matching incorrect fields
for <HOST>.

- Added journalmatch to improve performance by matching the regular expressions
against only specific journal entries.

Tests:

- Run setup.py, remove the old jail and filter files. Restart fail2ban and make
10 incorrect login attempts. The IP address gets banned for 10 minutes.

- Not run: Build new freedombox package and upgrade from older version to see
that old configuration files have been removed.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

debian/freedombox.maintscript

@@ -21,3 +21,5 @@ rm_conffile /etc/plinth/modules-enabled/mldonkey 22.4~
 rm_conffile /etc/apache2/conf-available/mldonkey-freedombox.conf 22.4~
 rm_conffile /etc/apache2/sites-available/plinth.conf 22.16~
 rm_conffile /etc/apache2/sites-available/plinth-ssl.conf 22.16~
+rm_conffile /etc/fail2ban/jail.d/wordpress-auth-freedombox.conf 22.22~
+rm_conffile /etc/fail2ban/filter.d/wordpress-auth-freedombox.conf 22.22~

plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf

@@ -1,2 +0,0 @@
-[Definition]
-failregex = .* <HOST> .* "POST /wordpress/wp-login.php HTTP/\S+" 200

plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-freedombox.conf

@@ -0,0 +1,7 @@
+[INCLUDES]
+before = common.conf
+
+[Definition]
+_daemon = apache-access
+prefregex = %(__prefix_line)s
+failregex = \S+ <HOST> - \S+ \[[^\]]*\] "POST /wordpress/wp-login.php HTTP/\S+" 200

plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf

@@ -1,3 +0,0 @@
-[wordpress-auth-freedombox]
-enabled = true
-filter = wordpress-auth-freedombox

plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-freedombox.conf

@@ -0,0 +1,4 @@
+[wordpress-freedombox]
+enabled = true
+filter = wordpress-freedombox
+journalmatch = SYSLOG_IDENTIFIER=apache-access