3,7 → 3,6 |
|
JAIL_CONF="/etc/fail2ban/jail.conf" |
DIR_FILTER="/etc/fail2ban/filter.d/" |
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf" |
|
######################################################### |
## Mise à jour de la configuration de jail de fail2ban ## |
60,7 → 59,6 |
|
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes) |
[alcasar_mod-evasive] |
|
#enabled = true |
enabled = false |
backend = auto |
71,7 → 69,6 |
|
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
[ssh-iptables] |
|
enabled = true |
#enabled = false |
filter = sshd |
81,7 → 78,6 |
|
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC) |
[alcasar_acc] |
|
enabled = true |
#enabled = false |
backend = auto |
88,11 → 84,10 |
filter = alcasar_acc |
action = iptables-allports[name=alcasar_acc] |
logpath = /var/log/lighttpd/access.log |
maxretry = 6 |
maxretry = 5 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
[alcasar_intercept] |
|
enabled = true |
#enabled = false |
backend = auto |
99,12 → 94,11 |
filter = alcasar_intercept |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/lighttpd/access.log |
maxretry = 6 |
maxretry = 5 |
|
# Bannissement sur tout les port après 5 échecs de changement de mot de passe |
# 5 POST pour changer le mot de passe que le POST soit ok ou non. |
[alcasar_change-pwd] |
|
enabled = true |
#enabled = false |
backend = auto |
115,13 → 109,13 |
|
EOF |
|
################################################## |
############################################## |
## Mise en place des filtres spécifiques ## |
## - Mod_evasive.conf ## |
## - acc-htdigest.conf ## |
## - intercept.conf ## |
## - change-pwd.conf ## |
################################################## |
## - Mod_evasive.conf ## |
## - acc-htdigest.conf ## |
## - intercept.conf ## |
## - change-pwd.conf ## |
############################################## |
|
###################### |
## MOD-EVASIVE.CONF ## |
234,79 → 228,3 |
# |
ignoreregex = |
EOF |
|
############################################## |
## Log sur ULOG quand iptables-allports ## |
############################################## |
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
cat << EOF > $ACTION_ALLPORTS |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Modified: Yaroslav O. Halchenko <debian@onerussian.com> |
# made active on all ports from original iptables.conf |
# Adapted by ALCASAR team |
|
[Definition] |
|
# Option: actionstart |
# Notes.: command executed once at the start of Fail2Ban. |
# Values: CMD |
# |
actionstart = iptables -N fail2ban-<name> |
iptables -A fail2ban-<name> -j RETURN |
iptables -I <chain> -p <protocol> -j fail2ban-<name> |
|
# Option: actionstop |
# Notes.: command executed once at the end of Fail2Ban |
# Values: CMD |
# |
actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name> |
iptables -F fail2ban-<name> |
iptables -X fail2ban-<name> |
|
# Option: actioncheck |
# Notes.: command executed once before each actionban command |
# Values: CMD |
# |
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name> |
|
# Option: actionban |
# Notes.: command executed when banning an IP. Take care that the |
# command is executed with Fail2Ban user rights. |
# Tags: <ip> IP address |
# <failures> number of failures |
# <time> unix timestamp of the ban time |
# Values: CMD |
|
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP |
|
# Option: actionunban |
# Notes.: command executed when unbanning an IP. Take care that the |
# command is executed with Fail2Ban user rights. |
# Tags: <ip> IP address |
# <failures> number of failures |
# <time> unix timestamp of the ban time |
# Values: CMD |
# |
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP |
|
[Init] |
|
# Defaut name of the chain |
# |
name = default |
|
# Option: protocol |
# Notes.: internally used by config reader for interpolations. |
# Values: [ tcp | udp | icmp | all ] Default: tcp |
# |
protocol = tcp |
|
# Option: chain |
# Notes specifies the iptables chain to which the fail2ban rules should be |
# added |
# Values: STRING Default: INPUT |
chain = INPUT |
|
EOF |