Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2864 → Rev 2865

/alcasar.sh
1366,7 → 1366,9
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
chown -R clamav:clamav /var/log/clamav /var/lib/clamav
$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
$SED "s?^TemporaryDirectory.*?TemporaryDirectory /var/lib/e2guardian/tmp?g" /etc/clamd.conf
chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
chmod 775 /var/log/clamav /var/lib/clamav
chmod 664 /var/log/clamav/*
# update virus database every 4 hours (24h/6)
1373,6 → 1375,7
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
# update now
1963,9 → 1966,9
/etc/pki/CA/private/* root.root 600 force
/etc/pki/tls/private/ root.apache 750 force
/etc/pki/tls/private/* root.apache 640 force
/var/log/clamav/ clamav.clamav 755 force
/var/log/clamav/* clamav.clamav 764 force
/var/lib/clamav/ clamav.clamav 755 force
/var/log/clamav/ e2guardian.e2guardian 755 force
/var/log/clamav/* e2guardian.e2guardian 764 force
/var/lib/clamav/ e2guardian.e2guardian 755 force
EOF
# apply now hourly & daily checks
/usr/sbin/msec
/conf/fail2ban.sh
18,14 → 18,11
 
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
 
[DEFAULT]
 
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8
 
# "bantime" is the number of seconds that a host is banned.
bantime = 180
 
127,7 → 124,6
# Adapted by ALCASAR team
 
[Definition]
 
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
134,13 → 130,9
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> .+\] "[^"]+" 403
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF
 
154,7 → 146,6
# Adapted by ALCASAR team
 
[Definition]
 
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
161,15 → 152,9
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> .+\] "[^"]+" 401
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF
 
183,7 → 168,6
# Adapted by ALCASAR team
 
[Definition]
 
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
190,13 → 174,9
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF
 
211,7 → 191,6
# Adapted by ALCASAR team
 
[Definition]
 
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
218,13 → 197,8
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> .* \"POST \/password\.php
 
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF
/scripts/alcasar-urpmi.sh
121,6 → 121,8
echo "/^kernel/" > /etc/urpmi/skip.list
echo "/^freeradius/" >> /etc/urpmi/skip.list
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
echo "/^clamd/" >> /etc/urpmi/skip.list
echo "/^clamav/" >> /etc/urpmi/skip.list
# download the kernel used by ALCASAR
if [ $Lang == "fr" ]
then
/web/acc/manager/htdocs/security.php
11,15 → 11,30
$l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)";
$l_virus = "Virus bloqué(s) (CLAMAV)";
$l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)";
$l_ban_date = "Date de bloquage";
$l_unban_date = "Date de débloquage";
$l_ipAddress="Adresse IP";
$l_user = "L'utilisateur";
$l_empty="Vide";
$l_rule="Règle";
} else if ($language === 'es') {
$l_title = 'Seguridad';
$l_spoofing = "Direcciones MAC usurpadas (Watchdog)";
$l_virus = "Virus bloqueado (CLAMAV)";
$l_fail2ban = "Dirección(es) IP bloqueada(s) (Fail2Ban)";
$l_ban_date = "Fecha de bloqueo";
$l_unban_date = "Fecha de desembolso";
$l_ipAddress="Dirección ip";
$l_user = "El usuario";
$l_empty="Vacío";
$l_rule="Regla";
} else {
$l_title = 'Security';
$l_spoofing = "MAC address spoofed (Watchdog)";
$l_virus = "Virus blocked (CLAMAV)";
$l_fail2ban = "IP address blocked (Fail2Ban)";
$l_ban_date = "Lock date";
$l_unban_date = "Unlock date";
$l_ipAddress="IP address";
$l_user = "User";
$l_empty="Empty";
54,6 → 69,7
if ($file) {
while (!feof($file)) {
$line = fgets($file);
 
if (preg_match($regex, $line, $matches)) {
if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) {
$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s');
125,12 → 141,11
<?php
} else if ($tab === 3) {
$bans = [];
$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: NOTICE \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/';
$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}[ \t]+[0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3}[ \t]+fail2ban\.actions[ \t]+\[[0-9]+\]:[ \t]+NOTICE[ \t]+\[(?P<rule>[a-zA-Z0-9_-]+)\][ \t]+(?P<type>Ban|Unban)[ \t]+(?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/';
$file = fopen('/var/log/fail2ban.log', 'r');
if ($file) {
while (!feof($file)) {
$line = fgets($file);
 
if (preg_match($regex, $line, $matches)) {
if ($matches['type'] === 'Ban') {
$bans[] = (object) [
158,10 → 173,10
<table class="table table-striped table-hover" border="1">
<tr >
<th>
Date
<?= $l_ban_date ?>
</th>
<th>
Date Unban
<?= $l_unban_date ?>
</th>
<th>
<?= $l_rule ?>