Compare commits
19 Commits
0.1.16_el6
...
master
Author | SHA1 | Date | |
---|---|---|---|
|
ae727cb900 | ||
|
5f11114572 | ||
|
1672a8431c | ||
|
1b06a14197 | ||
|
72fd0d81c2 | ||
|
c203c38bf7 | ||
|
71c09c53f4 | ||
|
a1e5bd2b2c | ||
|
337c89ced4 | ||
|
cac3d51734 | ||
|
2a25c2a6fd | ||
|
799310bef3 | ||
|
4da2dd6979 | ||
|
8f9f7ba655 | ||
|
58877ee987 | ||
|
b92a8aa92c | ||
|
fbd9cab08a | ||
|
fd3c7ae78a | ||
|
831e058085 |
|
@ -17,7 +17,11 @@ safe_symlink("restart", "root/etc/e-smith/events/fail2ban-conf/services2adjust/f
|
|||
safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/fail2ban");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/fail2ban");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/remoteaccess-update/services2adjust/fail2ban");
|
||||
event_link("fail2ban-suspend-logs", "logrotate", "02");
|
||||
event_link("fail2ban-resume-logs", "logrotate", "98");
|
||||
|
||||
service_link_enhanced("fail2ban", "S92", "7");
|
||||
safe_touch("root/var/log/fail2ban/daemon.log");
|
||||
|
||||
service_link_enhanced("fail2ban", "S99", "7");
|
||||
service_link_enhanced("fail2ban", "K08", "6");
|
||||
service_link_enhanced("fail2ban", "K08", "0");
|
||||
|
|
28
root/etc/e-smith/events/actions/fail2ban-resume-logs
Normal file
28
root/etc/e-smith/events/actions/fail2ban-resume-logs
Normal file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
|
||||
if [ "$STATUS" != "enabled" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
sleep 1
|
||||
for JAIL in http-overflows http-noscript http-scan http-auth; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log
|
||||
fi
|
||||
done
|
||||
|
||||
for JAIL in pam-generic ftp; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/secure
|
||||
fi
|
||||
done
|
||||
|
||||
for JAIL in lemonldap; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL addlogpath /var/log/messages
|
||||
fi
|
||||
done
|
27
root/etc/e-smith/events/actions/fail2ban-suspend-logs
Normal file
27
root/etc/e-smith/events/actions/fail2ban-suspend-logs
Normal file
|
@ -0,0 +1,27 @@
|
|||
#!/bin/sh
|
||||
|
||||
STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled)
|
||||
if [ "$STATUS" != "enabled" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for JAIL in http-overflows http-noscript http-scan http-auth; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/httpd/error_log
|
||||
fi
|
||||
done
|
||||
|
||||
for JAIL in pam-generic ftp; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/secure
|
||||
fi
|
||||
done
|
||||
|
||||
for JAIL in lemonldap; do
|
||||
/usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
/usr/bin/fail2ban-client set $JAIL dellogpath /var/log/messages
|
||||
fi
|
||||
done
|
|
@ -2,3 +2,4 @@
|
|||
loglevel = 3
|
||||
logtarget = /var/log/fail2ban/daemon.log
|
||||
socket = /var/run/fail2ban/fail2ban.sock
|
||||
pidfile = /var/run/fail2ban/fail2ban.pid
|
||||
|
|
|
@ -25,7 +25,9 @@ unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){
|
|||
|
||||
# Add a local whitelist
|
||||
foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')){
|
||||
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_");
|
||||
my $addr = $_;
|
||||
$addr .= '/32' unless ($addr =~ m/\/\d{1,2}$/);
|
||||
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$addr");
|
||||
push @ip, "$ip/$bits";
|
||||
}
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ my $port = join (",", @ports);
|
|||
|
||||
$OUT .=<<"EOF";
|
||||
|
||||
[sogo]
|
||||
[lemonldap]
|
||||
enabled = true
|
||||
filter = lemonldap-ng
|
||||
logpath = /var/log/messages
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
|
||||
[Definition]
|
||||
|
||||
actionstart =
|
||||
actionstop =
|
||||
actioncheck =
|
||||
actionban = /sbin/e-smith/smeserver-fail2ban --host=<ip> --proto=<protocol> --port=<port> --bantime=<bantime>
|
||||
actionunban = /sbin/e-smith/smeserver-fail2ban --host=<ip> --unban --proto=<protocol> --port=<port>
|
||||
|
||||
|
|
2
root/etc/fail2ban/filter.d/apache-auth.local
Normal file
2
root/etc/fail2ban/filter.d/apache-auth.local
Normal file
|
@ -0,0 +1,2 @@
|
|||
[Definition]
|
||||
ignoreregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: /etc/httpd/conf/proxy/proxy\.pac\s*$
|
|
@ -1,7 +1,7 @@
|
|||
[Definition]
|
||||
re_pma = (admin|administrator|database|db|sql|typo3|xampp\/)?(pma|PMA|phpmyadmin|phpMyAdmin(\-?[\d\.\-]+((rc|pl|beta)\d+)?)?|myadmin|mysql|mysqladmin|sqladmin|mypma|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2|php\-my\-admin|sqlmanager|websql|sqlweb|MyAdmin|phpadmin|sql|pma2005|databaseadmin|phpmanager)(\/main\.php|setup\.php|read_dump\.php|read_dump\.phpmain\.php)?
