Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2863 → Rev 2864

/conf/fail2ban.sh
3,7 → 3,6
 
JAIL_CONF="/etc/fail2ban/jail.conf"
DIR_FILTER="/etc/fail2ban/filter.d/"
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
 
#########################################################
## Mise à jour de la configuration de jail de fail2ban ##
60,7 → 59,6
 
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes)
[alcasar_mod-evasive]
 
#enabled = true
enabled = false
backend = auto
71,7 → 69,6
 
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
[ssh-iptables]
 
enabled = true
#enabled = false
filter = sshd
81,7 → 78,6
 
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
[alcasar_acc]
 
enabled = true
#enabled = false
backend = auto
88,11 → 84,10
filter = alcasar_acc
action = iptables-allports[name=alcasar_acc]
logpath = /var/log/lighttpd/access.log
maxretry = 6
maxretry = 5
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
[alcasar_intercept]
 
enabled = true
#enabled = false
backend = auto
99,12 → 94,11
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/lighttpd/access.log
maxretry = 6
maxretry = 5
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
[alcasar_change-pwd]
 
enabled = true
#enabled = false
backend = auto
115,13 → 109,13
 
EOF
 
##################################################
##############################################
## Mise en place des filtres spécifiques ##
## - Mod_evasive.conf ##
## - acc-htdigest.conf ##
## - intercept.conf ##
## - change-pwd.conf ##
##################################################
## - Mod_evasive.conf ##
## - acc-htdigest.conf ##
## - intercept.conf ##
## - change-pwd.conf ##
##############################################
 
######################
## MOD-EVASIVE.CONF ##
234,79 → 228,3
#
ignoreregex =
EOF
 
##############################################
## Log sur ULOG quand iptables-allports ##
##############################################
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
cat << EOF > $ACTION_ALLPORTS
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
# made active on all ports from original iptables.conf
# Adapted by ALCASAR team
 
[Definition]
 
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> -j fail2ban-<name>
 
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
 
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
 
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
 
[Init]
 
# Defaut name of the chain
#
name = default
 
# Option: protocol
# Notes.: internally used by config reader for interpolations.
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp
 
# Option: chain
# Notes specifies the iptables chain to which the fail2ban rules should be
# added
# Values: STRING Default: INPUT
chain = INPUT
 
EOF