Adding sequence for fail2ban finally and updating supporting files

seqs/fail2ban.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+toolName=fail2ban
+toolDeps="$toolName"
+toolConfDir="/etc/fail2ban"
+toolConfLoc="$toolConfDir/jail.local"
+toolFilter="$toolConfDir/filter.d"
+toolJails="$toolConfDir/jail.d"
+
+# Get script working directory
+# (when called from a different directory)
+WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
+CONFIG=0
+CONFIG_FILE_NAME="${toolName}.cfg"
+CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
+CONFIG_DIR="$WDIR/fail2ban"
+CONFIG_FILTER="$CONFIG_DIR/filter.d"
+CONFIG_JAILS="$CONFIG_DIR/jail.d"
+
+#step_config() {
+#  echo "Called once before executing steps."
+#  ## e.g. to source a config file manually:
+#  #. "$CONFIG_FILE"
+#  ## or to use sequencer api:
+#  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
+#  #if [ $? -eq 0 ] ; then
+#  #  CONFIG=1
+#  #fi
+#}
+
+step_1_info() { echo "Install $toolName"; }
+step_1_alias() { ALIAS="install"; }
+step_1() {
+  local aptOpt=
+  if [ $QUIET -ne 0 ];then
+    aptOpt="-y"
+  fi
+
+  exe apt update
+  exe apt install $toolDeps $aptOpt
+}
+
+step_2_info() { echo "Base jail configuration to use ufw"; }
+step_2_alias() { ALIAS="config"; }
+step_2() {
+  echo " [I] Create local configuration";
+  addConf -f "$failConfLocal" "$toolConfLoc"
+  exe service $toolName restart
+}
+failConfLocal="[DEFAULT]
+
+banaction = ufw
+banaction_multiport = ufw
+ignoreip = 127.0.0.1/8 ::1"
+
+step_3_info() { echo "Add basic ip-blacklist"; }
+step_3_alias() { ALIAS="blacklist"; }
+step_3() {
+  echo " [I] Adding filter"
+  addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename $ipBlackListFilter)"
+  addConf -s -f "$ipBlackListJail" "$toolJails/$(basename $ipBlackListJail)"
+  addConf -s -f "$ipBlackList" "$toolConfDir/$(basename $ipBlackList)"
+  exe service $toolName restart
+}
+ipBlackList="$CONFIG_DIR/ip.blacklist"
+ipBlackListJail="$CONFIG_JAILS/ip-blacklist.conf"
+ipBlackListFilter="$CONFIG_FILTER/ip-blacklist.conf"
+
+step_20_info() { echo "Install mailserver jail"; }
+step_20_alias() { ALIAS="mail"; }
+step_20() {
+  addConf -s -f "$mailJail" "$toolJails/$(basename $mailJail)"
+  exe service $toolName restart
+}
+mailJail="$CONFIG_JAILS/mail.conf"
+
+VERSION_SEQREV=11
+. /usr/local/bin/sequencer.sh

seqs/fail2ban/filter.d/ip-blacklist.conf

@@ -1,5 +1,7 @@
 [Definition]
 
+datepattern = %%Y/%%m/%%d %%H:%%M(?::%%S)?
+
 failregex = ^<HOST> \[.*\]$
 
 ignoreregex =

seqs/fail2ban/ip.blacklist

@@ -0,0 +1,2 @@
+#37.49.224.142 [2021/05/23 09:00]
+#37.49.224.142 [2021/05/23 16:00:00]

seqs/fail2ban/ip.blacklist.example

@@ -1 +0,0 @@
-37.49.224.142 [02/02/2019 09:00:00]

seqs/fail2ban/jail.d/ip-blacklist.conf

@@ -1,18 +1,16 @@
 [ip-blacklist]
 
 enabled   = true
-banaction = iptables-allports
 port      = anyport
 filter    = ip-blacklist
 logpath   = /etc/fail2ban/ip.blacklist
 maxretry  = 0
-#findtime  = 15552000
 findtime  = 600
 # infinite ban
 #bantime   = -1 
 # 1 day ban
-#bantime   = 86400 
+#bantime   = 24h 
 # 2 day ban
-bantime   = 172800
+bantime   = 48h 
 # 10 minute ban
-#bantime   = 600
+#bantime   = 10m

seqs/fail2ban/jail.d/mail.conf

@@ -1,6 +1,21 @@
 [dovecot]
-enabled = true
-port = pop3,pop3s,imap,imaps
-filter = dovecot
-logpath = /var/log/mail.info
-maxretry  = 3
+enabled  = true
+port     = smtp,ssmtp,pop3,pop3s,imap,imap2,imaps
+filter   = dovecot
+logpath  = /var/log/mail.log
+maxretry = 3
+bantime  = 24h
+
+[postfix]
+enabled  = true
+port     = smtp,ssmtp
+filter   = postfix
+logpath  = /var/log/mail.log
+maxretry = 3
+
+[postfix-sasl]
+enabled  = true
+port     = smtp,ssmtp,imap2,imaps,pop3,pop3s
+filter   = postfix[mode=auth]
+logpath  = /var/log/mail.log
+maxretry = 3

seqs/fail2ban/jail.d/nextcloud.conf

@@ -4,5 +4,4 @@ logpath  = /var/nc_data/nextcloud.log
 port     = http,https
 filter   = nextcloud
 maxretry = 3
-# 1 day ban
-bantime = 86400 
+bantime  = 24h