|
||||
re_admin = administrator(\/index\.php)?|manager(\/(status|html))?|webadmin|ecrire|admin((\.php)|(\/(config|login)\.php))?|mailadmin|setup\.php|admin\/modules\/backup\/page\.backup\.php
|
||||
re_proxy = freenode-proxy-checker\.txt|proxy|proxychecker|proxyheader\.php
|
||||
re_proxy = freenode-proxy-checker\.txt|proxychecker|proxyheader\.php
|
||||
re_various = vtigercrm|typo3|scripts|wp\-admin|wp\-login\.php|wordpress|horde(\d+(\/+README)?)?|w00tw00t\.*|\/?plmplmplm\/plm\.php
|
||||
|
||||
failregex = \[client <HOST>\] File does not exist: .*\/(%(re_pma)s|%(re_admin)s|%(re_proxy)s|%(re_various)s)$
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
# /etc/fail2ban/filter.d/sogo-auth.conf
|
||||
#
|
||||
# Fail2Ban configuration file
|
||||
# By Arnd Brandes
|
||||
# SOGo
|
||||
#
|
||||
|
||||
[Definition]
|
||||
# Option: failregex
|
||||
# Filter Ban in /var/log/sogo/sogo.log
|
||||
# Note: the error log may contain multiple hosts, whereas the first one
|
||||
# is the client and all others are poxys. We match the first one, only
|
||||
|
||||
failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
ignoreregex =
|
|
@ -1,4 +1,4 @@
|
|||
%define version 0.1.3
|
||||
%define version 0.1.11
|
||||
%define release 1
|
||||
%define name smeserver-fail2ban
|
||||
|
||||
|
@ -22,6 +22,30 @@ Requires: fail2ban
|
|||
Configure fail2ban on SME Server
|
||||
|
||||
%changelog
|
||||
* Mon Feb 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.11-1.sme
|
||||
- Ignore failure to get proxy.pac
|
||||
|
||||
* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.10-1.sme
|
||||
- Start fail2ban a bit later [SME: 8708]
|
||||
|
||||
* Tue Jan 27 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.9-1.sme
|
||||
- Suspend log monitoring during logrotate [SME: 8708]
|
||||
|
||||
* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.8-1.sme
|
||||
- Fix LL::NG jail name
|
||||
|
||||
* Wed Sep 17 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.7-1.sme
|
||||
- Restart fail2ban during logrotate so it reopens httpd logs [SME: 8557]
|
||||
|
||||
* Mon Sep 8 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.6.sme
|
||||
- Backport a few changes from sme9 branch to work with fail2ban 0.8.14
|
||||
|
||||
* Wed Jun 25 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.5-1.sme
|
||||
- Correctly handle single IP in IgnoreIP prop
|
||||
|
||||
* Tue Jun 24 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.4-1.sme
|
||||
- Relax proxy regex so requests for proxy.pac doesn't match
|
||||
|
||||
* Wed Dec 18 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.3-1.sme
|
||||
- Fix port, which was incorrectly set to proto
|
||||
|
||||
|
@ -48,7 +72,9 @@ perl createlinks
|
|||
/bin/rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--dir /var/log/fail2ban 'attr(0750,root,root)' \
|
||||
--file /var/log/fail2ban/daemon.log 'config(noreplace) %attr(0600,root,root)' \
|
||||
--file /etc/cron.daily/cleanup_fail2ban 'attr(0755,root,root)' \
|
||||
--file /etc/fail2ban/filter.d/apache-auth.local 'config(noreplace) %attr(0644,root,root)' \
|
||||
> %{name}-%{version}-filelist
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
|
|
Loading…
Reference in New Issue
Block a user