Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2866 → Rev 2867

/alcasar.sh
1286,9 → 1286,11
$SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
 
# copy HTML templates
# copy & adapt HTML templates
cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
cp $DIR_CONF/alcasar-e2g-en.html /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
 
###### ALCASAR special filtering ####
# RAZ bannedphraselist
1829,14 → 1831,86
rm -f /var/spool/cron/*
} # End of cron()
 
######################################################################
## Fonction "Fail2Ban" ##
##- Adapt conf file to ALCASAR ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
######################################################################
########################################################################
## Fonction "Fail2Ban" ##
##- Adapt conf file to ALCASAR ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept & ACC brute-Force ##
########################################################################
fail2ban()
{
/usr/bin/sh $DIR_CONF/fail2ban.sh
# adapt fail2ban.conf to Mageia (fedora like) & ALCASAR behaviour
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf
$SED "s?^bantime =.*?bantime = 3m?g" /etc/fail2ban/jail.conf
$SED "s?^findtime =.*?findtime = 5m?g" /etc/fail2ban/jail.conf
 
# add 5 jails and their filters
## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/01alcasar_sshd.conf
[sshd]
enabled = true
#enabled = false
maxretry = 3
EOF
 
## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/02alcasar_lighttpd-auth.conf
[lighttpd-auth]
enabled = true
#enabled = false
maxretry = 3
EOF
 
## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page)
cat << EOF > /etc/fail2ban/jail.d/03alcasar_mod-evasive.conf
[alcasar_mod-evasive]
#enabled = true
enabled = false
backend = auto
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/lighttpd/access.log
maxretry = 3
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
[Definition]
failregex = <HOST> .+\] "[^"]+" 403
ignoreregex =
EOF
 
### alcasar_intercept : ban after 5 failed user login attemps on intercept.php
cat << EOF > /etc/fail2ban/jail.d/04alcasar_intercept.conf
[alcasar_intercept]
enabled = true
#enabled = false
backend = auto
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/lighttpd/access.log
maxretry = 5
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
[Definition]
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
ignoreregex =
EOF
 
## alcasar_change-pwd : ban after 5 failed user change password attempts
cat << EOF > /etc/fail2ban/jail.d/05alcasar_change-pwd.conf
[alcasar_change-pwd]
enabled = true
#enabled = false
backend = auto
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/lighttpd/access.log
maxretry = 5
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf
[Definition]
failregex = <HOST> .* \"POST \/password\.php
ignoreregex =
EOF
 
# allow reading of 2 log files (fail2ban & watchdog).
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log
/conf/fail2ban.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id
\ No newline at end of property
/rpms/ipt-netflow-2.5.1.spec
1,4 → 1,4
%define kversion 5.7.14-server-1.mga7
%define kversion 5.7.19-server-3.mga7
%define debug_package %{nil}
Name: ipt-netflow
Version: 2.5.1
45,7 → 45,7
 
%changelog
* Sat Oct 17 2020 Richard REY <Rexy>
- Version 2.5.1 for the kernel 5.7.14 (ALCASAR 3.5.1)
- Version 2.5.1 for the kernel 5.7.19 (ALCASAR 3.5.1)
* Fri May 22 2020 Richard REY <Rexy>
- Version 2.5 for the kernel 5.6.14 (ALCASAR 3.5)
* Tue May 21 2019 Richard REY <Rexy>
/rpms/x86_64/ipt-netflow-2.5.1-1.mga7.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/scripts/alcasar-conf.sh
434,8 → 434,10
}
EOF
$DIR_BIN/alcasar-dns-local.sh -hosts_to_unbound # add local name resolution to unbound (forward & blackhole)
# DG + BL
# E2guardian
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
# Watchdog
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
# Prompts
/scripts/alcasar-rpm-download.sh
11,7 → 11,7
VERSION="7"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-5.7.14-1.mga7-1-1.mga7"
KERNEL="kernel-server-5.7.19-3.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo"
 
/scripts/alcasar-uninstall.sh
201,7 → 201,12
i=`expr $i + 1`
rm $filter && echo -n "$i, "
done
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "6"
for jail in `ls /etc/fail2ban/jail.d/*alcasar_* 2>/dev/null`
do
i=`expr $i + 1`
rm $jail && echo -n "$i, "
done
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "11"
}
 
gammu_smsd ()
/scripts/alcasar-urpmi.sh
12,7 → 12,7
VERSION="7"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-5.7.14-1.mga7-1-1.mga7"
KERNEL="kernel-server-5.7.19-3.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# (old) perl-Socket6 : needed by nfsen
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf