WebSVN – ALCASAR – Diff – /conf/fail2ban.sh



#!/bin/sh
# $Id: fail2ban.sh 2488 2018-02-25 14:53:54Z lucas.echard $
 
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
JAIL_CONF="/etc/fail2ban/jail.conf"
DIR_FILTER="/etc/fail2ban/filter.d/"
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"

#enabled = true
enabled = false
backend = auto
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/lighttpd/access.log
 
maxretry = 2
 
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
[ssh-iptables]
 

enabled = true
#enabled = false
backend = auto
filter = alcasar_acc
action = iptables-allports[name=alcasar_acc]
logpath = /var/log/lighttpd/access.log
maxretry = 6
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
[alcasar_intercept]
 
enabled = true
#enabled = false
backend = auto
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/lighttpd/access.log
maxretry = 5
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
[alcasar_change-pwd]

enabled = true
#enabled = false
backend = auto
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/lighttpd/access.log
maxretry = 5
 
EOF
 
##################################################

#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex =  <HOST> .+\] "[^"]+" 403
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#

#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex =  <HOST> .+\] "[^"]+" 401
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.

#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#

#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = <HOST> .* \"POST \/password\.php
 
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT

Rev 2487	Rev 2488
Line 1...	Line 1...
1	`#!/bin/sh`	1	`#!/bin/sh`
2	`# $Id: fail2ban.sh 2487 2018-02-25 12:49:14Z lucas.echard $`	2	`# $Id: fail2ban.sh 2488 2018-02-25 14:53:54Z lucas.echard $`
3		3
4	`FAIL_CONF="/etc/fail2ban/fail2ban.conf"`	4	`FAIL_CONF="/etc/fail2ban/fail2ban.conf"`
5	`JAIL_CONF="/etc/fail2ban/jail.conf"`	5	`JAIL_CONF="/etc/fail2ban/jail.conf"`
6	`DIR_FILTER="/etc/fail2ban/filter.d/"`	6	`DIR_FILTER="/etc/fail2ban/filter.d/"`
7	`ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"`	7	`ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"`
Line 106...	Line 106...
106	`#enabled = true`	106	`#enabled = true`
107	`enabled = false`	107	`enabled = false`
108	`backend = auto`	108	`backend = auto`
109	`filter = alcasar_mod-evasive`	109	`filter = alcasar_mod-evasive`
110	`action = iptables-allports[name=alcasar_mod-evasive]`	110	`action = iptables-allports[name=alcasar_mod-evasive]`
111	`logpath = /var/log/httpd/error_log`	111	`logpath = /var/log/lighttpd/access.log`
112	`/var/log/httpd/ssl_error_log`	-
113	`maxretry = 2`	112	`maxretry = 2`
114		113
115	`# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)`	114	`# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)`
116	`[ssh-iptables]`	115	`[ssh-iptables]`
117		116
Line 128...	Line 127...
128	`enabled = true`	127	`enabled = true`
129	`#enabled = false`	128	`#enabled = false`
130	`backend = auto`	129	`backend = auto`
131	`filter = alcasar_acc`	130	`filter = alcasar_acc`
132	`action = iptables-allports[name=alcasar_acc]`	131	`action = iptables-allports[name=alcasar_acc]`
133	`logpath = /var/log/httpd/ssl_error_log`	132	`logpath = /var/log/lighttpd/access.log`
134	`maxretry = 5`	133	`maxretry = 6`
135		134
136	`# Bannissement sur tout les ports après 5 echecs de connexion pour un usager`	135	`# Bannissement sur tout les ports après 5 echecs de connexion pour un usager`
137	`[alcasar_intercept]`	136	`[alcasar_intercept]`
138		137
139	`enabled = true`	138	`enabled = true`
140	`#enabled = false`	139	`#enabled = false`
141	`backend = auto`	140	`backend = auto`
142	`filter = alcasar_intercept`	141	`filter = alcasar_intercept`
143	`action = iptables-allports[name=alcasar_intercept]`	142	`action = iptables-allports[name=alcasar_intercept]`
144	`logpath = /var/log/httpd/ssl_request_log`	143	`logpath = /var/log/lighttpd/access.log`
145	`maxretry = 5`	144	`maxretry = 5`
146		145
147	`# Bannissement sur tout les port après 5 échecs de changement de mot de passe`	146	`# Bannissement sur tout les port après 5 échecs de changement de mot de passe`
148	`# 5 POST pour changer le mot de passe que le POST soit ok ou non.`	147	`# 5 POST pour changer le mot de passe que le POST soit ok ou non.`
