Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Convert the PNG to SVG and use it for all sizes]S
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- I tested the changes with the VirtualBox image with a bridged network adapter.
After ten failed authentication attempts, my IP got blocked as expected.
- This setup uses apache's logs to filter the attempts. A wordpress
[plugin](https://wordpress.org/plugins/wp-fail2ban/) exists for redirecting the
logs to syslog, but that needs to be packaged.
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Drop logpath as logs are expected to go to journald]
[sunil: Update regex to match only failures and not successful logins]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- So that the new configuration file to disable
readme.html/xmlrpc.php/wp-cron.php takes effect.
Tests:
- Install wordpress without the security changes. Notice that the three URLs are
accessible. Apply the patch, run ./setup install and restart FreedomBox service.
Wordpress app is updated and the security changes take effect. The three URLs
are return forbidden response without manually restarting apache2.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2244.
This patch disabled xmlrpc.php functionality entirely. For interacting with
WordPress using app, the new REST API functionality is recommended. However, for
the Pingback API XML-RPC is still a necessity. If this is an important feature
for FreedomBox users, we intend to re-enable XML-RPC functionality in WordPress.
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2253
Tests:
- Build a package with this fix included for bullseye-backports
distribution.
- Install into FreedomBox stable system.
- Start dist-upgrade test.
- At the end of the test, wait for plinth to attempt upgrades, and
then confirm that firewalld was upgraded.
- Confirm that firewalld is running.
- Confirm that /etc/firewalld/firewalld.conf has DefaultZone=external.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Provides a Version class wrapper around apt_pkg.version_compare.
Replaces distutils.version which is deprecated.
Closes: #2261.
Tests:
- Install ejabberd.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Add two more version comparison tests]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
