Mercurial > repos > other > Puppet
annotate modules/fail2ban/manifests/init.pp @ 320:99e3ca448d55
Fix Remi PHP on CentOS 8
It uses the new "modules" approach, so we need to use a new
package provider
They also use different signing keys
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 01 Mar 2020 10:58:00 +0000 |
| parents | edd1e3b444e7 |
| children | b0928653dfc2 |
| rev | line source |
|---|---|
| 292 | 1 class fail2ban ( |
| 2 $firewall_cmd, | |
| 3 ) { | |
| 4 package { 'fail2ban': | |
| 5 ensure => installed, | |
| 6 } | |
| 7 service { 'fail2ban': | |
| 8 ensure => running, | |
| 9 enable => true | |
| 10 } | |
| 11 File<| tag == 'fail2ban' |> { | |
| 12 ensure => present, | |
| 13 require => Package['fail2ban'], | |
| 14 notify => Service['fail2ban'], | |
| 15 } | |
| 16 file { '/etc/fail2ban/fail2ban.local': | |
| 17 source => 'puppet:///modules/fail2ban/fail2ban.local', | |
| 18 } | |
| 19 file { '/etc/fail2ban/jail.local': | |
| 20 source => 'puppet:///modules/fail2ban/jail.local', | |
| 21 } | |
| 22 file { '/etc/fail2ban/action.d/apf.conf': | |
| 23 source => 'puppet:///modules/fail2ban/apf.conf', | |
| 24 } | |
| 25 | |
| 26 if $firewall_cmd == 'iptables' { | |
| 27 $firewall_ban_cmd = 'iptables-multiport' | |
| 28 } else { | |
| 29 $firewall_ban_cmd = $firewall_cmd | |
| 30 } | |
| 31 | |
| 32 file { '/etc/fail2ban/action.d/firewall-ban.conf': | |
| 33 ensure => link, | |
| 34 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf", | |
| 35 } | |
| 36 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': | |
| 37 source => 'puppet:///modules/fail2ban/ibb-apache-exploits-instaban.conf', | |
| 38 } | |
| 39 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': | |
| 40 source => 'puppet:///modules/fail2ban/ibb-apache-shellshock.conf', | |
| 41 } | |
| 42 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': | |
| 43 source => 'puppet:///modules/fail2ban/ibb-repeat-offender.conf', | |
| 44 } | |
| 45 file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf': | |
| 46 source => 'puppet:///modules/fail2ban/ibb-repeat-offender-ssh.conf', | |
| 47 } | |
| 48 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf': | |
| 49 source => 'puppet:///modules/fail2ban/ibb-postfix-spammers.conf', | |
| 50 } | |
| 51 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf': | |
| 52 source => 'puppet:///modules/fail2ban/ibb-postfix-malicious.conf', | |
| 53 } | |
| 54 file { '/etc/fail2ban/filter.d/ibb-postfix.conf': | |
| 55 source => 'puppet:///modules/fail2ban/ibb-postfix.conf', | |
| 56 } | |
| 57 file { '/etc/fail2ban/filter.d/ibb-sshd.conf': | |
| 58 source => 'puppet:///modules/fail2ban/ibb-sshd.conf', | |
| 59 } | |
| 60 | |
| 61 $bad_users = [ | |
| 297 | 62 '[^0-9a-zA-Z]+', |
| 292 | 63 '[0-9]+', |
| 297 | 64 '[0-9a-zA-Z]{1,3}', |
| 292 | 65 '([0-9a-z])\2{2,}', |
| 66 'abused', | |
| 67 'adm', | |
| 68 'Admin', | |
| 297 | 69 'admins?[0-9]+', |
| 70 'administr[a-z]+', # administracion, administrador, administradorweb, administrator, etc | |
| 294 | 71 'admissions', |
| 292 | 72 'altibase', |
| 73 'alumni', | |
| 74 'amavisd?', | |
| 295 | 75 'amministratore', |
| 292 | 76 'anwenderschnittstelle', |
| 77 'anonymous', | |
| 78 'ansible', | |
| 79 'aptproxy', | |
| 297 | 80 'apt-mirror', |
| 81 'ark(server)?', | |
| 292 | 82 'asterisk', |
| 297 | 83 'audio', |
| 292 | 84 'auser', |
