WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 3230 2024-11-06 23:38:15Z rexy $
+#  $Id: alcasar.sh 3231 2024-11-10 23:12:08Z rexy $
 # ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 # ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
 # contact : info@alcasar.net
 } # End of cron()
 ########################################################################
 ##                              "Fail2Ban"                            ##
 ##- Adapt conf file to ALCASAR                                        ##
-##- Secure items : DDOS, SSH-Brute-Force, Intercept & ACC brute-Force ##
+##- Secure items : SSH, intercept & ACC brute-Force + evasive + pwd   ##
 ########################################################################
 fail2ban()
+{
 # adapt fail2ban to Mageia (fedora like) & ALCASAR behaviour
 	[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
 	$SED "s?^before =.*?before = paths-mageia.conf?g" /etc/fail2ban/jail.conf
 # add 5 jails and their filters
-## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
+## sshd : Ban after 5 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
 	cat << EOF > /etc/fail2ban/jail.d/01-alcasar_sshd.conf
 [sshd]
 enabled = true
 #enabled  = false
-maxretry = 3
+maxretry = 5
 bantime = 3m
-findtime = 5m
+findtime = 3m
 EOF
-## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter.
+## alcasar_httpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "apache-auth" f2b filter.
-#	cat << EOF > /etc/fail2ban/jail.d/02-alcasar_lighttpd-auth.conf
+	cat << EOF > /etc/fail2ban/jail.d/02-alcasar_httpd-auth.conf
-#[lighttpd-auth]
+[apache-auth]
-#enabled = true
+enabled = true
 #enabled  = false
-#maxretry = 3
+maxretry = 3
-#bantime = 3m
+bantime = 3m
-#findtime = 3m
+findtime = 3m
-#EOF
+EOF
 ## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page)
 	cat << EOF > /etc/fail2ban/jail.d/03-alcasar_mod-evasive.conf
 [alcasar_mod-evasive]
-#enabled = true
+enabled = true
-enabled = false
+#enabled = false
 backend = auto
 filter = alcasar_mod-evasive
 action = iptables-allports[name=alcasar_mod-evasive]
-logpath = /var/log/httpd/access.log
+logpath = /var/log/httpd/access_log
 maxretry = 3
 bantime = 3m
 findtime = 3m
 EOF
 	cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
 enabled = true
 #enabled = false
 backend = auto
 filter = alcasar_intercept
 action = iptables-allports[name=alcasar_intercept]
-logpath = /var/log/httpd/access.log
+logpath = /var/log/httpd/access_log
 maxretry = 5
 bantime = 3m
 findtime = 3m
 EOF
 	cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
 enabled = true
 #enabled = false
 backend = auto
 filter = alcasar_change-pwd
 action = iptables-allports[name=alcasar_change-pwd]
-logpath = /var/log/httpd/access.log
+logpath = /var/log/httpd/access_log
 maxretry = 5
 bantime = 3m
 findtime = 3m
 EOF
 	cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 987 – Rev 3230 → 3231