/alcasar.sh |
---|
1366,7 → 1366,9 |
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message |
$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf |
$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf |
chown -R clamav:clamav /var/log/clamav /var/lib/clamav |
$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf |
$SED "s?^TemporaryDirectory.*?TemporaryDirectory /var/lib/e2guardian/tmp?g" /etc/clamd.conf |
chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav |
chmod 775 /var/log/clamav /var/lib/clamav |
chmod 664 /var/log/clamav/* |
# update virus database every 4 hours (24h/6) |
1373,6 → 1375,7 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf |
$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf |
$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf |
# update now |
1963,9 → 1966,9 |
/etc/pki/CA/private/* root.root 600 force |
/etc/pki/tls/private/ root.apache 750 force |
/etc/pki/tls/private/* root.apache 640 force |
/var/log/clamav/ clamav.clamav 755 force |
/var/log/clamav/* clamav.clamav 764 force |
/var/lib/clamav/ clamav.clamav 755 force |
/var/log/clamav/ e2guardian.e2guardian 755 force |
/var/log/clamav/* e2guardian.e2guardian 764 force |
/var/lib/clamav/ e2guardian.e2guardian 755 force |
EOF |
# apply now hourly & daily checks |
/usr/sbin/msec |
/conf/fail2ban.sh |
---|
18,14 → 18,11 |
# The DEFAULT allows a global definition of the options. They can be overridden |
# in each jail afterwards. |
[DEFAULT] |
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not |
# ban a host which matches an address in this list. Several addresses can be |
# defined using space separator. |
ignoreip = 127.0.0.1/8 |
# "bantime" is the number of seconds that a host is banned. |
bantime = 180 |
127,7 → 124,6 |
# Adapted by ALCASAR team |
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
134,13 → 130,9 |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> .+\] "[^"]+" 403 |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |
# |
ignoreregex = |
EOF |
154,7 → 146,6 |
# Adapted by ALCASAR team |
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
161,15 → 152,9 |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> .+\] "[^"]+" 401 |
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |
# |
ignoreregex = |
EOF |
183,7 → 168,6 |
# Adapted by ALCASAR team |
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
190,13 → 174,9 |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |
# |
ignoreregex = |
EOF |
211,7 → 191,6 |
# Adapted by ALCASAR team |
[Definition] |
# Option: failregex |
# Notes.: regex to match the password failure messages in the logfile. The |
# host must be matched by a group named "host". The tag "<HOST>" can |
218,13 → 197,8 |
# be used for standard IP/hostname matching and is only an alias for |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = <HOST> .* \"POST \/password\.php |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
# Values: TEXT |
# |
ignoreregex = |
EOF |
/scripts/alcasar-urpmi.sh |
---|
121,6 → 121,8 |
echo "/^kernel/" > /etc/urpmi/skip.list |
echo "/^freeradius/" >> /etc/urpmi/skip.list |
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list |
echo "/^clamd/" >> /etc/urpmi/skip.list |
echo "/^clamav/" >> /etc/urpmi/skip.list |
# download the kernel used by ALCASAR |
if [ $Lang == "fr" ] |
then |
/web/acc/manager/htdocs/security.php |
---|
11,15 → 11,30 |
$l_spoofing = "Adresse(s) MAC usurpée(s) (Watchdog)"; |
$l_virus = "Virus bloqué(s) (CLAMAV)"; |
$l_fail2ban = "Adresse(s) IP bloquée(s) (Fail2Ban)"; |
$l_ban_date = "Date de bloquage"; |
$l_unban_date = "Date de débloquage"; |
$l_ipAddress="Adresse IP"; |
$l_user = "L'utilisateur"; |
$l_empty="Vide"; |
$l_rule="Règle"; |
} else if ($language === 'es') { |
$l_title = 'Seguridad'; |
$l_spoofing = "Direcciones MAC usurpadas (Watchdog)"; |
$l_virus = "Virus bloqueado (CLAMAV)"; |
$l_fail2ban = "Dirección(es) IP bloqueada(s) (Fail2Ban)"; |
$l_ban_date = "Fecha de bloqueo"; |
$l_unban_date = "Fecha de desembolso"; |
$l_ipAddress="Dirección ip"; |
$l_user = "El usuario"; |
$l_empty="Vacío"; |
$l_rule="Regla"; |
} else { |
$l_title = 'Security'; |
$l_spoofing = "MAC address spoofed (Watchdog)"; |
$l_virus = "Virus blocked (CLAMAV)"; |
$l_fail2ban = "IP address blocked (Fail2Ban)"; |
$l_ban_date = "Lock date"; |
$l_unban_date = "Unlock date"; |
$l_ipAddress="IP address"; |
$l_user = "User"; |
$l_empty="Empty"; |
54,6 → 69,7 |
if ($file) { |
while (!feof($file)) { |
$line = fgets($file); |
if (preg_match($regex, $line, $matches)) { |
if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}-[0-9]{2}:[0-9]{2}:[0-9]{2}/', $matches['date'], $matches_date)) { |
$matches['date'] = DateTime::createFromFormat('d/m/Y-H:i:s', $matches['date'])->format('Y-m-d H:i:s'); |
125,12 → 141,11 |
<?php |
} else if ($tab === 3) { |
$bans = []; |
$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}\ [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} fail2ban\.actions\[[0-9]+\]: NOTICE \[(?P<rule>[a-zA-Z0-9_-]+)\] (?P<type>Ban|Unban) (?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/'; |
$regex = '/^(?P<date>[0-9]{4}-[0-9]{2}-[0-9]{2}[ \t]+[0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3}[ \t]+fail2ban\.actions[ \t]+\[[0-9]+\]:[ \t]+NOTICE[ \t]+\[(?P<rule>[a-zA-Z0-9_-]+)\][ \t]+(?P<type>Ban|Unban)[ \t]+(?P<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/'; |
$file = fopen('/var/log/fail2ban.log', 'r'); |
if ($file) { |
while (!feof($file)) { |
$line = fgets($file); |
if (preg_match($regex, $line, $matches)) { |
if ($matches['type'] === 'Ban') { |
$bans[] = (object) [ |
158,10 → 173,10 |
<table class="table table-striped table-hover" border="1"> |
<tr > |
<th> |
Date |
<?= $l_ban_date ?> |
</th> |
<th> |
Date Unban |
<?= $l_unban_date ?> |
</th> |
<th> |
<?= $l_rule ?> |