| 297 | 85 'autologin', |
| 292 | 86 'avahi', |
| 87 'avis', | |
| 88 'backlog', | |
| 89 'backup(s|er|pc|user)?', | |
| 297 | 90 'bash', |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
91 'batch', |
| 297 | 92 'beagleindex', |
| 292 | 93 'bf2', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
94 '.*bitbucket', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
95 'bitcoin', |
| 292 | 96 'bitnami', |
| 97 'bitrix', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
98 'bkroot', |
| 297 | 99 'blog', |
| 292 | 100 'boinc', |
| 101 'botmaster', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
102 'bugzilla', |
| 292 | 103 'build', |
| 104 'buscador', | |
| 105 'cacti(user)?', | |
| 297 | 106 'carrerasoft', |
| 292 | 107 'catchall', |
| 297 | 108 'celery', |
| 292 | 109 'cemergen', |
| 297 | 110 'centos', |
| 292 | 111 'chef', |
| 297 | 112 'cgi', |
| 113 'chromeuser', | |
| 292 | 114 'cinema', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
115 'cinstall', |
| 297 | 116 'cisco', |
| 292 | 117 'clamav', |
| 118 'cliente?[0-9]*', | |
| 119 'clouduser', | |
| 120 'com', | |
| 121 'comercial', | |
| 122 'control', | |
| 123 'couchdb', | |
| 124 'cpanel', | |
| 125 'create', | |
| 126 'cron', | |
| 297 | 127 '(cs(s|go|cz)|arma|mc|tf2?|sdtd|web|pz)-?se?rve?r?', |
| 128 'cs-?go1?', | |
| 129 'CumulusLinux!', | |
| 292 | 130 'cyrus[0-9]*', |
| 131 'daemon', | |
| 132 'danger', | |
| 297 | 133 'darwin', |
| 134 'dasuse?r', | |
| 135 'data', | |
| 292 | 136 'debian(-spamd)?', |
| 137 'default', | |
| 138 'dell', | |
| 297 | 139 'deploy(er)?[0-9]*', |
| 292 | 140 'desktop', |
| 141 'developer', | |
| 297 | 142 'devdata', |
| 292 | 143 'devops', |
| 144 'devteam', | |
| 145 'dietpi', | |
| 297 | 146 'discordbot', |
| 147 'disklessadmin', | |
| 292 | 148 'django', |
| 297 | 149 'dmarc', |
| 150 'dockeruser', | |
| 292 | 151 'dotblot', |
| 152 'download', | |
| 153 'dovecot', | |
| 297 | 154 'dovenull', |
| 294 | 155 'duplicity', |
| 292 | 156 'easy', |
| 157 'ec2-user', | |
| 297 | 158 'ecquser', |
| 292 | 159 'edu(cation)?[0-9]*', |
| 160 'e-shop', | |
| 297 | 161 'elastic', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
162 'elsearch', |
| 292 | 163 'engin(eer)?', |
| 164 'esadmin', | |
| 165 'events', | |
| 166 'exports?', | |
| 167 'facebook', | |
| 168 'factorio', | |
| 169 'fax', | |
| 297 | 170 'fcweb', |
| 171 'fetchmail', | |
| 292 | 172 'filter', |
| 173 'firebird', | |
| 297 | 174 'firefox', |
| 292 | 175 'fuser', |
| 176 'games', | |
| 177 'gdm', | |
| 178 'geniuz', | |
| 297 | 179 'getmail', |
| 292 | 180 'ggc_user', |
| 181 'ghost', | |
| 297 | 182 'git(olite?|blit|lab(_ci)?|admi?n?|use?r)?', |
| 292 | 183 'gmail', |
| 294 | 184 'gmodserver', |
| 185 'gnuhealth', | |
| 292 | 186 'gopher', |
| 297 | 187 'government', |
| 292 | 188 'guest', |
| 189 'hacker', | |
| 190 'hadoop', | |
| 297 | 191 'haldaemon', |
| 292 | 192 'harvard', |
| 297 | 193 'hduser', |
| 194 'headmaster', | |
| 292 | 195 'helpdesk', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
196 'hive', |
| 292 | 197 'home', |
| 198 'host', | |
| 199 'httpd?', | |
| 294 | 200 'httpfs', |
| 292 | 201 'huawei', |
| 297 | 202 'iamroot', |
| 292 | 203 'iceuser', |
| 204 'imscp', | |
| 297 | 205 'info(rmix)?[0-9]*', |
| 206 'installer', | |
| 207 'inventario', | |
| 292 | 208 'java', |
| 209 'jboss', | |
| 210 'jenkins', | |
