mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
72d7a05ead
Closes: #2264. - Set apache-auth fail2ban jail's backend to read from journal instead of syslog. Tweak the regex matching to deal with the custom format. - Adjust the apache error log format to remove unnecessary timestamp. It causes problems for fail2ban regex matching. - There was an error in the earlier patch the make apache log into journald. Configuration for TLS sites still contained ErrorLog and CustomLog directives. Remove them. - There is also file with CustomLog directive that logs for other vhosts. - For some reason, for custom error log format, %T - thread ID did not work and had to switch to %{g}T global thread ID. - Added journalmatch to improve performance by matching the regular expressions against only specific journal entries. Tests: - In a container, apply the patch, run setup and start FreedomBox. Apache app is updated to new version. Apache web server is reloaded. The other-vhosts-access-log configuration is disabled. - On a production machine, remove the directives in freedombox-tls-site-macro.conf and disabling other-vhosts-access-log stopped the logging into /var/log/apache2/ directory. - Use TTRSS /tt-rss-app/ URL and type wrong credentials for 10 times. The client is banned for 10 minutes. Repeat after unban. Client is banned again. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>