1,3 → 1,6 |
#!/bin/sh |
# $Id$ |
|
FAIL_CONF="/etc/fail2ban/fail2ban.conf" |
JAIL_CONF="/etc/fail2ban/jail.conf" |
DIR_FILTER="/etc/fail2ban/filter.d/" |
6,10 → 9,7 |
######################################################### |
## Mise à jour du fichier de configuration de fail2ban ## |
######################################################### |
if(test -f $FAIL_CONF) |
then |
mv $FAIL_CONF $FAIL_CONF.default |
fi |
[ -f $FAIL_CONF ] && [ ! -e $FAIL_CONF.default ] && mv $FAIL_CONF $FAIL_CONF.default |
cat << EOF > $FAIL_CONF |
|
[Definition] |
50,10 → 50,7 |
######################################################### |
## Mise à jour de la configuration de jail de fail2ban ## |
######################################################### |
if(test -f $JAIL_CONF) |
then |
mv $JAIL_CONF $JAIL_CONF.default |
fi |
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default |
cat << EOF > $JAIL_CONF |
|
# Fail2Ban configuration file |
111,6 → 108,7 |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/httpd/error_log |
/var/log/httpd/ssl_error_log |
maxretry = 2 |
|
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
124,13 → 122,13 |
maxretry = 3 |
|
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC) |
[alcasar_htdigest] |
[alcasar_acc-htdigest] |
|
enabled = true |
#enabled = false |
filter = alcasar_htdigest |
action = iptables-allports[name=alcasar_htdigest] |
logpath = /var/log/httpd/ssl_request_log |
filter = alcasar_acc-htdigest |
action = iptables-allports[name=alcasar_acc-htdigest] |
logpath = /var/log/httpd/ssl_error_log |
maxretry = 5 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
159,9 → 157,9 |
################################################## |
## Mise en place des filtres spécifiques ## |
## - Mod_evasive.conf ## |
## - htdigest.conf ## |
## - acc-htdigest.conf ## |
## - intercept.conf ## |
## - mot de passe ## |
## - change-pwd.conf ## |
################################################## |
|
###################### |
182,7 → 180,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = [[]client <HOST>[]] client denied by server configuration |
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
191,10 → 189,10 |
ignoreregex = |
EOF |
|
################### |
## HTDIGEST.CONF ## |
################### |
cat << EOF > $DIR_FILTER/alcasar_htdigest.conf |
####################### |
## ACC-HTDIGEST.CONF ## |
####################### |
cat << EOF > $DIR_FILTER/alcasar_acc-htdigest.conf |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
209,8 → 207,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
#failregex = [[]error[]] [[]client <HOST>[]] Digest: |
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972 |
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\) |
|
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
|
239,8 → 236,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject |
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject |
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
249,9 → 245,9 |
ignoreregex = |
EOF |
|
####################### |
## MOT_DE_PASSE.CONF ## |
####################### |
##################### |
## CHANGE-PWD.CONF ## |
##################### |
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf |
|
# Fail2Ban configuration file |
268,8 → 264,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP |
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169 |
failregex = \[<HOST>\] \"POST \/pass |
|
|
# Option: ignoreregex |
282,10 → 277,7 |
############################################## |
## Log sur ULOG quand iptables-allports ## |
############################################## |
if ( test -f $ACTION_ALLPORTS ) |
then |
mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
fi |
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
cat << EOF > $ACTION_ALLPORTS |
# Fail2Ban configuration file |
# |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:keywords |
+Id |
\ No newline at end of property |