other/Puppet: modules/fail2ban/manifests/init.pp annotate

annotate modules/fail2ban/manifests/init.pp @ 370:cd0e77678dca

Block more SSH probe usernames from recent attack

author	IBBoard <dev@ibboard.co.uk>
date	Sat, 27 Feb 2021 18:39:46 +0000
parents	3a1b19f6a054
children	df5ad1612af7

rev	line source
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class fail2ban (
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 $firewall_cmd,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 ) {
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 package { 'fail2ban':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 ensure => installed,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 service { 'fail2ban':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 ensure => running,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 enable => true
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 File<\| tag == 'fail2ban' \|> {
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 ensure => present,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 require => Package['fail2ban'],
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 notify => Service['fail2ban'],
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 file { '/etc/fail2ban/fail2ban.local':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 source => 'puppet:///modules/fail2ban/fail2ban.local',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 file { '/etc/fail2ban/jail.local':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 source => 'puppet:///modules/fail2ban/jail.local',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 file { '/etc/fail2ban/action.d/apf.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 source => 'puppet:///modules/fail2ban/apf.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	25
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 if $firewall_cmd == 'iptables' {
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 $firewall_ban_cmd = 'iptables-multiport'
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 } else {
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 $firewall_ban_cmd = $firewall_cmd
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 }
337 a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	31 # Create an empty banlist file if it doesn't exist
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	32 exec { 'httxt2dbm -i /dev/null -o /etc/httpd/conf.custom/apache_banlist.db':
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	33 path => '/usr/bin',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	34 unless => 'test -f /etc/httpd/conf.custom/apache_banlist.db',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	35 before => Service['httpd'],
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	36 }
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	37 file { '/tmp/apache_banlist.txt':
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	38 ensure => present,
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	39 seltype => 'httpd_config_t',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	40 }
341 3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	41 # Create an empty repeat banlist file if it doesn't exist
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	42 exec { 'httxt2dbm -i /dev/null -o /etc/httpd/conf.custom/apache_repeat_banlist.db':
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	43 path => '/usr/bin',
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	44 unless => 'test -f /etc/httpd/conf.custom/apache_repeat_banlist.db',
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	45 before => Service['httpd'],
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	46 }
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	47 file { '/tmp/apache_repeat_banlist.txt':
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	48 ensure => present,
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	49 seltype => 'httpd_config_t',
3a1b19f6a054 Add a "repeat offender" ban to Apache IP block IBBoard <dev@ibboard.co.uk> parents: 337 diff changeset	50 }
337 a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	51 # And let the httxt2dbm process work the rest of the time
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	52 file { '/etc/selinux/apache-ip-banlist.pp':
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	53 source => 'puppet:///modules/fail2ban/apache-ip-banlist.pp',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	54 } ~>
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	55 exec { 'semodule -i /etc/selinux/apache-ip-banlist.pp':
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	56 path => '/usr/sbin',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	57 refreshonly => true,
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	58 }
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 file { '/etc/fail2ban/action.d/firewall-ban.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 ensure => link,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf",
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 }
337 a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	63 file { '/etc/fail2ban/action.d/ibb-apache-ip-block.conf':
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	64 source => 'puppet:///modules/fail2ban/ibb-apache-ip-block.conf',
a79ad974a548 Implement fail2ban for Apache as mod_rewrite IBBoard <dev@ibboard.co.uk> parents: 324 diff changeset	65 }
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 source => 'puppet:///modules/fail2ban/ibb-apache-exploits-instaban.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	70 source => 'puppet:///modules/fail2ban/ibb-apache-shellshock.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	71 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 source => 'puppet:///modules/fail2ban/ibb-repeat-offender.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	74 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	75 file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	76 source => 'puppet:///modules/fail2ban/ibb-repeat-offender-ssh.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	77 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	78 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	79 source => 'puppet:///modules/fail2ban/ibb-postfix-spammers.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	80 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	81 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	82 source => 'puppet:///modules/fail2ban/ibb-postfix-malicious.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	83 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	84 file { '/etc/fail2ban/filter.d/ibb-postfix.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	85 source => 'puppet:///modules/fail2ban/ibb-postfix.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	86 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	87 file { '/etc/fail2ban/filter.d/ibb-sshd.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	88 source => 'puppet:///modules/fail2ban/ibb-sshd.conf',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	89 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	90
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	91 $bad_users = [
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	92 '[^0-9a-zA-Z]+',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	93 '[0-9]+',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	94 '[0-9a-zA-Z]{1,3}',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 '([0-9a-z])\2{2,}',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	96 'abused',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 'Admin',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	98 'admins?[0-9]*',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	99 'administr[a-z]+', # administracion, administrador, administradorweb, administrator, etc