| 211 'jira', | |
| 297 | 212 'jmeter', |
| 292 | 213 'jsboss', |
| 297 | 214 'juniper', |
| 292 | 215 'kafka', |
| 216 'kodi', | |
| 295 | 217 'kms', |
| 297 | 218 'legacy', |
| 292 | 219 'library', |
| 220 'libsys', | |
| 221 'libuuid', | |
| 222 'linode', | |
| 223 'linux', | |
| 295 | 224 'localadmin', |
| 297 | 225 'logcheck', |
| 292 | 226 'login', |
| 227 'logout', | |
| 295 | 228 'logstash', |
| 297 | 229 'logview(er)?', |
| 230 'lsfadmin', | |
| 292 | 231 'lynx', |
| 297 | 232 'magento', |
| 292 | 233 'mailer', |
| 234 'mailman', | |
| 297 | 235 'mailtest', |
| 292 | 236 'maintain', |
| 237 'majordomo', | |
| 238 'man', | |
| 239 'mantis', | |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
240 'mapruser', |
| 292 | 241 'marketing', |
| 242 'master', | |
| 243 'membership', | |
| 297 | 244 'messagebus', |
| 292 | 245 'minecraft', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
246 'mirc', |
| 292 | 247 'modem', |
| 248 'mongo(db|user)?', | |
| 297 | 249 'monitor(ing)?', |
| 292 | 250 'more', |
| 251 'moher', | |
| 252 'mpiuser', | |
| 297 | 253 'mqadm', |
| 292 | 254 'musi[ck]bot', |
| 297 | 255 '(my?|pg)sq(ue)?l[0-9]*', |
| 292 | 256 'mythtv', |
| 257 'nagios', | |
| 297 | 258 'named', |
| 292 | 259 'nasa', |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
260 'ncs', |
| 297 | 261 'nessus', |
| 262 'netadmin', | |
| 263 'netdiag', | |
| 292 | 264 'netdump', |
| 297 | 265 'network', |
| 292 | 266 'netzplatz', |
| 267 'newadmin', | |
| 295 | 268 'newuser', |
| 292 | 269 'nexus', |
| 297 | 270 'nfinity', |
| 292 | 271 'nfs', |
| 272 '(nfs)?nobody', | |
| 273 'nginx', | |
| 274 'noc', | |
| 297 | 275 'node', |
| 292 | 276 'nothing', |
| 277 'NpC', | |
| 278 'nux', | |
| 279 'odoo', | |
| 280 'odroid', | |
| 297 | 281 'office', |
| 282 'omsagent', | |
| 292 | 283 'onyxeye', |
| 297 | 284 'oozie', |
| 292 | 285 'openbravo', |
| 294 | 286 'openfire', |
| 292 | 287 'openvpn', |
| 288 'operador', | |
| 289 'operator', | |
| 290 'ops(code)?', | |
| 291 'oprofile', | |
| 297 | 292 'ora(cle|prod|vis)[0-9]*', |
| 292 | 293 'osmc', |
| 295 | 294 'owncloud', |
| 292 | 295 'papernet', |
| 297 | 296 'passwo?r?d', |
| 292 | 297 'payments', |
| 298 'pay_?pal', | |
| 294 | 299 'pdfbox', |
| 292 | 300 'pentaho', |
| 297 | 301 'php[0-9]*', |
| 302 'platform', | |
| 292 | 303 'PlcmSpIp(PlcmSpIp)?', |
| 297 | 304 'plex', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
305 'polkitd?', |
| 297 | 306 'popd?3?', |
| 292 | 307 'popuser', |
| 308 'postfix', | |
| 297 | 309 'p0stgr3s', |
| 292 | 310 'postgres', |
| 311 'postmaster', | |
| 297 | 312 'pptpd', |
| 292 | 313 'print', |
| 314 'privoxy', | |
| 315 'proba', | |
| 316 'proxy', | |
| 295 | 317 'public', |
| 292 | 318 'puppet', |
| 319 'qhsupport', | |
| 320 'rabbit(mq)?', | |
| 321 'radiusd?', | |
| 297 | 322 'readonly', |
| 323 'reboot', | |
| 324 'recording', | |
| 292 | 325 'redis', |
| 326 'redmine', | |
| 297 | 327 'remote', |
| 328 'reports', | |
| 292 | 329 'riakcs', |
| 330 'root[0-9]+', | |
| 331 'rpc(user)?', | |
| 297 | 332 'rpm', |
| 292 | 333 'RPM', |
| 334 'rtorrent', | |
| 335 'rustserver', | |
| 336 'sales[0-9]+', | |
| 337 's?bin', | |
| 297 | 338 '(samba|sshd|git|student|tomcat|abc|web|info|(vpn|appl?|my|db)?(dev|use?r|server|man|manager|mgr)|account)[0-9]*', |
| 292 | 339 'saslauth', |
| 297 | 340 'scan(n?er)?', |
| 292 | 341 'screen', |
