Subversion Repositories ALCASAR

Rev

Rev 2864 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2864 Rev 2865
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
# $Id: fail2ban.sh 2864 2020-10-18 09:06:17Z rexy $
 2 
# $Id: fail2ban.sh 2865 2020-10-18 22:21:46Z rexy $
3 
 
 3 
 
4 
JAIL_CONF="/etc/fail2ban/jail.conf"
 4 
JAIL_CONF="/etc/fail2ban/jail.conf"
5 
DIR_FILTER="/etc/fail2ban/filter.d/"
 5 
DIR_FILTER="/etc/fail2ban/filter.d/"
6 
 
 6 
 
7 
#########################################################
 7 
#########################################################
Line 16... Line 16...
16 
# Adapted by ALCASAR team
 16 
# Adapted by ALCASAR team
17 
 
 17 
 
18 
 
 18 
 
19 
# The DEFAULT allows a global definition of the options. They can be overridden
 19 
# The DEFAULT allows a global definition of the options. They can be overridden
20 
# in each jail afterwards.
 20 
# in each jail afterwards.
21 
 
 - 
 
22 
[DEFAULT]
 21 
[DEFAULT]
23 
 
 - 
 
24 
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 22 
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
25 
# ban a host which matches an address in this list. Several addresses can be
 23 
# ban a host which matches an address in this list. Several addresses can be
26 
# defined using space separator.
 24 
# defined using space separator.
27 
ignoreip = 127.0.0.1/8
 25 
ignoreip = 127.0.0.1/8
28 
 
 - 
 
29 
# "bantime" is the number of seconds that a host is banned.
 26 
# "bantime" is the number of seconds that a host is banned.
30 
bantime  = 180
 27 
bantime  = 180
31 
 
 28 
 
32 
# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
 29 
# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
33 
# Un client est banni s'il génere "maxretry" requêtes pendant "findtime" (en secondes)
 30 
# Un client est banni s'il génere "maxretry" requêtes pendant "findtime" (en secondes)
Line 125... Line 122...
125 
#
 122 
#
126 
# Author: Cyril Jaquier
 123 
# Author: Cyril Jaquier
127 
# Adapted by ALCASAR team
 124 
# Adapted by ALCASAR team
128 
 
 125 
 
129 
[Definition]
 126 
[Definition]
130 
 
 - 
 
131 
# Option:  failregex
 127 
# Option:  failregex
132 
# Notes.:  regex to match the password failure messages in the logfile. The
 128 
# Notes.:  regex to match the password failure messages in the logfile. The
133 
#          host must be matched by a group named "host". The tag "<HOST>" can
 129 
#          host must be matched by a group named "host". The tag "<HOST>" can
134 
#          be used for standard IP/hostname matching and is only an alias for
 130 
#          be used for standard IP/hostname matching and is only an alias for
135 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 131 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
136 
# Values:  TEXT
 132 
# Values:  TEXT
137 
#
 - 
 
138 
failregex =  <HOST> .+\] "[^"]+" 403
 133 
failregex =  <HOST> .+\] "[^"]+" 403
139 
 
 - 
 
140 
# Option:  ignoreregex
 134 
# Option:  ignoreregex
141 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
 135 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
142 
# Values:  TEXT
 - 
 
143 
#
 - 
 
144 
ignoreregex =
136 
ignoreregex =
145 
EOF
 137 
EOF
146 
 
 138 
 
147 
#######################
 139 
#######################
148 
## ACC-HTDIGEST.CONF ##
 140 
## ACC-HTDIGEST.CONF ##
Line 152... Line 144...
152 
#
 144 
#
153 
# Author: Cyril Jaquier
 145 
# Author: Cyril Jaquier
154 
# Adapted by ALCASAR team
 146 
# Adapted by ALCASAR team
155 
 