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	100 'admissions',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	101 'altibase',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	102 'alumni',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	103 'amavisd?',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	104 'amministratore',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 'anwenderschnittstelle',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	106 'anonymous',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 'ansible',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	108 'apache',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	109 'aptproxy',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	110 'apt-mirror',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	111 'ark(server)?',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	112 'asdfas',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	113 'asterisk',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	114 'audio',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	115 'auser',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	116 'autologin',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	117 'avahi',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	118 'avis',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 'backlog',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	120 'backup(s\|er\|pc\|user)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	121 'bash',
308 edd1e3b444e7 Blacklist more users on SSH including bugzilla IBBoard <dev@ibboard.co.uk> parents: 305 diff changeset	122 'batch',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	123 'beagleindex',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	124 'bf2',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	125 '.*bitbucket',
324 b0928653dfc2 Blacklist more users, including sshd, ftpadmin and a cPanel tool IBBoard <dev@ibboard.co.uk> parents: 308 diff changeset	126 'bind',
293 55762b436f89 Add more blacklisted SSH usernames IBBoard <dev@ibboard.co.uk> parents: 292 diff changeset	127 'bitcoin',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	128 'bitnami',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	129 'bitrix',
308 edd1e3b444e7 Blacklist more users on SSH including bugzilla IBBoard <dev@ibboard.co.uk> parents: 305 diff changeset	130 'bkroot',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	131 'blog',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	132 'boinc',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	133 'bot',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	134 'botmaster',
308 edd1e3b444e7 Blacklist more users on SSH including bugzilla IBBoard <dev@ibboard.co.uk> parents: 305 diff changeset	135 'bugzilla',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	136 'build',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	137 'buscador',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	138 'cacti(user)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	139 'carrerasoft',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	140 'catchall',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	141 'celery',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	142 'cemergen',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	143 'centos',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	144 'chef',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	145 'cgi',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	146 'chromeuser',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	147 'cinema',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	148 'cinstall',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	149 'cisco',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	150 'clamav',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	151 'cliente?[0-9]*',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	152 'CloudSigma',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	153 'clouduser',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	154 'com',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	155 'comercial',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	156 'control',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	157 'couchdb',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	158 'cpanel',
324 b0928653dfc2 Blacklist more users, including sshd, ftpadmin and a cPanel tool IBBoard <dev@ibboard.co.uk> parents: 308 diff changeset	159 'cpanelrrdtool',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	160 'create',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	161 'cron',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	162 '(cs(s\|go\|cz)\|arma\|mc\|tf2?\|sdtd\|web\|pz)-?se?rve?r?',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	163 'cs-?go1?',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	164 'CumulusLinux!',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	165 'cyrus[0-9]*',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	166 'daemon',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	167 'danger',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	168 'darwin',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	169 'dasuse?r[0-9]*',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	170 'data(ba?se)?',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	171 'db2inst[0-9]*',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	172 'dbus',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	173 'debian(-spamd)?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	174 'default',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	175 'dell',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	176 'demo',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	177 'deploy(er)?[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	178 'desktop',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	179 'developer',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	180 'devdata',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	181 'devops',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	182 'devteam',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	183 'dietpi',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	184 'discordbot',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	185 'disklessadmin',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	186 'display',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	187 'django',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	188 'dmarc',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	189 'dpvirtual',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	190 'dockeruser',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	191 'dotblot',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	192 'download',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	193 'dovecot',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	194 'dovenull',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	195 'duplicity',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	196 'easy',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	197 'ec2-user',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	198 'ecquser',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	199 'edu(cation)?[0-9]*',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	200 'e-shop',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	201 'elastic',
