diff --git a/install.sh b/install.sh index f02a8d6..c02ea7e 100644 --- a/install.sh +++ b/install.sh @@ -584,6 +584,19 @@ systemctl enable fail2ban >> "$LOG" 2>&1 systemctl restart fail2ban >> "$LOG" 2>&1 log "Fail2Ban configured" +# ── Sudoers for NovaCPX panel (www-data needs root for firewall/opendkim) ──── +cat > /etc/sudoers.d/novacpx-firewall < /etc/cron.d/novacpx <&1'); return trim($out ?: ''); } @@ -310,7 +312,7 @@ switch ($action) { // ── Fail2Ban: restart ───────────────────────────────────────────────── case 'f2b-restart': - $out = fw_exec('systemctl restart fail2ban 2>&1'); + $out = fw_exec('sudo systemctl restart fail2ban 2>&1'); audit('firewall.f2b-restart', 'fail2ban'); Response::success(['output' => $out], 'Fail2Ban restarted'); break;