wok-current rev 20059
Add fail2ban-ipv6
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Fri Sep 15 21:48:12 2017 +0200 (2017-09-15) |
parents | 4b3b1a6d8ca5 |
children | d8d9abb5377f |
files | fail2ban-ipv6/receipt fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf fail2ban-ipv6/stuff/etc/init.d/fail2ban fail2ban/receipt |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/fail2ban-ipv6/receipt Fri Sep 15 21:48:12 2017 +0200 1.3 @@ -0,0 +1,116 @@ 1.4 +# SliTaz package receipt. 1.5 + 1.6 +PACKAGE="fail2ban-ipv6" 1.7 +SOURCE="fail2ban" 1.8 +VERSION="0.9.0" 1.9 +CATEGORY="network" 1.10 +SHORT_DESC="Scans log files to bans IPv4 & IPv6 that makes too many password failures." 1.11 +MAINTAINER="pascal.bellard@slitaz.org" 1.12 +LICENSE="GPL2" 1.13 +TARBALL="$SOURCE-$VERSION.tar.gz" 1.14 +EXTRA_SOURCE_FILES="fail2ban-ipv6.tar.xz" 1.15 +WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" 1.16 +WEB_SITE2="https://blog.tetsumaki.net/articles/2014/03/ajout-du-support-ipv6-sur-fail2ban.html" 1.17 +WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION" 1.18 +PATCH="https://data.tetsumaki.net/divers/fail2ban-ipv6.tar.xz" 1.19 +PROVIDE="fail2ban" 1.20 +TAGS="monitor network" 1.21 +CONFIG_FILES="/etc/fail2ban" 1.22 + 1.23 +DEPENDS="iptables" 1.24 +BUILD_DEPENDS="python wget" 1.25 + 1.26 +# Rules to configure and make the package. 1.27 +compile_rules() 1.28 +{ 1.29 + [ -s $SOURCES_REPOSITORY/$(basename $PATCH) ] || 1.30 + wget --no-check-certificate -P $SOURCES_REPOSITORY $PATCH 1.31 + tar xf $SOURCES_REPOSITORY/$(basename $PATCH) 1.32 + for i in fail2ban-ipv6/*.patch ; do 1.33 + patch -p0 < $i 1.34 + done 1.35 + python setup.py install --root=$DESTDIR 1.36 +} 1.37 + 1.38 +# Rules to gen a SliTaz package suitable for Tazpkg. 1.39 +genpkg_rules() 1.40 +{ 1.41 + mkdir -p $fs/etc/logrotate.d $fs/etc/init.d $fs/usr/bin 1.42 + cp -a $install/* $fs 1.43 + cp -a $src/fail2ban-ipv6/*.sh $fs/usr/bin 1.44 + cp -a $src/fail2ban-ipv6/*.conf $fs/etc/fail2ban/action.d 1.45 + sed -i 's/^.DEFAULT*/&\njailaction = iptable46-multiport/' $fs/etc/fail2ban/jail.conf 1.46 + sed -i 's/= \\s\*/= \\s*\\S+\\s\*/' $fs/etc/fail2ban/filter.d/common.conf 1.47 + sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 1.48 + -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 1.49 + 1.50 + cp -a $stuff/etc/fail2ban/ $fs/etc/ 1.51 + cp -a $stuff/etc/init.d $fs/etc/ 1.52 + 1.53 + cat >> $fs/etc/fail2ban/jail.conf <<EOT 1.54 +[apache-noscript] 1.55 + 1.56 +enabled = false 1.57 +port = http,https 1.58 +filter = apache-noscript 1.59 +action = iptables-allports[name=APACHE-NOSCRIPT] 1.60 +logpath = /var/log/apache/*errors 1.61 +maxretry = 2 1.62 + 1.63 +[apache-proxy] 1.64 + 1.65 +enabled = false 1.66 +port = http,https 1.67 +filter = apache-proxy 1.68 +action = iptables-allports[name=APACHE-PROXY] 1.69 +logpath = /var/log/apache/*access 1.70 +bantime = 172800 1.71 +maxretry = 2 1.72 + 1.73 +[apache-w00tw00t] 1.74 +enabled = false 1.75 +filter = apache-w00tw00t 1.76 +action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] 1.77 + logpath = /var/log/apache/*access 1.78 + maxretry = 1 1.79 + bantime = 172800 1.80 + 1.81 +[lighttpd-fastcgi] 1.82 + 1.83 +enabled = false 1.84 +port = http,https 1.85 +filter = lighttpd-fastcgi 1.86 +action = iptables-allports[name=LIGHTTPD-FASTCGI] 1.87 +logpath = /var/log/lighttpd/*error*.log 1.88 +maxretry = 2 1.89 + 1.90 +[ssh-ddos] 1.91 + 1.92 +enabled = true 1.93 +port = ssh,sftp 1.94 +filter = sshd-ddos 1.95 +action = iptables-allports[name=SSHDDOS] 1.96 +logpath = /var/log/messages 1.97 +maxretry = 2 1.98 + 1.99 +[fail2ban] 1.100 +enabled = true 1.101 +filter = fail2ban 1.102 +action = iptables-allports[name=FAIL2BAN] 1.103 +logpath = /var/log/fail2ban.log 1.104 +maxretry = 5 1.105 +findtime = 604800 1.106 +bantime = 604800 1.107 +EOT 1.108 + #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 1.109 + cat > $fs/etc/logrotate.d/fail2ban <<EOT 1.110 +/var/log/fail2ban.log { 1.111 + weekly 1.112 + rotate 10 1.113 + compress 1.114 + postrotate 1.115 + /etc/init.d/fail2ban reload >/dev/null || true 1.116 + endscript 1.117 +} 1.118 +EOT 1.119 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf Fri Sep 15 21:48:12 2017 +0200 2.3 @@ -0,0 +1,24 @@ 2.4 +# Fail2Ban configuration file 2.5 +# 2.6 +# Author: Cyril Jaquier 2.7 +# 2.8 +# $Revision: 658 $ 2.9 +# 2.10 + 2.11 +[Definition] 2.12 + 2.13 +# Option: failregex 2.14 +# Notes.: regex to match the password failure messages in the logfile. The 2.15 +# host must be matched by a group named "host". The tag "<HOST>" can 2.16 +# be used for standard IP/hostname matching and is only an alias for 2.17 +# (?:::f{4,6}:)?(?P<host>\S+) 2.18 +# Values: TEXT 2.19 +# 2.20 +failregex = [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl) 2.21 + [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): [^.]*$ 2.22 + 2.23 +# Option: ignoreregex 2.24 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 2.25 +# Values: TEXT 2.26 +# 2.27 +ignoreregex =
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf Fri Sep 15 21:48:12 2017 +0200 3.3 @@ -0,0 +1,21 @@ 3.4 +# Fail2Ban configuration file 3.5 +# 3.6 +# Author: James Roe 3.7 +# 3.8 + 3.9 +[Definition] 3.10 + 3.11 +# Option: failregex 3.12 +# Notes.: regex to match the password failure messages in the logfile. The 3.13 +# host must be matched by a group named "host". The tag "<HOST>" can 3.14 +# be used for standard IP/hostname matching and is only an alias for 3.15 +# (?:::f{4,6}:)?(?P<host>\S+) 3.16 +# Values: TEXT 3.17 +# 3.18 +failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>) 3.19 + 3.20 +# Option: ignoreregex 3.21 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 3.22 +# Values: TEXT 3.23 +# 3.24 +ignoreregex =
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf Fri Sep 15 21:48:12 2017 +0200 4.3 @@ -0,0 +1,5 @@ 4.4 +[Definition] 4.5 + 4.6 +failregex = ^<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".* 4.7 + 4.8 +ignoreregex =
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf Fri Sep 15 21:48:12 2017 +0200 5.3 @@ -0,0 +1,28 @@ 5.4 +# Fail2Ban configuration file 5.5 +# 5.6 +# Author: Tom Hendrikx 5.7 +# 5.8 +# $Revision: 663 $ 5.9 +# 5.10 + 5.11 +[Definition] 5.12 + 5.13 +# Option: failregex 5.14 +# Notes.: regex to match the password failures messages in the logfile. The 5.15 +# host must be matched by a group named "host". The tag "<HOST>" can 5.16 +# be used for standard IP/hostname matching and is only an alias for 5.17 +# (?:::f{4,6}:)?(?P<host>\S+) 5.18 +# Values: TEXT 5.19 +# 5.20 + 5.21 +# Count all bans in the logfile 5.22 +failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST> 5.23 + 5.24 +# Option: ignoreregex 5.25 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 5.26 +# Values: TEXT 5.27 +# 5.28 +# Ignore our own bans, to keep our counts exact. 5.29 +# In your config, name your jail 'fail2ban', or change this line! 5.30 +ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST> 5.31 +
