Mercurial > repos > other > Puppet
annotate modules/fail2ban/manifests/init.pp @ 337:a79ad974a548
Implement fail2ban for Apache as mod_rewrite
We can't use pure iptables because IPv4 requests come through our
proxy. BUT we're using PROXY, so Apache sees the true IP.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 16 May 2020 14:05:09 +0100 |
| parents | b0928653dfc2 |
| children | 3a1b19f6a054 |
| rev | line source |
|---|---|
| 292 | 1 class fail2ban ( |
| 2 $firewall_cmd, | |
| 3 ) { | |
| 4 package { 'fail2ban': | |
| 5 ensure => installed, | |
| 6 } | |
| 7 service { 'fail2ban': | |
| 8 ensure => running, | |
| 9 enable => true | |
| 10 } | |
| 11 File<| tag == 'fail2ban' |> { | |
| 12 ensure => present, | |
| 13 require => Package['fail2ban'], | |
| 14 notify => Service['fail2ban'], | |
| 15 } | |
| 16 file { '/etc/fail2ban/fail2ban.local': | |
| 17 source => 'puppet:///modules/fail2ban/fail2ban.local', | |
| 18 } | |
| 19 file { '/etc/fail2ban/jail.local': | |
| 20 source => 'puppet:///modules/fail2ban/jail.local', | |
| 21 } | |
| 22 file { '/etc/fail2ban/action.d/apf.conf': | |
| 23 source => 'puppet:///modules/fail2ban/apf.conf', | |
| 24 } | |
| 25 | |
| 26 if $firewall_cmd == 'iptables' { | |
| 27 $firewall_ban_cmd = 'iptables-multiport' | |
| 28 } else { | |
| 29 $firewall_ban_cmd = $firewall_cmd | |
| 30 } | |
|
337
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
31 # Create an empty banlist file if it doesn't exist |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
32 exec { 'httxt2dbm -i /dev/null -o /etc/httpd/conf.custom/apache_banlist.db': |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
33 path => '/usr/bin', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
34 unless => 'test -f /etc/httpd/conf.custom/apache_banlist.db', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
35 before => Service['httpd'], |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
36 } |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
37 file { '/tmp/apache_banlist.txt': |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
38 ensure => present, |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
39 seltype => 'httpd_config_t', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
40 } |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
41 # And let the httxt2dbm process work the rest of the time |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
42 file { '/etc/selinux/apache-ip-banlist.pp': |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
43 source => 'puppet:///modules/fail2ban/apache-ip-banlist.pp', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
44 } ~> |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
45 exec { 'semodule -i /etc/selinux/apache-ip-banlist.pp': |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
46 path => '/usr/sbin', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
47 refreshonly => true, |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
48 } |
| 292 | 49 file { '/etc/fail2ban/action.d/firewall-ban.conf': |
| 50 ensure => link, | |
| 51 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf", | |
| 52 } | |
|
337
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
53 file { '/etc/fail2ban/action.d/ibb-apache-ip-block.conf': |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
