From fd7bda7ce92bb96cbc8d9dac33b6f664acf24cb8 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sun, 14 Feb 2021 16:15:20 -0800
Subject: [PATCH] ssh, apache: Make fail2ban use systemd journald backend by
 default

- This allows disabling syslog daemons.

- Fall back to using file based monitoring for Apache.

Tests performed:

- Before and after the patch, connecting via SSH and typing in incorrect
password leads to a entry in fail2ban.log. 10 incorrect attempts result in a 10
minute ban.

- Before and after the patch, typing in incorrect password for radicale leads to
a entry in fail2ban.log. 10 incorrect attempts result in a 10 minute ban.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
---
 data/etc/fail2ban/jail.d/freedombox.conf                         | 1 +
 .../apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/data/etc/fail2ban/jail.d/freedombox.conf b/data/etc/fail2ban/jail.d/freedombox.conf
index 0a49d734e..5ea1fb55e 100644
--- a/data/etc/fail2ban/jail.d/freedombox.conf
+++ b/data/etc/fail2ban/jail.d/freedombox.conf
@@ -1,3 +1,4 @@
 [DEFAULT]
 # 10 tries in the last 10 minutes before banning for 10 minutes
 maxretry = 10
+backend = systemd
diff --git a/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf b/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
index 83b19ecee..9e20fb6dc 100644
--- a/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
+++ b/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
@@ -1,2 +1,3 @@
 [apache-auth]
 enabled = true
+backend = auto