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf Fri Sep 15 21:48:12 2017 +0200 6.3 @@ -0,0 +1,18 @@ 6.4 +# Fail2Ban configuration file 6.5 +# 6.6 +# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> 6.7 +# 6.8 + 6.9 +[Definition] 6.10 + 6.11 +# Option: failregex 6.12 +# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module 6.13 +# Values: TEXT 6.14 +# 6.15 +failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\' 6.16 + 6.17 +# Option: ignoreregex 6.18 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 6.19 +# Values: TEXT 6.20 +# 6.21 +ignoreregex =
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/fail2ban-ipv6/stuff/etc/init.d/fail2ban Fri Sep 15 21:48:12 2017 +0200 7.3 @@ -0,0 +1,59 @@ 7.4 +#!/bin/sh 7.5 +# /etc/init.d/fail2ban: Start, stop and restart Apache web server on SliTaz, 7.6 +# at boot time or with the command line. Daemons options are configured 7.7 +# with /etc/daemons.conf 7.8 +# 7.9 +. /etc/init.d/rc.functions 7.10 +. /etc/daemons.conf 7.11 + 7.12 +NAME=Fail2ban 7.13 +DESC="$(_ '%s server' Fail2ban)" 7.14 +DAEMON=/usr/bin/fail2ban-client 7.15 +OPTIONS= 7.16 +PIDFILE=/var/run/fail2ban/fail2ban.pid 7.17 +SOCKET=/var/run/fail2ban/fail2ban.sock 7.18 + 7.19 +case "$1" in 7.20 + start) 7.21 + if active_pidfile $PIDFILE fail2ban-server ; then 7.22 + _ '%s is already running.' $NAME 7.23 + exit 1 7.24 + fi 7.25 + action 'Starting %s: %s...' "$DESC" $NAME 7.26 + rm -f $SOCKET 7.27 + $DAEMON start >/dev/null 7.28 + status 7.29 + ;; 7.30 + stop) 7.31 + action 'Stopping %s: %s...' "$DESC" $NAME 7.32 + $DAEMON stop 7.33 + rm -f $PIDFILE 7.34 + status 7.35 + ;; 7.36 + reload) 7.37 + if ! active_pidfile $PIDFILE fail2ban-server ; then 7.38 + _ '%s is not running.' $NAME 7.39 + exit 1 7.40 + fi 7.41 + action 'Stopping %s: %s...' "$DESC" $NAME 7.42 + $DAEMON stop 7.43 + status 7.44 + ;; 7.45 + restart) 7.46 + if ! active_pidfile $PIDFILE fail2ban-server ; then 7.47 + _ '%s is not running.' $NAME 7.48 + exit 1 7.49 + fi 7.50 + action 'Restarting %s: %s...' "$DESC" $NAME 7.51 + $0 stop 7.52 + $0 start 7.53 + status 7.54 + ;; 7.55 + *) 7.56 + emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart|reload]" 7.57 + newline 7.58 + exit 1 7.59 + ;; 7.60 +esac 7.61 + 7.62 +exit 0
8.1 --- a/fail2ban/receipt Tue Sep 12 02:02:47 2017 +0300 8.2 +++ b/fail2ban/receipt Fri Sep 15 21:48:12 2017 +0200 8.3 @@ -26,8 +26,8 @@ 8.4 { 8.5 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 8.6 cp -a $install/* $fs 8.7 - sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf 8.8 - sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ 8.9 + sed -i 's/= \\s\*/= \\s*\\S+\\s\*/' $fs/etc/fail2ban/filter.d/common.conf 8.10 + sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 8.11 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 8.12 8.13 cp -a $stuff/etc/fail2ban/ $fs/etc/