293 55762b436f89 Add more blacklisted SSH usernames IBBoard <dev@ibboard.co.uk> parents: 292 diff changeset	202 'elsearch',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	203 'engin(eer)?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	204 'esadmin',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	205 'events',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	206 'exploit',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	207 'exports?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	208 'facebook',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	209 'factorio',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	210 'fax',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	211 'fcweb',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	212 'fetchmail',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	213 'filter',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	214 'firebird',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	215 'firefox',
324 b0928653dfc2 Blacklist more users, including sshd, ftpadmin and a cPanel tool IBBoard <dev@ibboard.co.uk> parents: 308 diff changeset	216 'ftp(admin)?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	217 'fuser',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	218 'games',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	219 'gdm',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	220 'geniuz',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	221 'getmail',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	222 'ggc_user',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	223 'ghost',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	224 'git(olite?\|blit\|lab(_ci)?\|admi?n?\|use?r)?',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	225 'glassfish',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	226 'gmail',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	227 'gmodserver',
d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	228 'gnuhealth',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	229 'gopher',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	230 'government',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	231 'grid',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	232 'guest',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	233 'hacker',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	234 'hadoop',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	235 'haldaemon',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	236 'harvard',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	237 'hduser',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	238 'headmaster',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	239 'helpdesk',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	240 'hive',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	241 'home',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	242 'host',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	243 'httpd?',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	244 'httpfs',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	245 'huawei',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	246 'iamroot',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	247 'iceuser',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	248 'imscp',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	249 'info(rmix)?[0-9]*',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	250 'inst[0-9]+',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	251 'installer',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	252 'inventario',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	253 'java',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	254 'jboss',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	255 'jenkins',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	256 'jira',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	257 'jmeter',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	258 'jsboss',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	259 'juniper',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	260 'kafka',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	261 'kodi',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	262 'kms',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	263 'legacy',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	264 'library',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	265 'libsys',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	266 'libuuid',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	267 'linode',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	268 'linux',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	269 'localadmin',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	270 'logcheck',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	271 'login',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	272 'logout',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	273 'logstash',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	274 'logview(er)?',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	275 'lsfadmin',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	276 'lynx',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	277 'magento',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	278 'mail',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	279 'mailer',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	280 'mailman',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	281 'mailtest',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	282 'maintain',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	283 'majordomo',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	284 'man',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	285 'mantis',
296 2f4d0ea4cb55 Blacklist Portuguese support, MapR, numbered Oracle and more IBBoard <dev@ibboard.co.uk> parents: 295 diff changeset	286 'mapruser',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	287 'marketing',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	288 'master',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	289 'membership',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	290 'merlin',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	291 'messagebus',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	292 'minecraft',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	293 'mirc',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	294 'modem',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	295 'mongo(db\|user)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	296 'monitor(ing)?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	297 'more',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	298 'moher',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	299 'mpiuser',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	300 'mqadm',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	301 'musi[ck]bot',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	302 '(my?\|pg)sq(ue)?l[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	303 'mythtv',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	304 'nagios',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	305 'named',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	306 'nasa',
