From 790ba88d7d12ae8d4e2e604ae307d884ebb42aee Mon Sep 17 00:00:00 2001
From: Martin Winkler <efelon@winklerfamilie.eu>
Date: Thu, 12 Dec 2019 20:58:06 +0100
Subject: [PATCH] Preparation for fail2ban script

---
 seqs/fail2ban/filter.d/ip-blacklist.conf |  6 ++++++
 seqs/fail2ban/filter.d/nextcloud.conf    |  4 ++++
 seqs/fail2ban/ip.blacklist.example       |  1 +
 seqs/fail2ban/jail.d/ip-blacklist.conf   | 18 ++++++++++++++++++
 seqs/fail2ban/jail.d/mail.conf           |  6 ++++++
 seqs/fail2ban/jail.d/nextcloud.conf      |  8 ++++++++
 6 files changed, 43 insertions(+)
 create mode 100644 seqs/fail2ban/filter.d/ip-blacklist.conf
 create mode 100644 seqs/fail2ban/filter.d/nextcloud.conf
 create mode 100644 seqs/fail2ban/ip.blacklist.example
 create mode 100644 seqs/fail2ban/jail.d/ip-blacklist.conf
 create mode 100644 seqs/fail2ban/jail.d/mail.conf
 create mode 100644 seqs/fail2ban/jail.d/nextcloud.conf

diff --git a/seqs/fail2ban/filter.d/ip-blacklist.conf b/seqs/fail2ban/filter.d/ip-blacklist.conf
new file mode 100644
index 0000000..ecb7d9e
--- /dev/null
+++ b/seqs/fail2ban/filter.d/ip-blacklist.conf
@@ -0,0 +1,6 @@
+[Definition]
+
+failregex = ^<HOST> \[.*\]$
+
+ignoreregex =
+
diff --git a/seqs/fail2ban/filter.d/nextcloud.conf b/seqs/fail2ban/filter.d/nextcloud.conf
new file mode 100644
index 0000000..17a3679
--- /dev/null
+++ b/seqs/fail2ban/filter.d/nextcloud.conf
@@ -0,0 +1,4 @@
+[Definition]
+
+failregex = ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
+	    ^.*\"remoteAddr\":\"<HOST>\".*Login failed:.*$		 
diff --git a/seqs/fail2ban/ip.blacklist.example b/seqs/fail2ban/ip.blacklist.example
new file mode 100644
index 0000000..c435094
--- /dev/null
+++ b/seqs/fail2ban/ip.blacklist.example
@@ -0,0 +1 @@
+37.49.224.142 [02/02/2019 09:00:00]
diff --git a/seqs/fail2ban/jail.d/ip-blacklist.conf b/seqs/fail2ban/jail.d/ip-blacklist.conf
new file mode 100644
index 0000000..dcc257f
--- /dev/null
+++ b/seqs/fail2ban/jail.d/ip-blacklist.conf
@@ -0,0 +1,18 @@
+[ip-blacklist]
+
+enabled   = true
+banaction = iptables-allports
+port      = anyport
+filter    = ip-blacklist
+logpath   = /etc/fail2ban/ip.blacklist
+maxretry  = 0
+#findtime  = 15552000
+findtime  = 600
+# infinite ban
+#bantime   = -1 
+# 1 day ban
+#bantime   = 86400 
+# 2 day ban
+bantime   = 172800
+# 10 minute ban
+#bantime   = 600
diff --git a/seqs/fail2ban/jail.d/mail.conf b/seqs/fail2ban/jail.d/mail.conf
new file mode 100644
index 0000000..3db08ef
--- /dev/null
+++ b/seqs/fail2ban/jail.d/mail.conf
@@ -0,0 +1,6 @@
+[dovecot]
+enabled = true
+port = pop3,pop3s,imap,imaps
+filter = dovecot
+logpath = /var/log/mail.info
+maxretry  = 3
diff --git a/seqs/fail2ban/jail.d/nextcloud.conf b/seqs/fail2ban/jail.d/nextcloud.conf
new file mode 100644
index 0000000..3f10c10
--- /dev/null
+++ b/seqs/fail2ban/jail.d/nextcloud.conf
@@ -0,0 +1,8 @@
+[nextcloud]
+enabled  = true
+logpath  = /var/nc_data/nextcloud.log
+port     = http,https
+filter   = nextcloud
+maxretry = 3
+# 1 day ban
+bantime = 86400