149	`[alcasar_change-pwd]`	148	`[alcasar_change-pwd]`
Line 151...	Line 150...
151	`enabled = true`	150	`enabled = true`
152	`#enabled = false`	151	`#enabled = false`
153	`backend = auto`	152	`backend = auto`
154	`filter = alcasar_change-pwd`	153	`filter = alcasar_change-pwd`
155	`action = iptables-allports[name=alcasar_change-pwd]`	154	`action = iptables-allports[name=alcasar_change-pwd]`
156	`logpath = /var/log/httpd/ssl_request_log`	155	`logpath = /var/log/lighttpd/access.log`
157	`maxretry = 5`	156	`maxretry = 5`
158		157
159	`EOF`	158	`EOF`
160		159
161	`##################################################`	160	`##################################################`
Line 182...	Line 181...
182	`# host must be matched by a group named "host". The tag "<HOST>" can`	181	`# host must be matched by a group named "host". The tag "<HOST>" can`
183	`# be used for standard IP/hostname matching and is only an alias for`	182	`# be used for standard IP/hostname matching and is only an alias for`
184	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`	183	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
185	`# Values: TEXT`	184	`# Values: TEXT`
186	`#`	185	`#`
187	`failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration`	186	`failregex = <HOST> .+\] "[^"]+" 403`
188		187
189	`# Option: ignoreregex`	188	`# Option: ignoreregex`
190	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`	189	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
191	`# Values: TEXT`	190	`# Values: TEXT`
192	`#`	191	`#`
Line 209...	Line 208...
209	`# host must be matched by a group named "host". The tag "<HOST>" can`	208	`# host must be matched by a group named "host". The tag "<HOST>" can`
210	`# be used for standard IP/hostname matching and is only an alias for`	209	`# be used for standard IP/hostname matching and is only an alias for`
211	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`	210	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
212	`# Values: TEXT`	211	`# Values: TEXT`
213	`#`	212	`#`
214	`failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\)`	213	`failregex = <HOST> .+\] "[^"]+" 401`
215		214
216	`#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]`	215	`#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]`
217		216
218	`# Option: ignoreregex`	217	`# Option: ignoreregex`
219	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`	218	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
Line 238...	Line 237...
238	`# host must be matched by a group named "host". The tag "<HOST>" can`	237	`# host must be matched by a group named "host". The tag "<HOST>" can`
239	`# be used for standard IP/hostname matching and is only an alias for`	238	`# be used for standard IP/hostname matching and is only an alias for`
240	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`	239	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
241	`# Values: TEXT`	240	`# Values: TEXT`
242	`#`	241	`#`
243	`failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject`	242	`failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject`
244		243
245	`# Option: ignoreregex`	244	`# Option: ignoreregex`
246	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`	245	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
247	`# Values: TEXT`	246	`# Values: TEXT`
248	`#`	247	`#`
Line 266...	Line 265...
266	`# host must be matched by a group named "host". The tag "<HOST>" can`	265	`# host must be matched by a group named "host". The tag "<HOST>" can`
267	`# be used for standard IP/hostname matching and is only an alias for`	266	`# be used for standard IP/hostname matching and is only an alias for`
268	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`	267	`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
269	`# Values: TEXT`	268	`# Values: TEXT`
270	`#`	269	`#`
271	`failregex = \[<HOST>\] \"POST \/password\.php`	270	`failregex = <HOST> .* \"POST \/password\.php`
272		271
273		272
274	`# Option: ignoreregex`	273	`# Option: ignoreregex`
275	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`	274	`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
276	`# Values: TEXT`	275	`# Values: TEXT`

Subversion Repositories ALCASAR

(root)/conf/fail2ban.sh – Rev 2487 → 2488