Subversion Repositories ALCASAR

Rev

Rev 1388 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1388 Rev 1410
Line 36... Line 36...
36
#         not remove this file when Fail2ban runs. It will not be possible to
36
#         not remove this file when Fail2ban runs. It will not be possible to
37
#         communicate with the server afterwards.
37
#         communicate with the server afterwards.
38
# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
38
# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
39
#
39
#
40
socket = /var/run/fail2ban/fail2ban.sock
40
socket = /var/run/fail2ban/fail2ban.sock
-
 
41
 
-
 
42
# Option: pidfile
-
 
43
# Notes.: Set the PID file. This is used to store the process ID of the
-
 
44
#         fail2ban server.
-
 
45
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
-
 
46
#
-
 
47
pidfile = /var/run/fail2ban/fail2ban.pid
41
EOF
48
EOF
42
 
49
 
43
#########################################################
50
#########################################################
44
## Mise à jour de la configuration de jail de fail2ban ##
51
## Mise à jour de la configuration de jail de fail2ban ##
45
#########################################################
52
#########################################################
Line 84... Line 91...
84
#          is not installed, Fail2ban will use polling.
91
#          is not installed, Fail2ban will use polling.
85
# polling: uses a polling algorithm which does not require external libraries.
92
# polling: uses a polling algorithm which does not require external libraries.
86
# auto:    will choose Gamin if available and polling otherwise.
93
# auto:    will choose Gamin if available and polling otherwise.
87
backend = auto
94
backend = auto
88
 
95
 
-
 
96
# "usedns" specifies if jails should trust hostnames in logs,
-
 
97
# warn when DNS lookups are performed, or ignore all hostnames in logs
-
 
98
#
-
 
99
# yes: if a hostname is encountered, a DNS lookup will be performed.
-
 
100
# warn: if a hostname is encountered, a DNS lookup will be performed,
-
 
101
# but it will be logged as a warning.
-
 
102
# no: if a hostname is encountered, will not be used for banning,
-
 
103
# but it will be logged as info.
-
 
104
usedns = warn
-
 
105
 
89
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
106
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
90
[alcasar_mod-evasive]
107
[alcasar_mod-evasive]
91
 
108
 
92
enabled = true
109
#enabled = true
93
#enabled = false
110
enabled = false
94
filter = mod-evasive
111
filter = alcasar_mod-evasive
95
action = iptables-allports[name=alcasar_mod-evasive]
112
action = iptables-allports[name=alcasar_mod-evasive]
96
logpath = /var/log/httpd/error_log
113
logpath = /var/log/httpd/error_log
97
maxretry = 2
114
maxretry = 2
98
 
115
 
99
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
116
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
Line 109... Line 126...
109
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
126
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
110
[alcasar_htdigest]
127
[alcasar_htdigest]
111
 
128
 
112
enabled = true
129
enabled = true
113
#enabled = false
130
#enabled = false
114
filter = htdigest
131
filter = alcasar_htdigest
115
action = iptables-allports[name=alcasar_htdigest]
132
action = iptables-allports[name=alcasar_htdigest]
116
logpath = /var/log/httpd/ssl_error_log
133
logpath = /var/log/httpd/ssl_request_log
117
maxretry = 5
134
maxretry = 5
118
 
135
 
119
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
136
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
120
[alcasar_intercept]
137
[alcasar_intercept]
121
 
138
 
122
enabled = true
139
enabled = true
123
#enabled = false
140
#enabled = false
124
filter = intercept
141
filter = alcasar_intercept
125
action = iptables-allports[name=alcasar_intercept]
142
action = iptables-allports[name=alcasar_intercept]
126
logpath = /var/log/httpd/ssl_request_log
143
logpath = /var/log/httpd/ssl_request_log
127
maxretry = 5
144
maxretry = 5
128
 
145
 
129
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
146
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
130
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
147
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
131
[alcasar_change-password]
148
[alcasar_change-pwd]
132
 
149
 
133
enabled = true
150
enabled = true
134
#enabled = false
151
#enabled = false
135
filter = mot_de_passe
152
filter = alcasar_change-pwd
136
action = iptables-allports[name=alcasar_change-password]
153
action = iptables-allports[name=alcasar_change-pwd]
137
logpath = /var/log/httpd/ssl_request_log
154
logpath = /var/log/httpd/ssl_request_log
138
maxretry = 5
155
maxretry = 5
-
 
156
 
139
EOF
157
EOF
140
 
158
 
141
##################################################
159
##################################################
142
## Mise en place des filtres spécifiques	##
160
## Mise en place des filtres spécifiques	##
143
## - Mod_evasive.conf				##
161
## - Mod_evasive.conf				##
Line 189... Line 207...
189
#          host must be matched by a group named "host". The tag "<HOST>" can
207
#          host must be matched by a group named "host". The tag "<HOST>" can
190
#          be used for standard IP/hostname matching and is only an alias for
208
#          be used for standard IP/hostname matching and is only an alias for
191
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
209
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
192
# Values:  TEXT
210
# Values:  TEXT
193
#
211
#
194
failregex = [[]error[]] [[]client <HOST>[]] Digest:
212
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
-
 
213
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
-
 
214
 
-
 
215
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
195
 
216
 
196
# Option:  ignoreregex
217
# Option:  ignoreregex
197
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
218
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
198
# Values:  TEXT
219
# Values:  TEXT
199
#
220
#
Line 216... Line 237...
216
#          host must be matched by a group named "host". The tag "<HOST>" can
237
#          host must be matched by a group named "host". The tag "<HOST>" can
217
#          be used for standard IP/hostname matching and is only an alias for
238
#          be used for standard IP/hostname matching and is only an alias for
218
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
239
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
219
# Values:  TEXT
240
# Values:  TEXT
220
#
241
#
221
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
242
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
-
 
243
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
222
 
244
 
223
# Option:  ignoreregex
245
# Option:  ignoreregex
224
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
246
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
225
# Values:  TEXT
247
# Values:  TEXT
226
#
248
#
Line 228... Line 250...
228
EOF
250
EOF
229
 
251
 
230
#######################
252
#######################
231
## MOT_DE_PASSE.CONF ##
253
## MOT_DE_PASSE.CONF ##
232
#######################
254
#######################
233
cat << EOF > $DIR_FILTER/alcasar_change-password.conf
255
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
234
 
256
 
235
# Fail2Ban configuration file
257
# Fail2Ban configuration file
236
#
258
#
237
# Author: Cyril Jaquier
259
# Author: Cyril Jaquier
238
# Adapted by ALCASAR team
260
# Adapted by ALCASAR team
Line 244... Line 266...
244
#          host must be matched by a group named "host". The tag "<HOST>" can
266
#          host must be matched by a group named "host". The tag "<HOST>" can
245
#          be used for standard IP/hostname matching and is only an alias for
267
#          be used for standard IP/hostname matching and is only an alias for
246
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
268
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
247
# Values:  TEXT
269
# Values:  TEXT
248
#
270
#
249
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
271
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
-
 
272
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
-
 
273
 
250
 
274
 
251
# Option:  ignoreregex
275
# Option:  ignoreregex
252
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
276
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
253
# Values:  TEXT
277
# Values:  TEXT
254
#
278
#