 147 
 
156 
[Definition]
 148 
[Definition]
157 
 
 - 
 
158 
# Option:  failregex
 149 
# Option:  failregex
159 
# Notes.:  regex to match the password failure messages in the logfile. The
 150 
# Notes.:  regex to match the password failure messages in the logfile. The
160 
#          host must be matched by a group named "host". The tag "<HOST>" can
 151 
#          host must be matched by a group named "host". The tag "<HOST>" can
161 
#          be used for standard IP/hostname matching and is only an alias for
 152 
#          be used for standard IP/hostname matching and is only an alias for
162 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 153 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
163 
# Values:  TEXT
 154 
# Values:  TEXT
164 
#
 - 
 
165 
failregex =  <HOST> .+\] "[^"]+" 401
 155 
failregex =  <HOST> .+\] "[^"]+" 401
166 
 
 - 
 
167 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 - 
 
168 
 
 - 
 
169 
# Option:  ignoreregex
 156 
# Option:  ignoreregex
170 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
 157 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
171 
# Values:  TEXT
 - 
 
172 
#
 - 
 
173 
ignoreregex =
158 
ignoreregex =
174 
EOF
 159 
EOF
175 
 
 160 
 
176 
####################
 161 
####################
177 
## INTERCEPT.CONF ##
 162 
## INTERCEPT.CONF ##
Line 181... Line 166...
181 
#
 166 
#
182 
# Author: Cyril Jaquier
 167 
# Author: Cyril Jaquier
183 
# Adapted by ALCASAR team
 168 
# Adapted by ALCASAR team
184 
 
 169 
 
185 
[Definition]
 170 
[Definition]
186 
 
 - 
 
187 
# Option:  failregex
 171 
# Option:  failregex
188 
# Notes.:  regex to match the password failure messages in the logfile. The
 172 
# Notes.:  regex to match the password failure messages in the logfile. The
189 
#          host must be matched by a group named "host". The tag "<HOST>" can
 173 
#          host must be matched by a group named "host". The tag "<HOST>" can
190 
#          be used for standard IP/hostname matching and is only an alias for
 174 
#          be used for standard IP/hostname matching and is only an alias for
191 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 175 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
192 
# Values:  TEXT
 176 
# Values:  TEXT
193 
#
 - 
 
194 
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
 177 
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
195 
 
 - 
 
196 
# Option:  ignoreregex
 178 
# Option:  ignoreregex
197 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
 179 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
198 
# Values:  TEXT
 - 
 
199 
#
 - 
 
200 
ignoreregex =
180 
ignoreregex =
201 
EOF
 181 
EOF
202 
 
 182 
 
203 
#####################
 183 
#####################
204 
## CHANGE-PWD.CONF ##
 184 
## CHANGE-PWD.CONF ##
Line 209... Line 189...
209 
#
 189 
#
210 
# Author: Cyril Jaquier
 190 
# Author: Cyril Jaquier
211 
# Adapted by ALCASAR team
 191 
# Adapted by ALCASAR team
212 
 
 192 
 
213 
[Definition]
 193 
[Definition]
214 
 
 - 
 
215 
# Option:  failregex
 194 
# Option:  failregex
216 
# Notes.:  regex to match the password failure messages in the logfile. The
 195 
# Notes.:  regex to match the password failure messages in the logfile. The
217 
#          host must be matched by a group named "host". The tag "<HOST>" can
 196 
#          host must be matched by a group named "host". The tag "<HOST>" can
218 
#          be used for standard IP/hostname matching and is only an alias for
 197 
#          be used for standard IP/hostname matching and is only an alias for
219 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 198 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
220 
# Values:  TEXT
 199 
# Values:  TEXT
221 
#
 - 
 
222 
failregex = <HOST> .* \"POST \/password\.php
 200 
failregex = <HOST> .* \"POST \/password\.php
223 
 
 - 
 
224 
 
 - 
 
225 
# Option:  ignoreregex
 201 
# Option:  ignoreregex
226 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
 202 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
227 
# Values:  TEXT
 - 
 
228 
#
 - 
 
229 
ignoreregex =
203 
ignoreregex =
230 
EOF
 204 
EOF