38,6 → 38,13 |
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock |
# |
socket = /var/run/fail2ban/fail2ban.sock |
|
# Option: pidfile |
# Notes.: Set the PID file. This is used to store the process ID of the |
# fail2ban server. |
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid |
# |
pidfile = /var/run/fail2ban/fail2ban.pid |
EOF |
|
######################################################### |
86,12 → 93,22 |
# auto: will choose Gamin if available and polling otherwise. |
backend = auto |
|
# "usedns" specifies if jails should trust hostnames in logs, |
# warn when DNS lookups are performed, or ignore all hostnames in logs |
# |
# yes: if a hostname is encountered, a DNS lookup will be performed. |
# warn: if a hostname is encountered, a DNS lookup will be performed, |
# but it will be logged as a warning. |
# no: if a hostname is encountered, will not be used for banning, |
# but it will be logged as info. |
usedns = warn |
|
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes) |
[alcasar_mod-evasive] |
|
enabled = true |
#enabled = false |
filter = mod-evasive |
#enabled = true |
enabled = false |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/httpd/error_log |
maxretry = 2 |
111,9 → 128,9 |
|
enabled = true |
#enabled = false |
filter = htdigest |
filter = alcasar_htdigest |
action = iptables-allports[name=alcasar_htdigest] |
logpath = /var/log/httpd/ssl_error_log |
logpath = /var/log/httpd/ssl_request_log |
maxretry = 5 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
121,7 → 138,7 |
|
enabled = true |
#enabled = false |
filter = intercept |
filter = alcasar_intercept |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/httpd/ssl_request_log |
maxretry = 5 |
128,14 → 145,15 |
|
# Bannissement sur tout les port après 5 échecs de changement de mot de passe |
# 5 POST pour changer le mot de passe que le POST soit ok ou non. |
[alcasar_change-password] |
[alcasar_change-pwd] |
|
enabled = true |
#enabled = false |
filter = mot_de_passe |
action = iptables-allports[name=alcasar_change-password] |
filter = alcasar_change-pwd |
action = iptables-allports[name=alcasar_change-pwd] |
logpath = /var/log/httpd/ssl_request_log |
maxretry = 5 |
|
EOF |
|
################################################## |
191,8 → 209,11 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = [[]error[]] [[]client <HOST>[]] Digest: |
#failregex = [[]error[]] [[]client <HOST>[]] Digest: |
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972 |
|
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |
218,7 → 239,8 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject |
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
230,7 → 252,7 |
####################### |
## MOT_DE_PASSE.CONF ## |
####################### |
cat << EOF > $DIR_FILTER/alcasar_change-password.conf |
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf |
|
# Fail2Ban configuration file |
# |
246,8 → 268,10 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP |
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP |
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169 |
|
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |