657,6 → 657,7 |
EOF |
fi |
# write INTIF (consultation LAN) in normal mode |
cp -f /etc/sysconfig/network-scripts/ifcfg-$INTIF /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF |
DEVICE=$INTIF |
BOOTPROTO=static |
668,7 → 669,6 |
ACCOUNTING=no |
USERCTL=no |
EOF |
cp -f /etc/sysconfig/network-scripts/ifcfg-$INTIF /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
# write INTIF in bypass mode (see "alcasar-bypass.sh") |
cat <<EOF > /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF |
DEVICE=$INTIF |
1367,6 → 1367,10 |
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default |
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service |
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service |
[ -e /lib/systemd/system/clamav-daemon.socket.default ] || cp /lib/systemd/system/clamav-daemon.socket /lib/systemd/system/clamav-daemon.socket.default |
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /lib/systemd/system/clamav-daemon.socket |
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /lib/systemd/system/clamav-daemon.socket |
|
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default |
$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf |
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message |
1424,7 → 1428,7 |
nfsen() |
{ |
groupadd -f nfcapd |
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd |
id -u nfcapd >/dev/null 2>&1 || useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd |
# nfcapd unit for systemd |
cat << EOF > /lib/systemd/system/nfcapd.service |
# This file is part of systemd. |
1838,31 → 1842,33 |
######################################################################## |
fail2ban() |
{ |
# adapt fail2ban.conf to Mageia (fedora like) & ALCASAR behaviour |
# adapt fail2ban to Mageia (fedora like) & ALCASAR behaviour |
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default |
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf |
$SED "s?^bantime =.*?bantime = 3m?g" /etc/fail2ban/jail.conf |
$SED "s?^findtime =.*?findtime = 5m?g" /etc/fail2ban/jail.conf |
|
# add 5 jails and their filters |
## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter. |
cat << EOF > /etc/fail2ban/jail.d/01alcasar_sshd.conf |
cat << EOF > /etc/fail2ban/jail.d/01-alcasar_sshd.conf |
[sshd] |
enabled = true |
#enabled = false |
maxretry = 3 |
bantime = 3m |
findtime = 5m |
EOF |
|
## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter. |
cat << EOF > /etc/fail2ban/jail.d/02alcasar_lighttpd-auth.conf |
cat << EOF > /etc/fail2ban/jail.d/02-alcasar_lighttpd-auth.conf |
[lighttpd-auth] |
enabled = true |
#enabled = false |
maxretry = 3 |
bantime = 3m |
findtime = 3m |
EOF |
|
## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page) |
cat << EOF > /etc/fail2ban/jail.d/03alcasar_mod-evasive.conf |
cat << EOF > /etc/fail2ban/jail.d/03-alcasar_mod-evasive.conf |
[alcasar_mod-evasive] |
#enabled = true |
enabled = false |
1871,6 → 1877,8 |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/lighttpd/access.log |
maxretry = 3 |
bantime = 3m |
findtime = 3m |
EOF |
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf |
[Definition] |
1879,7 → 1887,7 |
EOF |
|
### alcasar_intercept : ban after 5 failed user login attemps on intercept.php |
cat << EOF > /etc/fail2ban/jail.d/04alcasar_intercept.conf |
cat << EOF > /etc/fail2ban/jail.d/04-alcasar_intercept.conf |
[alcasar_intercept] |
enabled = true |
#enabled = false |
1888,6 → 1896,9 |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
bantime = 3m |
findtime = 3m |
EOF |
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf |
[Definition] |
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject |
1895,7 → 1906,7 |
EOF |
|
## alcasar_change-pwd : ban after 5 failed user change password attempts |
cat << EOF > /etc/fail2ban/jail.d/05alcasar_change-pwd.conf |
cat << EOF > /etc/fail2ban/jail.d/05-alcasar_change-pwd.conf |
[alcasar_change-pwd] |
enabled = true |
#enabled = false |
1904,6 → 1915,8 |
action = iptables-allports[name=alcasar_change-pwd] |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
bantime = 3m |
findtime = 3m |
EOF |
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf |
[Definition] |
1933,7 → 1946,7 |
{ |
# Create 'gammu' system user |
groupadd -f gammu_smsd |
useradd --system -g gammu_smsd -s /bin/false -c "system user for gammu_smsd" gammu_smsd |
useradd -r -g gammu_smsd -s /bin/false -c "system user for gammu_smsd" gammu_smsd |
usermod -a -G dialout gammu_smsd |
|
# Create 'gammu' database |