54 source => 'puppet:///modules/fail2ban/ibb-apache-ip-block.conf', |
|
a79ad974a548
Implement fail2ban for Apache as mod_rewrite
IBBoard <dev@ibboard.co.uk>
parents:
324
diff
changeset
|
55 } |
| 292 | 56 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': |
| 57 source => 'puppet:///modules/fail2ban/ibb-apache-exploits-instaban.conf', | |
| 58 } | |
| 59 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': | |
| 60 source => 'puppet:///modules/fail2ban/ibb-apache-shellshock.conf', | |
| 61 } | |
| 62 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': | |
| 63 source => 'puppet:///modules/fail2ban/ibb-repeat-offender.conf', | |
| 64 } | |
| 65 file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf': | |
| 66 source => 'puppet:///modules/fail2ban/ibb-repeat-offender-ssh.conf', | |
| 67 } | |
| 68 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf': | |
| 69 source => 'puppet:///modules/fail2ban/ibb-postfix-spammers.conf', | |
| 70 } | |
| 71 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf': | |
| 72 source => 'puppet:///modules/fail2ban/ibb-postfix-malicious.conf', | |
| 73 } | |
| 74 file { '/etc/fail2ban/filter.d/ibb-postfix.conf': | |
| 75 source => 'puppet:///modules/fail2ban/ibb-postfix.conf', | |
| 76 } | |
| 77 file { '/etc/fail2ban/filter.d/ibb-sshd.conf': | |
| 78 source => 'puppet:///modules/fail2ban/ibb-sshd.conf', | |
| 79 } | |
| 80 | |
| 81 $bad_users = [ | |
| 297 | 82 '[^0-9a-zA-Z]+', |
| 292 | 83 '[0-9]+', |
| 297 | 84 '[0-9a-zA-Z]{1,3}', |
| 292 | 85 '([0-9a-z])\2{2,}', |
| 86 'abused', | |
| 87 'adm', | |
| 88 'Admin', | |
| 297 | 89 'admins?[0-9]+', |
| 90 'administr[a-z]+', # administracion, administrador, administradorweb, administrator, etc | |
| 294 | 91 'admissions', |
| 292 | 92 'altibase', |
| 93 'alumni', | |
| 94 'amavisd?', | |
| 295 | 95 'amministratore', |
| 292 | 96 'anwenderschnittstelle', |
| 97 'anonymous', | |
| 98 'ansible', | |
| 99 'aptproxy', | |
| 297 | 100 'apt-mirror', |
| 101 'ark(server)?', | |
| 292 | 102 'asterisk', |
| 297 | 103 'audio', |
| 292 | 104 'auser', |
| 297 | 105 'autologin', |
| 292 | 106 'avahi', |
| 107 'avis', | |
| 108 'backlog', | |
| 109 'backup(s|er|pc|user)?', | |
| 297 | 110 'bash', |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
111 'batch', |
| 297 | 112 'beagleindex', |
| 292 | 113 'bf2', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
114 '.*bitbucket', |
|
324
b0928653dfc2
Blacklist more users, including sshd, ftpadmin and a cPanel tool
IBBoard <dev@ibboard.co.uk>
parents:
308
diff
changeset
|
115 'bind', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
116 'bitcoin', |
| 292 | 117 'bitnami', |
| 118 'bitrix', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
119 'bkroot', |
| 297 | 120 'blog', |
| 292 | 121 'boinc', |
| 122 'botmaster', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
123 'bugzilla', |
| 292 | 124 'build', |
| 125 'buscador', | |
| 126 'cacti(user)?', | |
| 297 | 127 'carrerasoft', |
| 292 | 128 'catchall', |
| 297 | 129 'celery', |
| 292 | 130 'cemergen', |
| 297 | 131 'centos', |
| 292 | 132 'chef', |
| 297 | 133 'cgi', |
| 134 'chromeuser', | |
| 292 | 135 'cinema', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
136 'cinstall', |
| 297 | 137 'cisco', |
| 292 | 138 'clamav', |
| 139 'cliente?[0-9]*', | |
| 140 'clouduser', | |
