Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2270 → Rev 2271

/conf/fail2ban.sh
1,3 → 1,6
#!/bin/sh
# $Id$
 
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
JAIL_CONF="/etc/fail2ban/jail.conf"
DIR_FILTER="/etc/fail2ban/filter.d/"
6,10 → 9,7
#########################################################
## Mise à jour du fichier de configuration de fail2ban ##
#########################################################
if(test -f $FAIL_CONF)
then
mv $FAIL_CONF $FAIL_CONF.default
fi
[ -f $FAIL_CONF ] && [ ! -e $FAIL_CONF.default ] && mv $FAIL_CONF $FAIL_CONF.default
cat << EOF > $FAIL_CONF
 
[Definition]
50,10 → 50,7
#########################################################
## Mise à jour de la configuration de jail de fail2ban ##
#########################################################
if(test -f $JAIL_CONF)
then
mv $JAIL_CONF $JAIL_CONF.default
fi
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default
cat << EOF > $JAIL_CONF
 
# Fail2Ban configuration file
111,6 → 108,7
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
/var/log/httpd/ssl_error_log
maxretry = 2
 
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
124,13 → 122,13
maxretry = 3
 
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
[alcasar_htdigest]
[alcasar_acc-htdigest]
 
enabled = true
#enabled = false
filter = alcasar_htdigest
action = iptables-allports[name=alcasar_htdigest]
logpath = /var/log/httpd/ssl_request_log
filter = alcasar_acc-htdigest
action = iptables-allports[name=alcasar_acc-htdigest]
logpath = /var/log/httpd/ssl_error_log
maxretry = 5
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
159,9 → 157,9
##################################################
## Mise en place des filtres spécifiques ##
## - Mod_evasive.conf ##
## - htdigest.conf ##
## - acc-htdigest.conf ##
## - intercept.conf ##
## - mot de passe ##
## - change-pwd.conf ##
##################################################
 
######################
182,7 → 180,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]client <HOST>[]] client denied by server configuration
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
191,10 → 189,10
ignoreregex =
EOF
 
###################
## HTDIGEST.CONF ##
###################
cat << EOF > $DIR_FILTER/alcasar_htdigest.conf
#######################
## ACC-HTDIGEST.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_acc-htdigest.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
209,8 → 207,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\)
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
239,8 → 236,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
249,9 → 245,9
ignoreregex =
EOF
 
#######################
## MOT_DE_PASSE.CONF ##
#######################
#####################
## CHANGE-PWD.CONF ##
#####################
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
 
# Fail2Ban configuration file
268,8 → 264,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
failregex = \[<HOST>\] \"POST \/pass
 
 
# Option: ignoreregex
282,10 → 277,7
##############################################
## Log sur ULOG quand iptables-allports ##
##############################################
if ( test -f $ACTION_ALLPORTS )
then
mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
fi
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
cat << EOF > $ACTION_ALLPORTS
# Fail2Ban configuration file
#
327,7 → 319,7
# Values: CMD
 
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
iptables -I fail2ban-<name> 1 -s <ip> -j DROP
iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
338,7 → 330,7
# Values: CMD
#
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
 
[Init]
 
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:keywords
+Id
\ No newline at end of property