wok rev 13225

fail2ban: add fail2ban filter
author Pascal Bellard <pascal.bellard@slitaz.org>
date Mon Aug 13 19:15:01 2012 +0200 (2012-08-13)
parents a13a6c5b176e
children fe7c809fbd7a
files dev86/stuff/com2exe fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf
line diff
     1.1 --- a/dev86/stuff/com2exe	Sun Aug 12 15:55:25 2012 +0200
     1.2 +++ b/dev86/stuff/com2exe	Mon Aug 13 19:15:01 2012 +0200
     1.3 @@ -1,10 +1,10 @@
     1.4  #!/bin/sh
     1.5  
     1.6 -[ ! -s "$1" ] && echo "Usage: $0 file.com > file.exe" && exit 1
     1.7 -S=$(stat -c %s $1)
     1.8 +[ ! -s "$1" ] && echo "Usage: $0 file.com [extra_ss]> file.exe" && exit 1
     1.9 +S=$((32+$(stat -c %s $1)))
    1.10  P=$((($S+511)/512))
    1.11  E=$((4096-(32*$P)))
    1.12 -for i in 0x5A4D $(($S%512)) $P 0 2 $E $E $((($P/128)*256-16)) -2 0 256 -16 28 0 0 0
    1.13 +for i in 0x5A4D $(($S%512)) $P 0 2 $E $E $((${2:-0}-16)) -2 0 256 -16 28 0 0 0
    1.14  do printf '\\\\x%02X\\\\x%02X' $(($i&255)) $((($i>>8)&255)) | xargs echo -en
    1.15  done
    1.16  cat $1
     2.1 --- a/fail2ban/receipt	Sun Aug 12 15:55:25 2012 +0200
     2.2 +++ b/fail2ban/receipt	Mon Aug 13 19:15:01 2012 +0200
     2.3 @@ -26,6 +26,7 @@
     2.4  {
     2.5  	mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
     2.6  	cp -a $install/* $fs
     2.7 +	sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > /etc/fail2ban/filter.d/common.conf
     2.8  	sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
     2.9  		-e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
    2.10  	cat >> $fs/etc/fail2ban/jail.conf <<EOT
    2.11 @@ -38,6 +39,14 @@
    2.12  logpath  = /var/log/messages
    2.13  maxretry = 2
    2.14  
    2.15 +[fail2ban]
    2.16 +enabled  = true
    2.17 +filter   = fail2ban
    2.18 +action   = iptables-allports[name=FAIL2BAN]
    2.19 +logpath  = /var/log/fail2ban.log
    2.20 +maxretry = 5
    2.21 +findtime = 604800
    2.22 +bantime  = 604800
    2.23  EOT
    2.24  	ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
    2.25  	cat > $fs/etc/logrotate.d/fail2ban <<EOT
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf	Mon Aug 13 19:15:01 2012 +0200
     3.3 @@ -0,0 +1,28 @@
     3.4 +# Fail2Ban configuration file
     3.5 +#
     3.6 +# Author: Tom Hendrikx
     3.7 +#
     3.8 +# $Revision: 663 $
     3.9 +#
    3.10 +
    3.11 +[Definition]
    3.12 +
    3.13 +# Option:  failregex
    3.14 +# Notes.:  regex to match the password failures messages in the logfile. The
    3.15 +#          host must be matched by a group named "host". The tag "<HOST>" can
    3.16 +#          be used for standard IP/hostname matching and is only an alias for
    3.17 +#          (?:::f{4,6}:)?(?P<host>\S+)
    3.18 +# Values:  TEXT
    3.19 +#
    3.20 +
    3.21 +# Count all bans in the logfile
    3.22 +failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST>
    3.23 +
    3.24 +# Option:  ignoreregex
    3.25 +# Notes.:  regex to ignore. If this regex matches, the line is ignored.
    3.26 +# Values:  TEXT
    3.27 +#
    3.28 +# Ignore our own bans, to keep our counts exact.
    3.29 +# In your config, name your jail 'fail2ban', or change this line!
    3.30 +ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST>
    3.31 +