wok rev 13225
fail2ban: add fail2ban filter
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Mon Aug 13 19:15:01 2012 +0200 (2012-08-13) |
parents | a13a6c5b176e |
children | fe7c809fbd7a |
files | dev86/stuff/com2exe fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf |
line diff
1.1 --- a/dev86/stuff/com2exe Sun Aug 12 15:55:25 2012 +0200 1.2 +++ b/dev86/stuff/com2exe Mon Aug 13 19:15:01 2012 +0200 1.3 @@ -1,10 +1,10 @@ 1.4 #!/bin/sh 1.5 1.6 -[ ! -s "$1" ] && echo "Usage: $0 file.com > file.exe" && exit 1 1.7 -S=$(stat -c %s $1) 1.8 +[ ! -s "$1" ] && echo "Usage: $0 file.com [extra_ss]> file.exe" && exit 1 1.9 +S=$((32+$(stat -c %s $1))) 1.10 P=$((($S+511)/512)) 1.11 E=$((4096-(32*$P))) 1.12 -for i in 0x5A4D $(($S%512)) $P 0 2 $E $E $((($P/128)*256-16)) -2 0 256 -16 28 0 0 0 1.13 +for i in 0x5A4D $(($S%512)) $P 0 2 $E $E $((${2:-0}-16)) -2 0 256 -16 28 0 0 0 1.14 do printf '\\\\x%02X\\\\x%02X' $(($i&255)) $((($i>>8)&255)) | xargs echo -en 1.15 done 1.16 cat $1
2.1 --- a/fail2ban/receipt Sun Aug 12 15:55:25 2012 +0200 2.2 +++ b/fail2ban/receipt Mon Aug 13 19:15:01 2012 +0200 2.3 @@ -26,6 +26,7 @@ 2.4 { 2.5 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 2.6 cp -a $install/* $fs 2.7 + sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > /etc/fail2ban/filter.d/common.conf 2.8 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ 2.9 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 2.10 cat >> $fs/etc/fail2ban/jail.conf <<EOT 2.11 @@ -38,6 +39,14 @@ 2.12 logpath = /var/log/messages 2.13 maxretry = 2 2.14 2.15 +[fail2ban] 2.16 +enabled = true 2.17 +filter = fail2ban 2.18 +action = iptables-allports[name=FAIL2BAN] 2.19 +logpath = /var/log/fail2ban.log 2.20 +maxretry = 5 2.21 +findtime = 604800 2.22 +bantime = 604800 2.23 EOT 2.24 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 2.25 cat > $fs/etc/logrotate.d/fail2ban <<EOT
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf Mon Aug 13 19:15:01 2012 +0200 3.3 @@ -0,0 +1,28 @@ 3.4 +# Fail2Ban configuration file 3.5 +# 3.6 +# Author: Tom Hendrikx 3.7 +# 3.8 +# $Revision: 663 $ 3.9 +# 3.10 + 3.11 +[Definition] 3.12 + 3.13 +# Option: failregex 3.14 +# Notes.: regex to match the password failures messages in the logfile. The 3.15 +# host must be matched by a group named "host". The tag "<HOST>" can 3.16 +# be used for standard IP/hostname matching and is only an alias for 3.17 +# (?:::f{4,6}:)?(?P<host>\S+) 3.18 +# Values: TEXT 3.19 +# 3.20 + 3.21 +# Count all bans in the logfile 3.22 +failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST> 3.23 + 3.24 +# Option: ignoreregex 3.25 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 3.26 +# Values: TEXT 3.27 +# 3.28 +# Ignore our own bans, to keep our counts exact. 3.29 +# In your config, name your jail 'fail2ban', or change this line! 3.30 +ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST> 3.31 +