BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /conf/fail2ban.sh @ 2271

  → /conf/fail2ban.sh @ 2270

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 2271 → Rev 2270

/conf/fail2ban.sh
1,6 → 1,3
#!/bin/sh
# $Id$
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
JAIL_CONF="/etc/fail2ban/jail.conf"
DIR_FILTER="/etc/fail2ban/filter.d/"
9,7 → 6,10
#########################################################
## Mise à jour du fichier de configuration de fail2ban ##
#########################################################
[ -f $FAIL_CONF ] && [ ! -e $FAIL_CONF.default ] && mv $FAIL_CONF $FAIL_CONF.default
if(test -f $FAIL_CONF)
then
mv $FAIL_CONF $FAIL_CONF.default
fi
cat << EOF > $FAIL_CONF
[Definition]
50,7 → 50,10
#########################################################
## Mise à jour de la configuration de jail de fail2ban ##
#########################################################
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default
if(test -f $JAIL_CONF)
then
mv $JAIL_CONF $JAIL_CONF.default
fi
cat << EOF > $JAIL_CONF
# Fail2Ban configuration file
108,7 → 111,6
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
/var/log/httpd/ssl_error_log
maxretry = 2
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
122,13 → 124,13
maxretry = 3
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
[alcasar_acc-htdigest]
[alcasar_htdigest]
enabled = true
#enabled = false
filter = alcasar_acc-htdigest
action = iptables-allports[name=alcasar_acc-htdigest]
logpath = /var/log/httpd/ssl_error_log
filter = alcasar_htdigest
action = iptables-allports[name=alcasar_htdigest]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
157,9 → 159,9
##################################################
## Mise en place des filtres spécifiques ##
## - Mod_evasive.conf ##
## - acc-htdigest.conf ##
## - htdigest.conf ##
## - intercept.conf ##
## - change-pwd.conf ##
## - mot de passe ##
##################################################
######################
180,7 → 182,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration
failregex = [[]client <HOST>[]] client denied by server configuration
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
189,10 → 191,10
ignoreregex =
EOF
#######################
## ACC-HTDIGEST.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_acc-htdigest.conf
###################
## HTDIGEST.CONF ##
###################
cat << EOF > $DIR_FILTER/alcasar_htdigest.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
207,7 → 209,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\)
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
236,7 → 239,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
245,9 → 249,9
ignoreregex =
EOF
#####################
## CHANGE-PWD.CONF ##
#####################
#######################
## MOT_DE_PASSE.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
# Fail2Ban configuration file
264,7 → 268,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[<HOST>\] \"POST \/pass
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
# Option: ignoreregex
277,7 → 282,10
##############################################
## Log sur ULOG quand iptables-allports ##
##############################################
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
if ( test -f $ACTION_ALLPORTS )
then
mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
fi
cat << EOF > $ACTION_ALLPORTS
# Fail2Ban configuration file
#
319,7 → 327,7
# Values: CMD
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
iptables -I fail2ban-<name> 1 -s <ip> -j DROP
iptables -I fail2ban-<name> 1 -s <ip> -j DROP
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
330,7 → 338,7
# Values: CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
[Init]
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:keywords
-Id
\ No newline at end of property