Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1409 → Rev 1410

/conf/fail2ban.sh
38,6 → 38,13
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
 
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
EOF
 
#########################################################
86,12 → 93,22
# auto: will choose Gamin if available and polling otherwise.
backend = auto
 
# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
 
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
[alcasar_mod-evasive]
 
enabled = true
#enabled = false
filter = mod-evasive
#enabled = true
enabled = false
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
maxretry = 2
111,9 → 128,9
 
enabled = true
#enabled = false
filter = htdigest
filter = alcasar_htdigest
action = iptables-allports[name=alcasar_htdigest]
logpath = /var/log/httpd/ssl_error_log
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
121,7 → 138,7
 
enabled = true
#enabled = false
filter = intercept
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
128,14 → 145,15
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
[alcasar_change-password]
[alcasar_change-pwd]
 
enabled = true
#enabled = false
filter = mot_de_passe
action = iptables-allports[name=alcasar_change-password]
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
 
EOF
 
##################################################
191,8 → 209,11
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]error[]] [[]client <HOST>[]] Digest:
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
218,7 → 239,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
230,7 → 252,7
#######################
## MOT_DE_PASSE.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_change-password.conf
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
 
# Fail2Ban configuration file
#
246,8 → 268,10
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
 
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT