Subversion Repositories ALCASAR

Compare Revisions

Regard whitespace Rev 1410 → Rev 1409

/conf/fail2ban.sh
38,13 → 38,6
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
 
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
EOF
 
#########################################################
93,22 → 86,12
# auto: will choose Gamin if available and polling otherwise.
backend = auto
 
# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
 
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
[alcasar_mod-evasive]
 
#enabled = true
enabled = false
filter = alcasar_mod-evasive
enabled = true
#enabled = false
filter = mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
maxretry = 2
128,9 → 111,9
 
enabled = true
#enabled = false
filter = alcasar_htdigest
filter = htdigest
action = iptables-allports[name=alcasar_htdigest]
logpath = /var/log/httpd/ssl_request_log
logpath = /var/log/httpd/ssl_error_log
maxretry = 5
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
138,7 → 121,7
 
enabled = true
#enabled = false
filter = alcasar_intercept
filter = intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
145,15 → 128,14
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
[alcasar_change-pwd]
[alcasar_change-password]
 
enabled = true
#enabled = false
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
filter = mot_de_passe
action = iptables-allports[name=alcasar_change-password]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
 
EOF
 
##################################################
209,11 → 191,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
failregex = [[]error[]] [[]client <HOST>[]] Digest:
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
239,8 → 218,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
252,7 → 230,7
#######################
## MOT_DE_PASSE.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
cat << EOF > $DIR_FILTER/alcasar_change-password.conf
 
# Fail2Ban configuration file
#
268,10 → 246,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
 
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT