Subversion Repositories ALCASAR

Rev

Rev 2487 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2487 Rev 2488
Line 1... Line 1...
1
#!/bin/sh
1
#!/bin/sh
2
# $Id: fail2ban.sh 2487 2018-02-25 12:49:14Z lucas.echard $
2
# $Id: fail2ban.sh 2488 2018-02-25 14:53:54Z lucas.echard $
3
 
3
 
4
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
4
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
5
JAIL_CONF="/etc/fail2ban/jail.conf"
5
JAIL_CONF="/etc/fail2ban/jail.conf"
6
DIR_FILTER="/etc/fail2ban/filter.d/"
6
DIR_FILTER="/etc/fail2ban/filter.d/"
7
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
7
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
Line 106... Line 106...
106
#enabled = true
106
#enabled = true
107
enabled = false
107
enabled = false
108
backend = auto
108
backend = auto
109
filter = alcasar_mod-evasive
109
filter = alcasar_mod-evasive
110
action = iptables-allports[name=alcasar_mod-evasive]
110
action = iptables-allports[name=alcasar_mod-evasive]
111
logpath = /var/log/httpd/error_log
111
logpath = /var/log/lighttpd/access.log
112
          /var/log/httpd/ssl_error_log
-
 
113
maxretry = 2
112
maxretry = 2
114
 
113
 
115
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
114
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
116
[ssh-iptables]
115
[ssh-iptables]
117
 
116
 
Line 128... Line 127...
128
enabled = true
127
enabled = true
129
#enabled = false
128
#enabled = false
130
backend = auto
129
backend = auto
131
filter = alcasar_acc
130
filter = alcasar_acc
132
action = iptables-allports[name=alcasar_acc]
131
action = iptables-allports[name=alcasar_acc]
133
logpath = /var/log/httpd/ssl_error_log
132
logpath = /var/log/lighttpd/access.log
134
maxretry = 5
133
maxretry = 6
135
 
134
 
136
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
135
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
137
[alcasar_intercept]
136
[alcasar_intercept]
138
 
137
 
139
enabled = true
138
enabled = true
140
#enabled = false
139
#enabled = false
141
backend = auto
140
backend = auto
142
filter = alcasar_intercept
141
filter = alcasar_intercept
143
action = iptables-allports[name=alcasar_intercept]
142
action = iptables-allports[name=alcasar_intercept]
144
logpath = /var/log/httpd/ssl_request_log
143
logpath = /var/log/lighttpd/access.log
145
maxretry = 5
144
maxretry = 5
146
 
145
 
147
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
146
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
148
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
147
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
149
[alcasar_change-pwd]
148
[alcasar_change-pwd]
Line 151... Line 150...
151
enabled = true
150
enabled = true
152
#enabled = false
151
#enabled = false
153
backend = auto
152
backend = auto
154
filter = alcasar_change-pwd
153
filter = alcasar_change-pwd
155
action = iptables-allports[name=alcasar_change-pwd]
154
action = iptables-allports[name=alcasar_change-pwd]
156
logpath = /var/log/httpd/ssl_request_log
155
logpath = /var/log/lighttpd/access.log
157
maxretry = 5
156
maxretry = 5
158
 
157
 
159
EOF
158
EOF
160
 
159
 
161
##################################################
160
##################################################
Line 182... Line 181...
182
#          host must be matched by a group named "host". The tag "<HOST>" can
181
#          host must be matched by a group named "host". The tag "<HOST>" can
183
#          be used for standard IP/hostname matching and is only an alias for
182
#          be used for standard IP/hostname matching and is only an alias for
184
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
183
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
185
# Values:  TEXT
184
# Values:  TEXT
186
#
185
#
187
failregex =  \[client <HOST>:[0-9]+\] .*client denied by server configuration
186
failregex =  <HOST> .+\] "[^"]+" 403
188
 
187
 
189
# Option:  ignoreregex
188
# Option:  ignoreregex
190
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
189
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
191
# Values:  TEXT
190
# Values:  TEXT
192
#
191
#
Line 209... Line 208...
209
#          host must be matched by a group named "host". The tag "<HOST>" can
208
#          host must be matched by a group named "host". The tag "<HOST>" can
210
#          be used for standard IP/hostname matching and is only an alias for
209
#          be used for standard IP/hostname matching and is only an alias for
211
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
210
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
212
# Values:  TEXT
211
# Values:  TEXT
213
#
212
#
214
failregex =  \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\)
213
failregex =  <HOST> .+\] "[^"]+" 401
215
 
214
 
216
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
215
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
217
 
216
 
218
# Option:  ignoreregex
217
# Option:  ignoreregex
219
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
218
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
Line 238... Line 237...
238
#          host must be matched by a group named "host". The tag "<HOST>" can
237
#          host must be matched by a group named "host". The tag "<HOST>" can
239
#          be used for standard IP/hostname matching and is only an alias for
238
#          be used for standard IP/hostname matching and is only an alias for
240
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
239
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
241
# Values:  TEXT
240
# Values:  TEXT
242
#
241
#
243
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject
242
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
244
 
243
 
245
# Option:  ignoreregex
244
# Option:  ignoreregex
246
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
245
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
247
# Values:  TEXT
246
# Values:  TEXT
248
#
247
#
Line 266... Line 265...
266
#          host must be matched by a group named "host". The tag "<HOST>" can
265
#          host must be matched by a group named "host". The tag "<HOST>" can
267
#          be used for standard IP/hostname matching and is only an alias for
266
#          be used for standard IP/hostname matching and is only an alias for
268
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
267
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
269
# Values:  TEXT
268
# Values:  TEXT
270
#
269
#
271
failregex = \[<HOST>\] \"POST \/password\.php
270
failregex = <HOST> .* \"POST \/password\.php
272
 
271
 
273
 
272
 
274
# Option:  ignoreregex
273
# Option:  ignoreregex
275
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
274
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
276
# Values:  TEXT
275
# Values:  TEXT