0,0 → 1,204 |
#!/bin/sh |
# $Id$ |
|
JAIL_CONF="/etc/fail2ban/jail.conf" |
DIR_FILTER="/etc/fail2ban/filter.d/" |
|
######################################################### |
## Mise à jour de la configuration de jail de fail2ban ## |
######################################################### |
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default |
cat << EOF > $JAIL_CONF |
|
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Adapted by ALCASAR team |
|
|
# The DEFAULT allows a global definition of the options. They can be overridden |
# in each jail afterwards. |
[DEFAULT] |
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not |
# ban a host which matches an address in this list. Several addresses can be |
# defined using space separator. |
ignoreip = 127.0.0.1/8 |
# "bantime" is the number of seconds that a host is banned. |
bantime = 180 |
|
# A host is banned if it has generated "maxretry" during the last "findtime" seconds. |
# Un client est banni s'il génere "maxretry" requêtes pendant "findtime" (en secondes) |
# Pour ALCASAR : 5 requetes pour chaque filtres en 60 secondes |
findtime = 60 |
|
# "maxretry" is the number of failures before a host get banned. |
maxretry = 5 |
|
# "backend" specifies the backend used to get files modification. Available |
# options are "gamin", "polling" and "auto". This option can be overridden in |
# each jail too (use "gamin" for a jail and "polling" for another). |
# |
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin |
# is not installed, Fail2ban will use polling. |
# polling: uses a polling algorithm which does not require external libraries. |
# auto: will choose Gamin if available and polling otherwise. |
backend = auto |
|
# "usedns" specifies if jails should trust hostnames in logs, |
# warn when DNS lookups are performed, or ignore all hostnames in logs |
# |
# yes: if a hostname is encountered, a DNS lookup will be performed. |
# warn: if a hostname is encountered, a DNS lookup will be performed, |
# but it will be logged as a warning. |
# no: if a hostname is encountered, will not be used for banning, |
# but it will be logged as info. |
usedns = warn |
|
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes) |
[alcasar_mod-evasive] |
#enabled = true |
enabled = false |
backend = auto |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/lighttpd/access.log |
maxretry = 3 |
|
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
[ssh-iptables] |
enabled = true |
#enabled = false |
filter = sshd |
action = iptables-allports[name=SSH] |
logpath = /var/log/auth.log |
maxretry = 3 |
|
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC) |
[alcasar_acc] |
enabled = true |
#enabled = false |
backend = auto |
filter = alcasar_acc |
action = iptables-allports[name=alcasar_acc] |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
[alcasar_intercept] |
enabled = true |
#enabled = false |
backend = auto |
filter = alcasar_intercept |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
|
# Bannissement sur tout les port après 5 échecs de changement de mot de passe |
# 5 POST pour changer le mot de passe que le POST soit ok ou non. |
[alcasar_change-pwd] |
enabled = true |
#enabled = false |
backend = auto |
filter = alcasar_change-pwd |
action = iptables-allports[name=alcasar_change-pwd] |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
|
EOF |
|
############################################## |
## Mise en place des filtres spécifiques ## |
## - Mod_evasive.conf ## |
## - acc-htdigest.conf ## |
## - intercept.conf ## |
## - change-pwd.conf ## |
############################################## |
|
###################### |
## MOD-EVASIVE.CONF ## |
###################### |
cat << EOF > $DIR_FILTER/alcasar_mod-evasive.conf |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Adapted by ALCASAR team |
|
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
failregex = <HOST> .+\] "[^"]+" 403 |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
ignoreregex = |
EOF |
|
####################### |
## ACC-HTDIGEST.CONF ## |
####################### |
cat << EOF > $DIR_FILTER/alcasar_acc.conf |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Adapted by ALCASAR team |
|
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
failregex = <HOST> .+\] "[^"]+" 401 |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
ignoreregex = |
EOF |
|
#################### |
## INTERCEPT.CONF ## |
#################### |
cat << EOF > $DIR_FILTER/alcasar_intercept.conf |
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Adapted by ALCASAR team |
|
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
ignoreregex = |
EOF |
|
##################### |
## CHANGE-PWD.CONF ## |
##################### |
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf |
|
# Fail2Ban configuration file |
# |
# Author: Cyril Jaquier |
# Adapted by ALCASAR team |
|
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
failregex = <HOST> .* \"POST \/password\.php |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
ignoreregex = |
EOF |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id |
\ No newline at end of property |