| 141 'com', | |
| 142 'comercial', | |
| 143 'control', | |
| 144 'couchdb', | |
| 145 'cpanel', | |
|
324
b0928653dfc2
Blacklist more users, including sshd, ftpadmin and a cPanel tool
IBBoard <dev@ibboard.co.uk>
parents:
308
diff
changeset
|
146 'cpanelrrdtool', |
| 292 | 147 'create', |
| 148 'cron', | |
| 297 | 149 '(cs(s|go|cz)|arma|mc|tf2?|sdtd|web|pz)-?se?rve?r?', |
| 150 'cs-?go1?', | |
| 151 'CumulusLinux!', | |
| 292 | 152 'cyrus[0-9]*', |
| 153 'daemon', | |
| 154 'danger', | |
| 297 | 155 'darwin', |
| 156 'dasuse?r', | |
| 157 'data', | |
| 292 | 158 'debian(-spamd)?', |
| 159 'default', | |
| 160 'dell', | |
| 297 | 161 'deploy(er)?[0-9]*', |
| 292 | 162 'desktop', |
| 163 'developer', | |
| 297 | 164 'devdata', |
| 292 | 165 'devops', |
| 166 'devteam', | |
| 167 'dietpi', | |
| 297 | 168 'discordbot', |
| 169 'disklessadmin', | |
| 292 | 170 'django', |
| 297 | 171 'dmarc', |
| 172 'dockeruser', | |
| 292 | 173 'dotblot', |
| 174 'download', | |
| 175 'dovecot', | |
| 297 | 176 'dovenull', |
| 294 | 177 'duplicity', |
| 292 | 178 'easy', |
| 179 'ec2-user', | |
| 297 | 180 'ecquser', |
| 292 | 181 'edu(cation)?[0-9]*', |
| 182 'e-shop', | |
| 297 | 183 'elastic', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
184 'elsearch', |
| 292 | 185 'engin(eer)?', |
| 186 'esadmin', | |
| 187 'events', | |
| 188 'exports?', | |
| 189 'facebook', | |
| 190 'factorio', | |
| 191 'fax', | |
| 297 | 192 'fcweb', |
| 193 'fetchmail', | |
| 292 | 194 'filter', |
| 195 'firebird', | |
| 297 | 196 'firefox', |
|
324
b0928653dfc2
Blacklist more users, including sshd, ftpadmin and a cPanel tool
IBBoard <dev@ibboard.co.uk>
parents:
308
diff
changeset
|
197 'ftp(admin)?', |
| 292 | 198 'fuser', |
| 199 'games', | |
| 200 'gdm', | |
| 201 'geniuz', | |
| 297 | 202 'getmail', |
| 292 | 203 'ggc_user', |
| 204 'ghost', | |
| 297 | 205 'git(olite?|blit|lab(_ci)?|admi?n?|use?r)?', |
| 292 | 206 'gmail', |
| 294 | 207 'gmodserver', |
| 208 'gnuhealth', | |
| 292 | 209 'gopher', |
| 297 | 210 'government', |
| 292 | 211 'guest', |
| 212 'hacker', | |
| 213 'hadoop', | |
| 297 | 214 'haldaemon', |
| 292 | 215 'harvard', |
| 297 | 216 'hduser', |
| 217 'headmaster', | |
| 292 | 218 'helpdesk', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
219 'hive', |
| 292 | 220 'home', |
| 221 'host', | |
| 222 'httpd?', | |
| 294 | 223 'httpfs', |
| 292 | 224 'huawei', |
| 297 | 225 'iamroot', |
| 292 | 226 'iceuser', |
| 227 'imscp', | |
| 297 | 228 'info(rmix)?[0-9]*', |
| 229 'installer', | |
| 230 'inventario', | |
| 292 | 231 'java', |
| 232 'jboss', | |
| 233 'jenkins', | |
| 234 'jira', | |
| 297 | 235 'jmeter', |
| 292 | 236 'jsboss', |
| 297 | 237 'juniper', |
| 292 | 238 'kafka', |
| 239 'kodi', | |
| 295 | 240 'kms', |
| 297 | 241 'legacy', |
| 292 | 242 'library', |
| 243 'libsys', | |
| 244 'libuuid', | |
| 245 'linode', | |
| 246 'linux', | |
| 295 | 247 'localadmin', |
| 297 | 248 'logcheck', |
| 292 | 249 'login', |
| 250 'logout', | |
| 295 | 251 'logstash', |
| 297 | 252 'logview(er)?', |
| 253 'lsfadmin', | |
| 292 | 254 'lynx', |
| 297 | 255 'magento', |
| 292 | 256 'mailer', |
| 257 'mailman', | |
| 297 | 258 'mailtest', |
| 292 | 259 'maintain', |
| 260 'majordomo', | |
| 261 'man', | |
| 262 'mantis', | |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
