Subversion Repositories ALCASAR

Rev

Rev 2837 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2837 Rev 2864
Line 1... Line 1...
1
#!/bin/sh
1
#!/bin/sh
2
# $Id: fail2ban.sh 2837 2020-06-16 22:24:15Z rexy $
2
# $Id: fail2ban.sh 2864 2020-10-18 09:06:17Z rexy $
3
 
3
 
4
JAIL_CONF="/etc/fail2ban/jail.conf"
4
JAIL_CONF="/etc/fail2ban/jail.conf"
5
DIR_FILTER="/etc/fail2ban/filter.d/"
5
DIR_FILTER="/etc/fail2ban/filter.d/"
6
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
-
 
7
 
6
 
8
#########################################################
7
#########################################################
9
## Mise à jour de la configuration de jail de fail2ban ##
8
## Mise à jour de la configuration de jail de fail2ban ##
10
#########################################################
9
#########################################################
11
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default
10
[ -f $JAIL_CONF ] && [ ! -e $JAIL_CONF.default ] && mv $JAIL_CONF $JAIL_CONF.default
Line 58... Line 57...
58
# but it will be logged as info.
57
# but it will be logged as info.
59
usedns = warn
58
usedns = warn
60
 
59
 
61
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes)
60
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes)
62
[alcasar_mod-evasive]
61
[alcasar_mod-evasive]
63
 
-
 
64
#enabled = true
62
#enabled = true
65
enabled = false
63
enabled = false
66
backend = auto
64
backend = auto
67
filter = alcasar_mod-evasive
65
filter = alcasar_mod-evasive
68
action = iptables-allports[name=alcasar_mod-evasive]
66
action = iptables-allports[name=alcasar_mod-evasive]
69
logpath = /var/log/lighttpd/access.log
67
logpath = /var/log/lighttpd/access.log
70
maxretry = 3
68
maxretry = 3
71
 
69
 
72
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
70
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
73
[ssh-iptables]
71
[ssh-iptables]
74
 
-
 
75
enabled = true
72
enabled = true
76
#enabled  = false
73
#enabled  = false
77
filter   = sshd
74
filter   = sshd
78
action   = iptables-allports[name=SSH]
75
action   = iptables-allports[name=SSH]
79
logpath  = /var/log/auth.log
76
logpath  = /var/log/auth.log
80
maxretry = 3
77
maxretry = 3
81
 
78
 
82
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
79
# Bannissement sur tous les ports après 5 échecs de connexion sur le centre de contrôle (ACC)
83
[alcasar_acc]
80
[alcasar_acc]
84
 
-
 
85
enabled = true
81
enabled = true
86
#enabled = false
82
#enabled = false
87
backend = auto
83
backend = auto
88
filter = alcasar_acc
84
filter = alcasar_acc
89
action = iptables-allports[name=alcasar_acc]
85
action = iptables-allports[name=alcasar_acc]
90
logpath = /var/log/lighttpd/access.log
86
logpath = /var/log/lighttpd/access.log
91
maxretry = 6
87
maxretry = 5
92
 
88
 
93
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
89
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
94
[alcasar_intercept]
90
[alcasar_intercept]
95
 
-
 
96
enabled = true
91
enabled = true
97
#enabled = false
92
#enabled = false
98
backend = auto
93
backend = auto
99
filter = alcasar_intercept
94
filter = alcasar_intercept
100
action = iptables-allports[name=alcasar_intercept]
95
action = iptables-allports[name=alcasar_intercept]
101
logpath = /var/log/lighttpd/access.log
96
logpath = /var/log/lighttpd/access.log
102
maxretry = 6
97
maxretry = 5
103
 
98
 
104
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
99
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
105
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
100
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
106
[alcasar_change-pwd]
101
[alcasar_change-pwd]
107
 
-
 
108
enabled = true
102
enabled = true
109
#enabled = false
103
#enabled = false
110
backend = auto
104
backend = auto
111
filter = alcasar_change-pwd
105
filter = alcasar_change-pwd
112
action = iptables-allports[name=alcasar_change-pwd]
106
action = iptables-allports[name=alcasar_change-pwd]
113
logpath = /var/log/lighttpd/access.log
107
logpath = /var/log/lighttpd/access.log
114
maxretry = 5
108
maxretry = 5
115
 