| 342 'search', | |
| 297 | 343 'sekretariat', |
| 294 | 344 'serverpilot', |
| 292 | 345 'service', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
346 'setup', |
| 297 | 347 '(s|u|ams|admin|inss|pro|web)?ftp(d|[_-]?use?r|home|_?test|immo)?[0-9]*', |
| 292 | 348 'sftponly', |
| 349 'shell', | |
| 350 'shop', | |
| 297 | 351 'sinusbot[0-9]*', |
| 352 'smbguest', | |
| 353 'smbuse?r', | |
| 292 | 354 'smmsp', |
| 355 'socket', | |
| 356 'software', | |
| 357 'solarus', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
358 'speech-dispatcher', |
| 292 | 359 'splunk', |
| 297 | 360 'sprummlbot', |
| 292 | 361 'squid', |
| 297 | 362 'squirrelmail[0-9]+', |
| 363 'srvadmin', | |
| 292 | 364 'sshusr', |
| 365 'staffc', | |
| 366 'steam(cmd)?', | |
| 367 'store', | |
| 297 | 368 'stunnel', |
| 292 | 369 'superuser', |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
370 'suporte', |
| 292 | 371 'support', |
| 297 | 372 'svn(root)?', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
373 'sybase', |
| 297 | 374 'sync[0-9]*', |
| 292 | 375 'sysadmin', |
| 376 'system', | |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
377 'teamspeak[234]?(-?use?r)?', |
| 292 | 378 'telkom', |
| 297 | 379 'telnetd?', |
| 380 'te?mp(use?r)?[0-9]*', | |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
381 'test((er?|ing|ftp|man|linux|use?r|u)[0-9]*|[0-9]+)?', |
| 292 | 382 '(test)?username', |
| 383 'text', | |
| 384 'tomcat', | |
| 385 'tools', | |
| 386 'toor', | |
| 297 | 387 'ts[23](se?rv(er)?|(musi[ck])?bot|sleep)?', |
| 388 'tss', | |
| 292 | 389 'tunstall', |
| 390 'ubnt', | |
| 391 'ubuntu', | |
| 392 'unity', | |
| 297 | 393 'universitaetsrechenzentrum', # University Computing Center |
| 394 'upload[0-9]*', | |
| 395 'user[0-9]*', | |
| 292 | 396 'USERID', |
| 297 | 397 'username', |
| 292 | 398 'usuario', |
| 399 'uucp', | |
| 400 'vagrant', | |
| 401 'vbox', | |
| 402 'ventrilo', | |
| 403 'vhbackup', | |
| 404 'virusalter', | |
| 405 'vmadmin', | |
| 406 'vmail', | |
| 297 | 407 'vscan', |
| 292 | 408 'vyatta', |
| 409 'wanadoo', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
410 'web', |
| 292 | 411 'weblogic', |
| 412 'webmaster', | |
| 297 | 413 'webportal', |
| 292 | 414 'WinD3str0y', |
| 415 'wine', | |
| 297 | 416 'wordpress', |
| 292 | 417 'wp-?user', |
| 418 'write', | |
| 419 'www', | |
| 297 | 420 'wwAdmin', |
| 421 '(www|web|coin|fax|sys|db2|rsync|tc)-?(adm(in)?|run|users?|data|[0-9]+)', | |
| 292 | 422 'xbian', |
| 423 'xbot', | |
| 297 | 424 'xmpp', |
| 292 | 425 'xoadmin', |
| 426 'yahoo', | |
| 427 'yarn', | |
| 428 'zabbix', | |
| 429 'zimbra', | |
| 430 'zookeeper', | |
| 297 | 431 # And some passwords that turned up as usernames |
| 432 '1q2w3e4r', | |
| 433 'abc123', | |
| 292 | 434 '0fordn1on@#\$%%\^&', |
| 435 'P@\$\$w0rd', | |
| 297 | 436 'P@ssword1!', |
| 437 'Passwd123', | |
| 438 'pass123?4?', | |
| 439 'qwer?[0-9]+', | |
| 292 | 440 ] |
| 441 | |
| 442 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf': | |
| 443 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }), | |
| 444 } | |
| 445 # Because one of our rules checks fail2ban's log, but the service dies without the file | |
| 446 file { '/var/log/fail2ban.log': | |
| 447 ensure => present, | |
| 448 owner => 'root', | |
| 449 group => 'root', | |
| 450 mode => '0600', | |
| 451 } | |
| 452 } |