263 'mapruser', |
| 292 | 264 'marketing', |
| 265 'master', | |
| 266 'membership', | |
| 297 | 267 'messagebus', |
| 292 | 268 'minecraft', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
269 'mirc', |
| 292 | 270 'modem', |
| 271 'mongo(db|user)?', | |
| 297 | 272 'monitor(ing)?', |
| 292 | 273 'more', |
| 274 'moher', | |
| 275 'mpiuser', | |
| 297 | 276 'mqadm', |
| 292 | 277 'musi[ck]bot', |
| 297 | 278 '(my?|pg)sq(ue)?l[0-9]*', |
| 292 | 279 'mythtv', |
| 280 'nagios', | |
| 297 | 281 'named', |
| 292 | 282 'nasa', |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
283 'ncs', |
| 297 | 284 'nessus', |
| 285 'netadmin', | |
| 286 'netdiag', | |
| 292 | 287 'netdump', |
| 297 | 288 'network', |
| 292 | 289 'netzplatz', |
| 290 'newadmin', | |
| 295 | 291 'newuser', |
| 292 | 292 'nexus', |
| 297 | 293 'nfinity', |
| 292 | 294 'nfs', |
| 295 '(nfs)?nobody', | |
| 296 'nginx', | |
| 297 'noc', | |
| 297 | 298 'node', |
| 292 | 299 'nothing', |
| 300 'NpC', | |
| 301 'nux', | |
| 302 'odoo', | |
| 303 'odroid', | |
| 297 | 304 'office', |
| 305 'omsagent', | |
| 292 | 306 'onyxeye', |
| 297 | 307 'oozie', |
| 292 | 308 'openbravo', |
| 294 | 309 'openfire', |
| 292 | 310 'openvpn', |
| 311 'operador', | |
| 312 'operator', | |
| 313 'ops(code)?', | |
| 314 'oprofile', | |
| 297 | 315 'ora(cle|prod|vis)[0-9]*', |
| 292 | 316 'osmc', |
| 295 | 317 'owncloud', |
| 292 | 318 'papernet', |
| 297 | 319 'passwo?r?d', |
| 292 | 320 'payments', |
| 321 'pay_?pal', | |
| 294 | 322 'pdfbox', |
| 292 | 323 'pentaho', |
| 297 | 324 'php[0-9]*', |
| 325 'platform', | |
| 292 | 326 'PlcmSpIp(PlcmSpIp)?', |
| 297 | 327 'plex', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
328 'polkitd?', |
| 297 | 329 'popd?3?', |
| 292 | 330 'popuser', |
| 331 'postfix', | |
| 297 | 332 'p0stgr3s', |
| 292 | 333 'postgres', |
| 334 'postmaster', | |
| 297 | 335 'pptpd', |
| 292 | 336 'print', |
| 337 'privoxy', | |
| 338 'proba', | |
| 339 'proxy', | |
| 295 | 340 'public', |
| 292 | 341 'puppet', |
| 342 'qhsupport', | |
| 343 'rabbit(mq)?', | |
| 344 'radiusd?', | |
| 297 | 345 'readonly', |
| 346 'reboot', | |
| 347 'recording', | |
| 292 | 348 'redis', |
| 349 'redmine', | |
| 297 | 350 'remote', |
| 351 'reports', | |
| 292 | 352 'riakcs', |
| 353 'root[0-9]+', | |
| 354 'rpc(user)?', | |
| 297 | 355 'rpm', |
| 292 | 356 'RPM', |
| 357 'rtorrent', | |
| 358 'rustserver', | |
| 359 'sales[0-9]+', | |
| 360 's?bin', | |
| 297 | 361 '(samba|sshd|git|student|tomcat|abc|web|info|(vpn|appl?|my|db)?(dev|use?r|server|man|manager|mgr)|account)[0-9]*', |
| 292 | 362 'saslauth', |
| 297 | 363 'scan(n?er)?', |
| 292 | 364 'screen', |
| 365 'search', | |
| 297 | 366 'sekretariat', |
| 294 | 367 'serverpilot', |
| 292 | 368 'service', |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
369 'setup', |
| 297 | 370 '(s|u|ams|admin|inss|pro|web)?ftp(d|[_-]?use?r|home|_?test|immo)?[0-9]*', |
| 292 | 371 'sftponly', |
| 372 'shell', | |
| 373 'shop', | |
| 297 | 374 'sinusbot[0-9]*', |
|
324
b0928653dfc2
Blacklist more users, including sshd, ftpadmin and a cPanel tool
IBBoard <dev@ibboard.co.uk>
parents:
308
diff
changeset
|
375 'sirius', |
| 297 | 376 'smbguest', |
| 377 'smbuse?r', | |
| 292 | 378 'smmsp', |
| 379 'socket', | |
| 380 'software', | |