109
 
116
EOF
110
EOF
117
 
111
 
118
##################################################
112
##############################################
119
## Mise en place des filtres spécifiques	##
113
## Mise en place des filtres spécifiques	##
120
## - Mod_evasive.conf				##
114
## - Mod_evasive.conf						##
121
## - acc-htdigest.conf				##
115
## - acc-htdigest.conf						##
122
## - intercept.conf				##
116
## - intercept.conf							##
123
## - change-pwd.conf				##
117
## - change-pwd.conf						##
124
##################################################
118
##############################################
125
 
119
 
126
######################
120
######################
127
## MOD-EVASIVE.CONF ##
121
## MOD-EVASIVE.CONF ##
128
######################
122
######################
129
cat << EOF > $DIR_FILTER/alcasar_mod-evasive.conf
123
cat << EOF > $DIR_FILTER/alcasar_mod-evasive.conf
Line 232... Line 226...
232
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
226
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
233
# Values:  TEXT
227
# Values:  TEXT
234
#
228
#
235
ignoreregex = 
229
ignoreregex = 
236
EOF
230
EOF
237
 
-
 
238
##############################################
-
 
239
##   Log sur ULOG quand iptables-allports   ##
-
 
240
##############################################
-
 
241
[ -f $ACTION_ALLPORTS ] && [ ! -e $ACTION_ALLPORTS.default ] && mv $ACTION_ALLPORTS $ACTION_ALLPORTS.default
-
 
242
cat << EOF > $ACTION_ALLPORTS
-
 
243
# Fail2Ban configuration file
-
 
244
#
-
 
245
# Author: Cyril Jaquier
-
 
246
# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
-
 
247
# 			made active on all ports from original iptables.conf
-
 
248
# Adapted by ALCASAR team
-
 
249
 
-
 
250
[Definition]
-
 
251
 
-
 
252
# Option:  actionstart
-
 
253
# Notes.:  command executed once at the start of Fail2Ban.
-
 
254
# Values:  CMD
-
 
255
#
-
 
256
actionstart = iptables -N fail2ban-<name>
-
 
257
              iptables -A fail2ban-<name> -j RETURN
-
 
258
              iptables -I <chain> -p <protocol> -j fail2ban-<name>
-
 
259
 
-
 
260
# Option:  actionstop
-
 
261
# Notes.:  command executed once at the end of Fail2Ban
-
 
262
# Values:  CMD
-
 
263
#
-
 
264
actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
-
 
265
             iptables -F fail2ban-<name>
-
 
266
             iptables -X fail2ban-<name>
-
 
267
 
-
 
268
# Option:  actioncheck
-
 
269
# Notes.:  command executed once before each actionban command
-
 
270
# Values:  CMD
-
 
271
#
-
 
272
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
-
 
273
 
-
 
274
# Option:  actionban
-
 
275
# Notes.:  command executed when banning an IP. Take care that the
-
 
276
#          command is executed with Fail2Ban user rights.
-
 
277
# Tags:    <ip>  IP address
-
 
278
#          <failures>  number of failures
-
 
279
#          <time>  unix timestamp of the ban time
-
 
280
# Values:  CMD
-
 
281
 
-
 
282
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
-
 
283
 
-
 
284
# Option:  actionunban
-
 
285
# Notes.:  command executed when unbanning an IP. Take care that the
-
 
286
#          command is executed with Fail2Ban user rights.
-
 
287
# Tags:    <ip>  IP address
-
 
288
#          <failures>  number of failures
-
 
289
#          <time>  unix timestamp of the ban time
-
 
290
# Values:  CMD
-
 
291
#
-
 
292
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
-
 
293
 
-
 
294
[Init]
-
 
295
 
-
 
296
# Defaut name of the chain
-
 
297
#
-
 
298
name = default
-
 
299
 
-
 
300
# Option:  protocol
-
 
301
# Notes.:  internally used by config reader for interpolations.
-
 
302
# Values:  [ tcp | udp | icmp | all ] Default: tcp
-
 
303
#
-
 
304
protocol = tcp
-
 
305
 
-
 
306
# Option:  chain
-
 
307
# Notes    specifies the iptables chain to which the fail2ban rules should be
-
 
308
#          added
-
 
309
# Values:  STRING  Default: INPUT
-
 
310
chain = INPUT
-
 
311
 
-
 
312
EOF
-