Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2867 → Rev 2866

/alcasar.sh
1286,11 → 1286,9
$SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
 
# copy & adapt HTML templates
# copy HTML templates
cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
cp $DIR_CONF/alcasar-e2g-en.html /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
 
###### ALCASAR special filtering ####
# RAZ bannedphraselist
1831,86 → 1829,14
rm -f /var/spool/cron/*
} # End of cron()
 
########################################################################
## Fonction "Fail2Ban" ##
##- Adapt conf file to ALCASAR ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept & ACC brute-Force ##
########################################################################
######################################################################
## Fonction "Fail2Ban" ##
##- Adapt conf file to ALCASAR ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
######################################################################
fail2ban()
{
# adapt fail2ban.conf to Mageia (fedora like) & ALCASAR behaviour
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf
$SED "s?^bantime =.*?bantime = 3m?g" /etc/fail2ban/jail.conf
$SED "s?^findtime =.*?findtime = 5m?g" /etc/fail2ban/jail.conf
 
# add 5 jails and their filters
## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/01alcasar_sshd.conf
[sshd]
enabled = true
#enabled = false
maxretry = 3
EOF
 
## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/02alcasar_lighttpd-auth.conf
[lighttpd-auth]
enabled = true
#enabled = false
maxretry = 3
EOF
 
## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page)
cat << EOF > /etc/fail2ban/jail.d/03alcasar_mod-evasive.conf
[alcasar_mod-evasive]
#enabled = true
enabled = false
backend = auto
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/lighttpd/access.log
maxretry = 3
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
[Definition]
failregex = <HOST> .+\] "[^"]+" 403
ignoreregex =
EOF
 
### alcasar_intercept : ban after 5 failed user login attemps on intercept.php
cat << EOF > /etc/fail2ban/jail.d/04alcasar_intercept.conf
[alcasar_intercept]
enabled = true
#enabled = false
backend = auto
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/lighttpd/access.log
maxretry = 5
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
[Definition]
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
ignoreregex =
EOF
 
## alcasar_change-pwd : ban after 5 failed user change password attempts
cat << EOF > /etc/fail2ban/jail.d/05alcasar_change-pwd.conf
[alcasar_change-pwd]
enabled = true
#enabled = false
backend = auto
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/lighttpd/access.log
maxretry = 5
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf
[Definition]
failregex = <HOST> .* \"POST \/password\.php
ignoreregex =
EOF
 
/usr/bin/sh $DIR_CONF/fail2ban.sh
# allow reading of 2 log files (fail2ban & watchdog).
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log