From fcd99098414086fe7a7bedef9a03a0dc85b9a6ad Mon Sep 17 00:00:00 2001 From: Ivan Filonenko <40829475+SpeedyGonzaless@users.noreply.github.com> Date: Fri, 11 Jul 2025 17:02:42 +0200 Subject: [PATCH] fix(fail2ban): configure logrotate only when Fail2Ban is enabled (#4523) Co-authored-by: Casper --- CHANGELOG.md | 2 ++ target/scripts/startup/setup.d/security/misc.sh | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c17b0d15..7f57f773 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ All notable changes to this project will be documented in this file. The format ### Fixes - **DKIM** - `setup config dkim domain subdomain.example.com` no longer throws an error if the owner of config/opendkim/keys does not exist in the container ([#4517](https://github.com/docker-mailserver/docker-mailserver/pull/4517)) +- **Fail2Ban** + - Configure logrotate only when Fail2Ban is enabled ([#4493](https://github.com/docker-mailserver/docker-mailserver/pull/4523)) - **Internal:** - The DMS _Config Volume_ (`/tmp/docker-mailserver`) will now ensure it's file tree is accessible for services when the volume was created with missing executable bit ([#4487](https://github.com/docker-mailserver/docker-mailserver/pull/4487)) - Removed the build-time hostname workaround for Postfix as Debian has since patched their post-install script ([#4493](https://github.com/docker-mailserver/docker-mailserver/pull/4493)) diff --git a/target/scripts/startup/setup.d/security/misc.sh b/target/scripts/startup/setup.d/security/misc.sh index 87ed85b6..a56fecb5 100644 --- a/target/scripts/startup/setup.d/security/misc.sh +++ b/target/scripts/startup/setup.d/security/misc.sh @@ -202,13 +202,14 @@ function __setup__security__fail2ban() { fi echo '[Definition]' >/etc/fail2ban/filter.d/custom.conf + + _log 'trace' 'Configuring fail2ban logrotate rotate count and interval' + [[ ${LOGROTATE_COUNT} -ne 4 ]] && sedfile -i "s|rotate 4$|rotate ${LOGROTATE_COUNT}|" /etc/logrotate.d/fail2ban + [[ ${LOGROTATE_INTERVAL} != "weekly" ]] && sedfile -i "s|weekly$|${LOGROTATE_INTERVAL}|" /etc/logrotate.d/fail2ban else _log 'debug' 'Fail2Ban is disabled' rm -f /etc/logrotate.d/fail2ban fi - _log 'trace' 'Configuring fail2ban logrotate rotate count and interval' - [[ ${LOGROTATE_COUNT} -ne 4 ]] && sedfile -i "s|rotate 4$|rotate ${LOGROTATE_COUNT}|" /etc/logrotate.d/fail2ban - [[ ${LOGROTATE_INTERVAL} != "weekly" ]] && sedfile -i "s|weekly$|${LOGROTATE_INTERVAL}|" /etc/logrotate.d/fail2ban } function __setup__security__amavis() {