| 381 'solarus', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
382 'speech-dispatcher', |
| 292 | 383 'splunk', |
| 297 | 384 'sprummlbot', |
| 292 | 385 'squid', |
| 297 | 386 'squirrelmail[0-9]+', |
| 387 'srvadmin', | |
|
324
b0928653dfc2
Blacklist more users, including sshd, ftpadmin and a cPanel tool
IBBoard <dev@ibboard.co.uk>
parents:
308
diff
changeset
|
388 'sshd', |
| 292 | 389 'sshusr', |
| 390 'staffc', | |
| 391 'steam(cmd)?', | |
| 392 'store', | |
| 297 | 393 'stunnel', |
| 292 | 394 'superuser', |
|
296
2f4d0ea4cb55
Blacklist Portuguese support, MapR, numbered Oracle and more
IBBoard <dev@ibboard.co.uk>
parents:
295
diff
changeset
|
395 'suporte', |
| 292 | 396 'support', |
| 297 | 397 'svn(root)?', |
|
293
55762b436f89
Add more blacklisted SSH usernames
IBBoard <dev@ibboard.co.uk>
parents:
292
diff
changeset
|
398 'sybase', |
| 297 | 399 'sync[0-9]*', |
| 292 | 400 'sysadmin', |
| 401 'system', | |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
402 'teamspeak[234]?(-?use?r)?', |
| 292 | 403 'telkom', |
| 297 | 404 'telnetd?', |
| 405 'te?mp(use?r)?[0-9]*', | |
|
305
38e35360a390
Blacklist hive, polkitd, cinstall and more as SSH logins
IBBoard <dev@ibboard.co.uk>
parents:
297
diff
changeset
|
406 'test((er?|ing|ftp|man|linux|use?r|u)[0-9]*|[0-9]+)?', |
| 292 | 407 '(test)?username', |
| 408 'text', | |
| 409 'tomcat', | |
| 410 'tools', | |
| 411 'toor', | |
| 297 | 412 'ts[23](se?rv(er)?|(musi[ck])?bot|sleep)?', |
| 413 'tss', | |
| 292 | 414 'tunstall', |
| 415 'ubnt', | |
| 416 'ubuntu', | |
| 417 'unity', | |
| 297 | 418 'universitaetsrechenzentrum', # University Computing Center |
| 419 'upload[0-9]*', | |
| 420 'user[0-9]*', | |
| 292 | 421 'USERID', |
| 297 | 422 'username', |
| 292 | 423 'usuario', |
| 424 'uucp', | |
| 425 'vagrant', | |
| 426 'vbox', | |
| 427 'ventrilo', | |
| 428 'vhbackup', | |
| 429 'virusalter', | |
| 430 'vmadmin', | |
| 431 'vmail', | |
| 297 | 432 'vscan', |
| 292 | 433 'vyatta', |
| 434 'wanadoo', | |
|
308
edd1e3b444e7
Blacklist more users on SSH including bugzilla
IBBoard <dev@ibboard.co.uk>
parents:
305
diff
changeset
|
435 'web', |
| 292 | 436 'weblogic', |
| 437 'webmaster', | |
| 297 | 438 'webportal', |
| 292 | 439 'WinD3str0y', |
| 440 'wine', | |
| 297 | 441 'wordpress', |
| 292 | 442 'wp-?user', |
| 443 'write', | |
| 444 'www', | |
| 297 | 445 'wwAdmin', |
| 446 '(www|web|coin|fax|sys|db2|rsync|tc)-?(adm(in)?|run|users?|data|[0-9]+)', | |
| 292 | 447 'xbian', |
| 448 'xbot', | |
| 297 | 449 'xmpp', |
| 292 | 450 'xoadmin', |
| 451 'yahoo', | |
| 452 'yarn', | |
| 453 'zabbix', | |
| 454 'zimbra', | |
| 455 'zookeeper', | |
| 297 | 456 # And some passwords that turned up as usernames |
| 457 '1q2w3e4r', | |
| 458 'abc123', | |
| 292 | 459 '0fordn1on@#\$%%\^&', |
| 460 'P@\$\$w0rd', | |
| 297 | 461 'P@ssword1!', |
| 462 'Passwd123', | |
| 463 'pass123?4?', | |
| 464 'qwer?[0-9]+', | |
| 292 | 465 ] |
| 466 | |
| 467 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf': | |
| 468 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }), | |
| 469 } | |
| 470 # Because one of our rules checks fail2ban's log, but the service dies without the file | |
| 471 file { '/var/log/fail2ban.log': | |
| 472 ensure => present, | |
| 473 owner => 'root', | |
| 474 group => 'root', | |
| 475 mode => '0600', | |
| 476 } | |
| 477 } |