From 9e2fd98848ba094f1ab7dcbdb160fbbd5e07097a Mon Sep 17 00:00:00 2001
From: dkoao <dkoao@example.com>
Date: Thu, 26 Sep 2019 03:20:24 +0000
Subject: [PATCH] check if the user didn't want to install Nextcloud

---
 conf/fail2ban/jails_no_nextcloud.conf | 70 +++++++++++++++++++++++++++
 setup/system.sh                       | 18 +++++--
 2 files changed, 84 insertions(+), 4 deletions(-)
 create mode 100644 conf/fail2ban/jails_no_nextcloud.conf

diff --git a/conf/fail2ban/jails_no_nextcloud.conf b/conf/fail2ban/jails_no_nextcloud.conf
new file mode 100644
index 00000000..0213ea7b
--- /dev/null
+++ b/conf/fail2ban/jails_no_nextcloud.conf
@@ -0,0 +1,70 @@
+# Fail2Ban configuration file for Mail-in-a-Box. Do not edit.
+# This file is re-generated on updates.
+
+[DEFAULT]
+# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
+# ping services over the public interface so we should whitelist that address of
+# ours too. The string is substituted during installation.
+ignoreip = 127.0.0.1/8 PUBLIC_IP
+
+[dovecot]
+enabled = true
+filter  = dovecotimap
+logpath = /var/log/mail.log
+findtime = 30
+maxretry = 20
+
+[miab-management]
+enabled = true
+filter = miab-management-daemon
+port = http,https
+logpath = /var/log/syslog
+maxretry = 20
+findtime = 30
+
+[miab-munin]
+enabled  = true
+port     = http,https
+filter   = miab-munin
+logpath  = /var/log/nginx/access.log
+maxretry = 20
+findtime = 30
+
+[miab-postfix587]
+enabled  = true
+port     = 587
+filter   = miab-postfix-submission
+logpath  = /var/log/mail.log
+maxretry = 20
+findtime = 30
+
+[miab-roundcube]
+enabled  = true
+port     = http,https
+filter   = miab-roundcube
+logpath  = /var/log/roundcubemail/errors
+maxretry = 20
+findtime = 30
+
+[recidive]
+enabled  = true
+maxretry = 10
+action   = iptables-allports[name=recidive]
+# In the recidive section of jail.conf the action contains:
+#
+# action   = iptables-allports[name=recidive]
+#            sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
+#
+# The last line on the action will sent an email to the configured address. This mail will
+# notify the administrator that someone has been repeatedly triggering one of the other jails.
+# By default we don't configure this address and no action is required from the admin anyway.
+# So the notification is ommited. This will prevent message appearing in the mail.log that mail
+# can't be delivered to fail2ban@$HOSTNAME.
+
+[postfix-sasl]
+enabled  = true
+
+[sshd]
+enabled = true
+maxretry = 7
+bantime = 3600
diff --git a/setup/system.sh b/setup/system.sh
index ccc60231..895ce0ae 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -340,10 +340,20 @@ systemctl restart systemd-resolved
 # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
 rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
 rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
-cat conf/fail2ban/jails.conf \
-	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
-	| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
-	> /etc/fail2ban/jail.d/mailinabox.conf
+
+if [ ${DISABLE_NEXTCLOUD} != "1"]; then
+
+	cat conf/fail2ban/jails.conf \
+		| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
+		| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
+		> /etc/fail2ban/jail.d/mailinabox.conf
+else
+	cat conf/fail2ban/jails_no_nextcloud.conf \
+		| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
+		| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
+		> /etc/fail2ban/jail.d/mailinabox.conf
+fi	
+
 cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
 
 # On first installation, the log files that the jails look at don't all exist.