Remove f2b logrotate if service is disabled. Sanity check tarball.

2026-03-23 00:05:28 +08:00 · 2023-02-12 12:31:21 +00:00 · 2023-02-12 12:31:21 +00:00 · 5c921503cd
commit 5c921503cd
parent 3892ce009c
3 changed files with 12 additions and 0 deletions
--- a/root/etc/cont-init.d/98-crowdsec
+++ b/root/etc/cont-init.d/98-crowdsec
@ -32,6 +32,11 @@ curl -so \

 mkdir -p /tmp/crowdsec

+if ! tar -tzf /crowdsec.tar.gz >/dev/null 2>&1; then
+    echo "**** Invalid tarball, could not download crowdsec bouncer ****"
+    exit 1
+fi
+
 tar xf \
    /tmp/crowdsec.tar.gz -C \
    /tmp/crowdsec --strip-components=1
@ -93,6 +98,7 @@ rm -rf \
 if [[ $CROWDSEC_F2B_DISABLE == "true" ]]; then
    echo "**** Disabling fail2ban Service ****"
    touch /etc/services.d/fail2ban/down
+    rm -rf /etc/logrotate.d/fail2ban
 fi

 echo "**** Successfully configured CrowdSec nginx Bouncer ${CROWDSEC_VERSION} ****"
--- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec-f2b/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec-f2b/run
@ -5,4 +5,5 @@
 if [[ ${CROWDSEC_F2B_DISABLE,,} == "true" ]]; then
    echo "**** Disabling fail2ban Service ****"
    s6-svc -d /run/service/svc-fail2ban
+    rm -rf /etc/logrotate.d/fail2ban
 fi
--- a/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-mod-swag-crowdsec/run
@ -32,6 +32,11 @@ curl -so \

 mkdir -p /tmp/crowdsec

+if ! tar -tzf /crowdsec.tar.gz >/dev/null 2>&1; then
+    echo "**** Invalid tarball, could not download crowdsec bouncer ****"
+    exit 1
+fi
+
 tar xf \
    /tmp/crowdsec.tar.gz -C \
    /tmp/crowdsec --strip-components=1