1,6 → 1,3 |
#!/bin/sh |
# $Id$ |
|
FAIL_CONF="/etc/fail2ban/fail2ban.conf" |
JAIL_CONF="/etc/fail2ban/jail.conf" |
DIR_FILTER="/etc/fail2ban/filter.d/" |
9,7 → 6,10 |
######################################################### |
## Mise à jour du fichier de configuration de fail2ban ## |
######################################################### |
[ -f $FAIL_CONF ] && [ ! -e $FAIL_CONF.default ] && mv $FAIL_CONF $FAIL_CONF.default |
if(test -f $FAIL_CONF) |
then |
mv $FAIL_CONF $FAIL_CONF.default |
fi |
cat << EOF > $FAIL_CONF |
|
[Definition] |
50,7 → 50,10 |
######################################################### |
## Mise à jour de la configuration de jail de fail2ban ## |
######################################################### |
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default |
if(test -f $JAIL_CONF) |
then |
mv $JAIL_CONF $JAIL_CONF.default |
fi |
cat << EOF > $JAIL_CONF |
|
# Fail2Ban configuration file |
108,7 → 111,6 |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/httpd/error_log |
/var/log/httpd/ssl_error_log |
maxretry = 2 |
|
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
122,13 → 124,13 |
maxretry = 3 |
|
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC) |
[alcasar_acc-htdigest] |
[alcasar_htdigest] |
|
enabled = true |
#enabled = false |
filter = alcasar_acc-htdigest |
action = iptables-allports[name=alcasar_acc-htdigest] |
logpath = /var/log/httpd/ssl_error_log |
filter = alcasar_htdigest |
action = iptables-allports[name=alcasar_htdigest] |
logpath = /var/log/httpd/ssl_request_log |
maxretry = 5 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
157,9 → 159,9 |
################################################## |
## Mise en place des filtres spécifiques ## |
## - Mod_evasive.conf ## |
## - acc-htdigest.conf ## |
## - htdigest.conf ## |
## - intercept.conf ## |
## - change-pwd.conf ## |
## - mot de passe ## |
################################################## |
|
###################### |
180,7 → 182,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration |
failregex = [[]client <HOST>[]] client denied by server configuration |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
189,10 → 191,10 |
ignoreregex = |
EOF |
|
####################### |
## ACC-HTDIGEST.CONF ## |
####################### |
cat << EOF > $DIR_FILTER/alcasar_acc-htdigest.conf |
################### |
## HTDIGEST.CONF ## |
################### |
cat << EOF > $DIR_FILTER/alcasar_htdigest.conf |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
207,7 → 209,8 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\) |
#failregex = [[]error[]] [[]client <HOST>[]] Digest: |
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972 |
|
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
|
236,7 → 239,8 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject |
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
245,9 → 249,9 |
ignoreregex = |
EOF |
|
##################### |
## CHANGE-PWD.CONF ## |
##################### |
####################### |
## MOT_DE_PASSE.CONF ## |
####################### |
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf |
|
# Fail2Ban configuration file |
264,7 → 268,8 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"POST \/pass |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP |
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169 |
|
|
# Option: ignoreregex |
277,7 → 282,10 |
############################################## |
## Log sur ULOG quand iptables-allports ## |
############################################## |
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
if ( test -f $ACTION_ALLPORTS ) |
then |
mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
fi |
cat << EOF > $ACTION_ALLPORTS |
# Fail2Ban configuration file |
# |
319,7 → 327,7 |
# Values: CMD |
|
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP" |
iptables -I fail2ban-<name> 1 -s <ip> -j DROP |
iptables -I fail2ban-<name> 1 -s <ip> -j DROP |
|
# Option: actionunban |
# Notes.: command executed when unbanning an IP. Take care that the |
330,7 → 338,7 |
# Values: CMD |
# |
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP |
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP" |
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP" |
|
[Init] |
|
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:keywords |
-Id |
\ No newline at end of property |