From 9c9af7f7f4ffba42e73dbce5e787f7bcad9208d3 Mon Sep 17 00:00:00 2001 From: Martin Winkler Date: Thu, 14 Jan 2021 21:13:38 +0100 Subject: [PATCH] Adding sequence for fail2ban finally and updating supporting files --- seqs/fail2ban.sh | 78 ++++++++++++++++++++++++ seqs/fail2ban/filter.d/ip-blacklist.conf | 2 + seqs/fail2ban/ip.blacklist | 2 + seqs/fail2ban/ip.blacklist.example | 1 - seqs/fail2ban/jail.d/ip-blacklist.conf | 8 +-- seqs/fail2ban/jail.d/mail.conf | 25 ++++++-- seqs/fail2ban/jail.d/nextcloud.conf | 3 +- 7 files changed, 106 insertions(+), 13 deletions(-) create mode 100755 seqs/fail2ban.sh create mode 100644 seqs/fail2ban/ip.blacklist delete mode 100644 seqs/fail2ban/ip.blacklist.example diff --git a/seqs/fail2ban.sh b/seqs/fail2ban.sh new file mode 100755 index 0000000..05e79ec --- /dev/null +++ b/seqs/fail2ban.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +toolName=fail2ban +toolDeps="$toolName" +toolConfDir="/etc/fail2ban" +toolConfLoc="$toolConfDir/jail.local" +toolFilter="$toolConfDir/filter.d" +toolJails="$toolConfDir/jail.d" + +# Get script working directory +# (when called from a different directory) +WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" +CONFIG=0 +CONFIG_FILE_NAME="${toolName}.cfg" +CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example" +CONFIG_DIR="$WDIR/fail2ban" +CONFIG_FILTER="$CONFIG_DIR/filter.d" +CONFIG_JAILS="$CONFIG_DIR/jail.d" + +#step_config() { +# echo "Called once before executing steps." +# ## e.g. to source a config file manually: +# #. "$CONFIG_FILE" +# ## or to use sequencer api: +# #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE" +# #if [ $? -eq 0 ] ; then +# # CONFIG=1 +# #fi +#} + +step_1_info() { echo "Install $toolName"; } +step_1_alias() { ALIAS="install"; } +step_1() { + local aptOpt= + if [ $QUIET -ne 0 ];then + aptOpt="-y" + fi + + exe apt update + exe apt install $toolDeps $aptOpt +} + +step_2_info() { echo "Base jail configuration to use ufw"; } +step_2_alias() { ALIAS="config"; } +step_2() { + echo " [I] Create local configuration"; + addConf -f "$failConfLocal" "$toolConfLoc" + exe service $toolName restart +} +failConfLocal="[DEFAULT] + +banaction = ufw +banaction_multiport = ufw +ignoreip = 127.0.0.1/8 ::1" + +step_3_info() { echo "Add basic ip-blacklist"; } +step_3_alias() { ALIAS="blacklist"; } +step_3() { + echo " [I] Adding filter" + addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename $ipBlackListFilter)" + addConf -s -f "$ipBlackListJail" "$toolJails/$(basename $ipBlackListJail)" + addConf -s -f "$ipBlackList" "$toolConfDir/$(basename $ipBlackList)" + exe service $toolName restart +} +ipBlackList="$CONFIG_DIR/ip.blacklist" +ipBlackListJail="$CONFIG_JAILS/ip-blacklist.conf" +ipBlackListFilter="$CONFIG_FILTER/ip-blacklist.conf" + +step_20_info() { echo "Install mailserver jail"; } +step_20_alias() { ALIAS="mail"; } +step_20() { + addConf -s -f "$mailJail" "$toolJails/$(basename $mailJail)" + exe service $toolName restart +} +mailJail="$CONFIG_JAILS/mail.conf" + +VERSION_SEQREV=11 +. /usr/local/bin/sequencer.sh diff --git a/seqs/fail2ban/filter.d/ip-blacklist.conf b/seqs/fail2ban/filter.d/ip-blacklist.conf index ecb7d9e..766021e 100644 --- a/seqs/fail2ban/filter.d/ip-blacklist.conf +++ b/seqs/fail2ban/filter.d/ip-blacklist.conf @@ -1,5 +1,7 @@ [Definition] +datepattern = %%Y/%%m/%%d %%H:%%M(?::%%S)? + failregex = ^ \[.*\]$ ignoreregex = diff --git a/seqs/fail2ban/ip.blacklist b/seqs/fail2ban/ip.blacklist new file mode 100644 index 0000000..ea349e2 --- /dev/null +++ b/seqs/fail2ban/ip.blacklist @@ -0,0 +1,2 @@ +#37.49.224.142 [2021/05/23 09:00] +#37.49.224.142 [2021/05/23 16:00:00] diff --git a/seqs/fail2ban/ip.blacklist.example b/seqs/fail2ban/ip.blacklist.example deleted file mode 100644 index c435094..0000000 --- a/seqs/fail2ban/ip.blacklist.example +++ /dev/null @@ -1 +0,0 @@ -37.49.224.142 [02/02/2019 09:00:00] diff --git a/seqs/fail2ban/jail.d/ip-blacklist.conf b/seqs/fail2ban/jail.d/ip-blacklist.conf index dcc257f..f845605 100644 --- a/seqs/fail2ban/jail.d/ip-blacklist.conf +++ b/seqs/fail2ban/jail.d/ip-blacklist.conf @@ -1,18 +1,16 @@ [ip-blacklist] enabled = true -banaction = iptables-allports port = anyport filter = ip-blacklist logpath = /etc/fail2ban/ip.blacklist maxretry = 0 -#findtime = 15552000 findtime = 600 # infinite ban #bantime = -1 # 1 day ban -#bantime = 86400 +#bantime = 24h # 2 day ban -bantime = 172800 +bantime = 48h # 10 minute ban -#bantime = 600 +#bantime = 10m diff --git a/seqs/fail2ban/jail.d/mail.conf b/seqs/fail2ban/jail.d/mail.conf index 3db08ef..4af4f21 100644 --- a/seqs/fail2ban/jail.d/mail.conf +++ b/seqs/fail2ban/jail.d/mail.conf @@ -1,6 +1,21 @@ [dovecot] -enabled = true -port = pop3,pop3s,imap,imaps -filter = dovecot -logpath = /var/log/mail.info -maxretry = 3 +enabled = true +port = smtp,ssmtp,pop3,pop3s,imap,imap2,imaps +filter = dovecot +logpath = /var/log/mail.log +maxretry = 3 +bantime = 24h + +[postfix] +enabled = true +port = smtp,ssmtp +filter = postfix +logpath = /var/log/mail.log +maxretry = 3 + +[postfix-sasl] +enabled = true +port = smtp,ssmtp,imap2,imaps,pop3,pop3s +filter = postfix[mode=auth] +logpath = /var/log/mail.log +maxretry = 3 diff --git a/seqs/fail2ban/jail.d/nextcloud.conf b/seqs/fail2ban/jail.d/nextcloud.conf index 3f10c10..7f6f2bc 100644 --- a/seqs/fail2ban/jail.d/nextcloud.conf +++ b/seqs/fail2ban/jail.d/nextcloud.conf @@ -4,5 +4,4 @@ logpath = /var/nc_data/nextcloud.log port = http,https filter = nextcloud maxretry = 3 -# 1 day ban -bantime = 86400 +bantime = 24h