296 2f4d0ea4cb55 Blacklist Portuguese support, MapR, numbered Oracle and more IBBoard <dev@ibboard.co.uk> parents: 295 diff changeset	307 'ncs',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	308 'nessus',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	309 'netadmin',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	310 'netdiag',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	311 'netdump',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	312 'network',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	313 'netzplatz',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	314 'newadmin',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	315 'newuser',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	316 'nexus',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	317 'nfinity',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	318 'nfs',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	319 '(nfs)?nobody',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	320 'nginx',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	321 'noc',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	322 'node',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	323 'notes',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	324 'nothing',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	325 'NpC',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	326 'nux',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	327 'odoo',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	328 'odroid',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	329 'office',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	330 'omsagent',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	331 'onyxeye',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	332 'oozie',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	333 'openbravo',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	334 'openfire',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	335 'openvpn',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	336 'operador',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	337 'operator',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	338 'ops(code)?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	339 'oprofile',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	340 'ora(cle\|prod\|vis)[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	341 'osmc',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	342 'owncloud',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	343 'papernet',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	344 'passwo?r?d',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	345 'payments',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	346 'pay_?pal',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	347 'pdfbox',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	348 'pentaho',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	349 'php[0-9]*',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	350 'platform',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	351 'play',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	352 'PlcmSpIp(PlcmSpIp)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	353 'plex',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	354 'polkitd?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	355 'popd?3?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	356 'popuser',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	357 'postfix',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	358 'p0stgr3s',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	359 'postgres',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	360 'postmaster',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	361 'pptpd',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	362 'print',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	363 'privoxy',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	364 'proba',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	365 'proxy',
295 90525117ab81 Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 294 diff changeset	366 'public',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	367 'puppet',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	368 'qhsupport',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	369 'rabbit(mq)?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	370 'radiusd?',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	371 'raspberry',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	372 'readonly',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	373 'reboot',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	374 'recording',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	375 'redis',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	376 'redmine',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	377 'remote',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	378 'reports',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	379 'riakcs',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	380 'root[0-9]+',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	381 'rpc(user)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	382 'rpm',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	383 'RPM',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	384 'rtorrent',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	385 'rustserver',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	386 'sales[0-9]+',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	387 's?bin',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	388 'saslauth',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	389 'scan(n?er)?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	390 'screen',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	391 'search',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	392 'sekretariat',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	393 'server',
294 d49def2d04ae Blacklist more SSH users IBBoard <dev@ibboard.co.uk> parents: 293 diff changeset	394 'serverpilot',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	395 'service',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	396 'setup',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	397 '(s\|u\|ams\|admin\|inss\|pro\|web)?ftp(d\|[_-]?use?r\|home\|_?test\|immo)?[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	398 'sftponly',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	399 'shell',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	400 'shop',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	401 'sinusbot[0-9]*',
324 b0928653dfc2 Blacklist more users, including sshd, ftpadmin and a cPanel tool IBBoard <dev@ibboard.co.uk> parents: 308 diff changeset	402 'sirius',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	403 'smbguest',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	404 'smbuse?r',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	405 'smmsp',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	406 'socket',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	407 'software',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	408 'solr',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	409 'solarus',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	410 'spam',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	411 'spark',
308 edd1e3b444e7 Blacklist more users on SSH including bugzilla IBBoard <dev@ibboard.co.uk> parents: 305 diff changeset	412 'speech-dispatcher',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	413 'splunk',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	414 'sprummlbot',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	415 'squid',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	416 'squirrelmail[0-9]+',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	417 'srvadmin',
324 b0928653dfc2 Blacklist more users, including sshd, ftpadmin and a cPanel tool IBBoard <dev@ibboard.co.uk> parents: 308 diff changeset	418 'sshd',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	419 'sshusr',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	420 'staffc',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	421 'steam(cmd)?',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	422 'store',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	423 'stunnel',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	424 'superuser',
