Fail2ban for BSD pf
parent: 72c7d821 | patch | commit | ignore whitespace
Thuban
2018-02-26 6bbbca9bb98c8a3c37bfc8795048995c673b795a 
example config file installed
2 files modified
22 ■■■■■ changed files
Makefile 4 ●●●● patch | view | raw | blame | history
vilain.conf 18 ●●●●● patch | view | raw | blame | history 
 Makefile


@@ -21,6 +21,9 @@


    @chmod 755 ${DESTDIR}${PREFIX}/bin/vilainreport


    @chmod 644 ${DESTDIR}${PREFIX}/sbin/vilain.py


    @chmod 644 ${DESTDIR}${PREFIX}/sbin/vilainreport.py


    @echo installing sample config file


    @cp -f vilain.conf /etc/vilain.conf


    @chmod 644 /etc/vilain.conf


    @echo installing init script in /etc/rc.d


    @cp -f vilain.rc /etc/rc.d/vilain


    @chmod 755 /etc/rc.d/vilain


@@ -38,5 +41,6 @@


    @rm -f ${DESTDIR}${PREFIX}/sbin/vilainreport.py


    @echo removing manual page to ${DESTDIR}${MANPREFIX}/


    @rm -f ${DESTDIR}${MANPREFIX}/vilain.1


    @echo Remove configuration file manually if you want, located at /etc/vilain.conf




.PHONY: install uninstall




 vilain.conf


@@ -17,8 +17,7 @@




### Ip ignored ###


[ignoreip]


ip1 = 92.150.160.157


ip2 = 92.150.160.156


ip1 = 127.0.0.1




### Guardians


#[name of the guardian]


@@ -49,22 +48,25 @@


[smtp]


logfile = /var/log/maillog


regex = .* event=failed-command address=([\S]+) .*


maxtries = 2




[dovecot]


logfile = /var/log/maillog


regex = .*auth failed.*rip=([\S]+),.*


maxtries = 2




[wordpress]


# don't use if you have wordpress


logfile = /var/www/logs/access.log


regex = (?:\S+\s){1}(\S+).*wp-login.php.*


maxtries = 1




# Nextcloud: login page


# Nextcloud 12 brings protection against brute-force attacks


# but 1/ not yet tested so far 2/ system protection is probably more efficient


[nextcloud]


logfile = /var/www/htdocs/datacloud/nextcloud.log


regex = .*Bruteforce attempt from \\"(.*)\\" detected


#[nextcloud]


#logfile = /var/www/htdocs/datacloud/nextcloud.log


#regex = .*Bruteforce attempt from \\"(.*)\\" detected




# Nextcloud: public shares protected by password


# regex is compliant with NginX log format:


@@ -72,6 +74,6 @@


#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '


#                        '$status $body_bytes_sent "$http_referer" '


#                        '"$http_user_agent" "$http_x_forwarded_for"';


[nextcloud-share]


logfile = /var/www/logs/access-nextcloud.log


regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200


#[nextcloud-share]


#logfile = /var/www/logs/access-nextcloud.log


#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200