github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action

pull/3117/head
sebres 2021-02-24 18:21:42 +01:00
parent 6f4b6ec8cc
commit 63acc862b1
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config/action.d/nginx-block-map.conf
View File

@ -84,8 +84,15 @@ srv_cfg_path = /etc/nginx/
#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf #srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
srv_cmd = nginx srv_cmd = nginx
# first test configuration is correct, hereafter send reload signal: # pid file (used to check nginx is running):
blck_lst_reload = %(srv_cmd)s -qt; if [ $? -eq 0 ]; then srv_pid = /run/nginx.pid
# command used to check whether nginx is running and configuration is valid:
srv_is_running = [ -f "%(srv_pid)s" ]
srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt
# first test nginx is running and configuration is correct, hereafter send reload signal:
blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then
%(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi; %(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
fi; fi;

4
fail2ban/tests/fail2banclienttestcase.py
View File

@ -1281,7 +1281,7 @@ class Fail2banServerTest(Fail2banClientServerBase):
'backend = polling', 'backend = polling',
'usedns = no', 'usedns = no',
'logpath = %(tmp)s/blck-failures.log', 'logpath = %(tmp)s/blck-failures.log',
'action = nginx-block-map[blck_lst_reload="", blck_lst_file="%(tmp)s/blck-lst.map"]', 'action = nginx-block-map[srv_cmd="echo nginx", srv_pid="%(tmp)s/f2b.pid", blck_lst_file="%(tmp)s/blck-lst.map"]',
' blocklist_de[actionban=\'curl() { echo "*** curl" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", ' ' blocklist_de[actionban=\'curl() { echo "*** curl" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", '
'apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]', 'apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]',
'filter =', 'filter =',
@ -1321,6 +1321,8 @@ class Fail2banServerTest(Fail2banClientServerBase):
self.assertIn('\\125-000-004 1;\n', mp) self.assertIn('\\125-000-004 1;\n', mp)
self.assertIn('\\125-000-005 1;\n', mp) self.assertIn('\\125-000-005 1;\n', mp)
# check nginx reload is logged (pid of fail2ban is used to simulate success check nginx is running):
self.assertLogged("stdout: 'nginx -qt'", "stdout: 'nginx -s reload'", all=True)
# check blocklist_de substitution (e. g. new-line after <matches>): # check blocklist_de substitution (e. g. new-line after <matches>):
self.assertLogged( self.assertLogged(
"stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost>" "stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost>"