296 2f4d0ea4cb55 Blacklist Portuguese support, MapR, numbered Oracle and more IBBoard <dev@ibboard.co.uk> parents: 295 diff changeset	425 'suporte',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	426 'support',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	427 'svn(root\|admin)?',
293 55762b436f89 Add more blacklisted SSH usernames IBBoard <dev@ibboard.co.uk> parents: 292 diff changeset	428 'sybase',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	429 'sync[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	430 'sysadmin',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	431 'system',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	432 'teamspeak[234]?(-?use?r)?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	433 'telkom',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	434 'telnetd?',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	435 'te?mp(use?r)?[0-9]*',
305 38e35360a390 Blacklist hive, polkitd, cinstall and more as SSH logins IBBoard <dev@ibboard.co.uk> parents: 297 diff changeset	436 'test((er?\|ing\|ftp\|man\|linux\|use?r\|u)[0-9]*\|[0-9]+)?',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	437 '(test)?username',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	438 'text',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	439 'tomcat',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	440 'tools',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	441 'toor',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	442 'ts[123](se?rv(er)?\|(musi[ck])?bot\|sleep\|user)?',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	443 'tss',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	444 'tunstall',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	445 'ubnt',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	446 'unity',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	447 'universitaetsrechenzentrum', # University Computing Center
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	448 'upload[0-9]*',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	449 'user[0-9]*',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	450 'USERID',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	451 'username',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	452 'usuario',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	453 'uucp',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	454 'vagrant',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	455 'vbox',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	456 'ventrilo',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	457 'vhbackup',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	458 'virusalter',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	459 'vmadmin',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	460 'vmail',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	461 'vscan?',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	462 'vtms',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	463 'vyatta',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	464 'wanadoo',
308 edd1e3b444e7 Blacklist more users on SSH including bugzilla IBBoard <dev@ibboard.co.uk> parents: 305 diff changeset	465 'web',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	466 'webapp',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	467 'weblogic',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	468 'webmaster',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	469 'webportal',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	470 'websync',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	471 'wiki',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	472 'WinD3str0y',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	473 'wine',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	474 'wordpress',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	475 'wp-?user',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	476 'write',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	477 'www',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	478 'wwAdmin',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	479 '(www\|web\|coin\|fax\|sys\|db2\|rsync\|tc)-?(adm(in)?\|run\|users?\|data\|[0-9]+)',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	480 'xbian',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	481 'xbot',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	482 'xmpp',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	483 'xoadmin',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	484 'yahoo',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	485 'yarn',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	486 'zabbix',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	487 'zimbra',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	488 'zookeeper',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	489 # User/admin/other
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	490 '(api\|appl?\|ats\|cam\|cat\|db\|imap\|is\|my\|virtual\|vpn)?(admin\|dev\|use?r\|server\|man\|manager\|mgr)[0-9]*',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	491 '(abc\|account\|git\|info\|redhat\|samba\|sshd\|student\|tomcat\|ubuntu\|web)[0-9]*',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	492 # Names
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	493 '(aaron\|david\|james\|tom\|victor)[0-9]*',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	494 # And some passwords that turned up as usernames
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	495 '1q2w3e4r',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	496 'abc123',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	497 'letmein',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	498 '0fordn1on@#\$%%\^&',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	499 'P@\$\$w0rd',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	500 'P@ssword1!',
370 cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	501 'Pa\$\$word_',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	502 'Passwd123(\$%%\^)',
cd0e77678dca Block more SSH probe usernames from recent attack IBBoard <dev@ibboard.co.uk> parents: 341 diff changeset	503 'password',
297 4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	504 'pass123?4?',
4f7315d7e869 Blacklist LOTS of usernames IBBoard <dev@ibboard.co.uk> parents: 296 diff changeset	505 'qwer?[0-9]+',
292 3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	506 ]
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	507
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	508 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	509 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }),
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	510 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	511 # Because one of our rules checks fail2ban's log, but the service dies without the file
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	512 file { '/var/log/fail2ban.log':
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	513 ensure => present,
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	514 owner => 'root',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	515 group => 'root',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	516 mode => '0600',
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	517 }
3e04f35dd0af Turn Fail2ban setup into a module IBBoard <dev@ibboard.co.uk> parents: diff changeset	518 }

Mercurial > repos > other > Puppet

annotate modules/fail2ban/manifests/init.pp @ 370:cd0e77678dca