added dedicated documentation about tools for admins

This commit is contained in:
Tobias Diekershoff 2018-05-09 18:52:11 +02:00
parent 1823b86589
commit 03743184a8
3 changed files with 78 additions and 0 deletions

View file

@ -34,6 +34,7 @@ Friendica Documentation and Resources
* [Using SSL with Friendica](help/SSL) * [Using SSL with Friendica](help/SSL)
* [Config values that can only be set in .htconfig.php](help/htconfig) * [Config values that can only be set in .htconfig.php](help/htconfig)
* [Improve Performance](help/Improve-Performance) * [Improve Performance](help/Improve-Performance)
* [Administration Tools](help/tools)
**Developer Manual** **Developer Manual**

View file

@ -36,6 +36,7 @@ Friendica - Dokumentation und Ressourcen
* [Betreibe deine Seite mit einem SSL-Zertifikat](help/SSL) * [Betreibe deine Seite mit einem SSL-Zertifikat](help/SSL)
* [Konfigurationswerte, die nur in der .htconfig.php gesetzt werden können](help/htconfig) (EN) * [Konfigurationswerte, die nur in der .htconfig.php gesetzt werden können](help/htconfig) (EN)
* [Performance verbessern](help/Improve-Performance) * [Performance verbessern](help/Improve-Performance)
* [Administration Werkzeuge](help/tools) (EN)
**Dokumentation für Entwickler** **Dokumentation für Entwickler**

76
doc/tools.md Normal file
View file

@ -0,0 +1,76 @@
Admin Tools
===========
* [Home](help)
Friendica Tools
---------------
Friendica has a build in command console you can find in the *bin* directory.
The console provides the following commands:
* config: Edit site config
* createdoxygen: Generate Doxygen headers
* dbstructure: Do database updates
* docbloxerrorchecker: Check the file tree for DocBlox errors
* extract: Generate translation string file for the Friendica project (deprecated)
* globalcommunityblock: Block remote profile from interacting with this node
* globalcommunitysilence: Silence remote profile from global community page
* archivecontact: Archive a contact when you know that it isn't existing anymore
* help: Show help about a command, e.g (bin/console help config)
* autoinstall: Starts automatic installation of friendica based on values from htconfig.php
* maintenance: Set maintenance mode for this node
* newpassword: Set a new password for a given user
* php2po: Generate a messages.po file from a strings.php file
* po2php: Generate a strings.php file from a messages.po file
* typo: Checks for parse errors in Friendica files
Please consult *bin/console help* on the command line interface of your server for details about the commands.
3rd Party Tools
---------------
In addition to the tools Friendica includes, some 3rd party tools can make your admin days easier.
### Fail2ban
Fail2ban is an intrusion prevention framework ([see Wikipedia](https://en.wikipedia.org/wiki/Fail2ban)) that you can use to forbid access to a server under certain conditions, e.g. 3 failed attempts to log in, for a certain amount of time.
The following configuration was [provided](https://forum.friendi.ca/display/174591b4135ae40c1ad7e93897572454) by Steffen K9 using Debian.
You need to adjust the *logpath* in the *jail.local* file and the *bantime* (value is in seconds).
In */etc/fail2ban/jail.local* create a section for Friendica:
[friendica]
enabled = true
findtime = 300
bantime = 900
filter = friendica
port = http,https
logpath = /var/log/friend.log
logencoding = utf-8
And create a filter definition in */etc/fail2ban/filter.d/friendica.conf*:
[Definition]
failregex = ^.*Login\.php.*failed login attempt.*from IP <HOST>.*$
ignoreregex =
Additionally you have to define the number of failed logins before the ban should be activated.
This is done either in the global configuration or for each jail separately.
You should inform your users about the number of failed login attempts you grant them.
Otherwise you'll get many reports about the server not functioning if the number is too low.
### Log rotation
If you have activated the logs in Friendica, be aware that they can grow to a significant size.
To keep them in control you should add them to the automatic [log rotation](https://en.wikipedia.org/wiki/Log_rotation), e.g. using the *logrotate* command.
In */etc/logrotate.d/* add a file called *friendica* that contains the configuration.
The following will compress */var/log/friendica* (assuming this is the location of the log file) on a daily basis and keep 2 days of back-log.
/var/log/friendica.log {
compress
daily
rotate 2
}