| 3,6 → 3,7 |
|---|
| |
| JAIL_CONF="/etc/fail2ban/jail.conf" |
| DIR_FILTER="/etc/fail2ban/filter.d/" |
| ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf" |
| |
| ######################################################### |
| ## Mise à jour de la configuration de jail de fail2ban ## |
| 59,6 → 60,7 |
|---|
| |
| # Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes) |
| [alcasar_mod-evasive] |
| |
| #enabled = true |
| enabled = false |
| backend = auto |
| 69,6 → 71,7 |
|---|
| |
| # Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
| [ssh-iptables] |
| |
| enabled = true |
| #enabled = false |
| filter = sshd |
| 78,6 → 81,7 |
|---|
| |
| # Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC) |
| [alcasar_acc] |
| |
| enabled = true |
| #enabled = false |
| backend = auto |
| 84,10 → 88,11 |
|---|
| filter = alcasar_acc |
| action = iptables-allports[name=alcasar_acc] |
| logpath = /var/log/lighttpd/access.log |
| maxretry = 5 |
| maxretry = 6 |
| |
| # Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
| [alcasar_intercept] |
| |
| enabled = true |
| #enabled = false |
| backend = auto |
| 94,11 → 99,12 |
|---|
| filter = alcasar_intercept |
| action = iptables-allports[name=alcasar_intercept] |
| logpath = /var/log/lighttpd/access.log |
| maxretry = 5 |
| maxretry = 6 |
| |
| # Bannissement sur tout les port après 5 échecs de changement de mot de passe |
| # 5 POST pour changer le mot de passe que le POST soit ok ou non. |
| [alcasar_change-pwd] |
| |
| enabled = true |
| #enabled = false |
| backend = auto |
| 109,13 → 115,13 |
|---|
| |
| EOF |
| |
| ############################################## |
| ################################################## |
| ## Mise en place des filtres spécifiques ## |
| ## - Mod_evasive.conf ## |
| ## - acc-htdigest.conf ## |
| ## - intercept.conf ## |
| ## - change-pwd.conf ## |
| ############################################## |
| ## - Mod_evasive.conf ## |
| ## - acc-htdigest.conf ## |
| ## - intercept.conf ## |
| ## - change-pwd.conf ## |
| ################################################## |
| |
| ###################### |
| ## MOD-EVASIVE.CONF ## |
| 228,3 → 234,79 |
|---|
| # |
| ignoreregex = |
| EOF |
| |
| ############################################## |
| ## Log sur ULOG quand iptables-allports ## |
| ############################################## |
| [ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default |
| cat << EOF > $ACTION_ALLPORTS |
| # Fail2Ban configuration file |
| # |
| # Author: Cyril Jaquier |
| # Modified: Yaroslav O. Halchenko <debian@onerussian.com> |
| # made active on all ports from original iptables.conf |
| # Adapted by ALCASAR team |
| |
| [Definition] |
| |
| # Option: actionstart |
| # Notes.: command executed once at the start of Fail2Ban. |
| # Values: CMD |
| # |
| actionstart = iptables -N fail2ban-<name> |
| iptables -A fail2ban-<name> -j RETURN |
| iptables -I <chain> -p <protocol> -j fail2ban-<name> |
| |
| # Option: actionstop |
| # Notes.: command executed once at the end of Fail2Ban |
| # Values: CMD |
| # |
| actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name> |
| iptables -F fail2ban-<name> |
| iptables -X fail2ban-<name> |
| |
| # Option: actioncheck |
| # Notes.: command executed once before each actionban command |
| # Values: CMD |
| # |
| actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name> |
| |
| # Option: actionban |
| # Notes.: command executed when banning an IP. Take care that the |
| # command is executed with Fail2Ban user rights. |
| # Tags: <ip> IP address |
| # <failures> number of failures |
| # <time> unix timestamp of the ban time |
| # Values: CMD |
| |
| actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP |
| |
| # Option: actionunban |
| # Notes.: command executed when unbanning an IP. Take care that the |
| # command is executed with Fail2Ban user rights. |
| # Tags: <ip> IP address |
| # <failures> number of failures |
| # <time> unix timestamp of the ban time |
| # Values: CMD |
| # |
| actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP |
| |
| [Init] |
| |
| # Defaut name of the chain |
| # |
| name = default |
| |
| # Option: protocol |
| # Notes.: internally used by config reader for interpolations. |
| # Values: [ tcp | udp | icmp | all ] Default: tcp |
| # |
| protocol = tcp |
| |
| # Option: chain |
| # Notes specifies the iptables chain to which the fail2ban rules should be |
| # added |
| # Values: STRING Default: INPUT |
| chain = INPUT |
| |
| EOF |