Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2867 → Rev 2868

/alcasar.sh
657,6 → 657,7
EOF
fi
# write INTIF (consultation LAN) in normal mode
cp -f /etc/sysconfig/network-scripts/ifcfg-$INTIF /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
DEVICE=$INTIF
BOOTPROTO=static
668,7 → 669,6
ACCOUNTING=no
USERCTL=no
EOF
cp -f /etc/sysconfig/network-scripts/ifcfg-$INTIF /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
# write INTIF in bypass mode (see "alcasar-bypass.sh")
cat <<EOF > /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
DEVICE=$INTIF
1367,6 → 1367,10
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
[ -e /lib/systemd/system/clamav-daemon.socket.default ] || cp /lib/systemd/system/clamav-daemon.socket /lib/systemd/system/clamav-daemon.socket.default
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /lib/systemd/system/clamav-daemon.socket
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /lib/systemd/system/clamav-daemon.socket
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
1424,7 → 1428,7
nfsen()
{
groupadd -f nfcapd
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
id -u nfcapd >/dev/null 2>&1 || useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
# nfcapd unit for systemd
cat << EOF > /lib/systemd/system/nfcapd.service
# This file is part of systemd.
1838,31 → 1842,33
########################################################################
fail2ban()
{
# adapt fail2ban.conf to Mageia (fedora like) & ALCASAR behaviour
# adapt fail2ban to Mageia (fedora like) & ALCASAR behaviour
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf
$SED "s?^bantime =.*?bantime = 3m?g" /etc/fail2ban/jail.conf
$SED "s?^findtime =.*?findtime = 5m?g" /etc/fail2ban/jail.conf
 
# add 5 jails and their filters
## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/01alcasar_sshd.conf
cat << EOF > /etc/fail2ban/jail.d/01-alcasar_sshd.conf
[sshd]
enabled = true
#enabled = false
maxretry = 3
bantime = 3m
findtime = 5m
EOF
 
## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/02alcasar_lighttpd-auth.conf
cat << EOF > /etc/fail2ban/jail.d/02-alcasar_lighttpd-auth.conf
[lighttpd-auth]
enabled = true
#enabled = false
maxretry = 3
bantime = 3m
findtime = 3m
EOF
 
## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page)
cat << EOF > /etc/fail2ban/jail.d/03alcasar_mod-evasive.conf
cat << EOF > /etc/fail2ban/jail.d/03-alcasar_mod-evasive.conf
[alcasar_mod-evasive]
#enabled = true
enabled = false
1871,6 → 1877,8
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/lighttpd/access.log
maxretry = 3
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
[Definition]
1879,7 → 1887,7
EOF
 
### alcasar_intercept : ban after 5 failed user login attemps on intercept.php
cat << EOF > /etc/fail2ban/jail.d/04alcasar_intercept.conf
cat << EOF > /etc/fail2ban/jail.d/04-alcasar_intercept.conf
[alcasar_intercept]
enabled = true
#enabled = false
1888,6 → 1896,9
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/lighttpd/access.log
maxretry = 5
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
[Definition]
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
1895,7 → 1906,7
EOF
 
## alcasar_change-pwd : ban after 5 failed user change password attempts
cat << EOF > /etc/fail2ban/jail.d/05alcasar_change-pwd.conf
cat << EOF > /etc/fail2ban/jail.d/05-alcasar_change-pwd.conf
[alcasar_change-pwd]
enabled = true
#enabled = false
1904,6 → 1915,8
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/lighttpd/access.log
maxretry = 5
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf
[Definition]
1933,7 → 1946,7
{
# Create 'gammu' system user
groupadd -f gammu_smsd
useradd --system -g gammu_smsd -s /bin/false -c "system user for gammu_smsd" gammu_smsd
useradd -r -g gammu_smsd -s /bin/false -c "system user for gammu_smsd" gammu_smsd
usermod -a -G dialout gammu_smsd
 
# Create 'gammu' database