Mercurial > repos > other > Puppet

comparison modules/fail2ban/manifests/init.pp @ 430:79e5fed321fa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Break up SSH bad users regexes The list had got so long that it was failing to compile!
author IBBoard <dev@ibboard.co.uk>
date Sun, 11 Dec 2022 20:27:08 +0000
parents a7eaf17bff26
children c84f5efa999e
comparison
equal deleted inserted replaced
429:fa3093f2dc8e 430:79e5fed321fa
107 file { '/etc/fail2ban/filter.d/ibb-sshd.conf': 107 file { '/etc/fail2ban/filter.d/ibb-sshd.conf':
108 source => 'puppet:///modules/fail2ban/ibb-sshd.conf', 108 source => 'puppet:///modules/fail2ban/ibb-sshd.conf',
109 } 109 }
110 110
111 $bad_users = [ 111 $bad_users = [
112 [
112 '[^0-9a-zA-Z]+', 113 '[^0-9a-zA-Z]+',
113 '\.?[0-9]+\.?', 114 '\.?[0-9]+\.?',
114 '[0-9a-zA-Z]{1,3}', 115 '[0-9a-zA-Z]{1,3}',
115 '([0-9a-z])\2{2,}', 116 '([0-9a-z])\2{2,}',
116 'abused', 117 'abused',
248 'filter', 249 'filter',
249 'firebird', 250 'firebird',
250 'firefox', 251 'firefox',
251 'ftp(admin)?', 252 'ftp(admin)?',
252 'fuser', 253 'fuser',
254 ],[
253 'games', 255 'games',
254 'gdm', 256 'gdm',
255 'geometry', 257 'geometry',
256 'geniuz', 258 'geniuz',
257 'getmail', 259 'getmail',
316 'logout', 318 'logout',
317 'logstash', 319 'logstash',
318 'logview(er)?', 320 'logview(er)?',
319 'lsfadmin', 321 'lsfadmin',
320 'lynx', 322 'lynx',
323 ],[
321 'magento', 324 'magento',
322 'mail', 325 'mail',
323 'mailer', 326 'mailer',
324 'mailman', 327 'mailman',
325 'mailtest', 328 'mailtest',
433 'root[0-9a-zA-Z]+', 436 'root[0-9a-zA-Z]+',
434 'rpc(user)?', 437 'rpc(user)?',
435 'rpm', 438 'rpm',
436 'RPM', 439 'RPM',
437 'rtorrent', 440 'rtorrent',
441 ],[
438 'rustserver', 442 'rustserver',
439 'sales[0-9]+', 443 'sales[0-9]+',
440 'samp', 444 'samp',
441 's?bin', 445 's?bin',
442 'saslauth', 446 'saslauth',
549 'yahoo', 553 'yahoo',
550 'yarn', 554 'yarn',
551 'zabbix', 555 'zabbix',
552 'zimbra', 556 'zimbra',
553 'zookeeper', 557 'zookeeper',
558 ],[
554 # User/admin/other 559 # User/admin/other
555 '(bwair|api|appl?|ats|cam|cat|db|dev|file|imap|is|my|net|site|tech|virtual|vnc|vpn)?(admins?|app|dev|use?r|server|man|manager|mgr)[0-9]*', 560 '(bwair|api|appl?|ats|cam|cat|db|dev|file|imap|is|my|net|site|tech|virtual|vnc|vpn)?(admins?|app|dev|use?r|server|man|manager|mgr)[0-9]*',
556 '(abc|account|git|info|redhat|samba|sshd|student|teacher|tomcat|ubuntu|web)[0-9]*', 561 '(abc|account|git|info|redhat|samba|sshd|student|teacher|tomcat|ubuntu|web)[0-9]*',
557 # Names 562 # Names
558 '(aaron|alexander|bill|david|james|sergio|thomas|timson|tom|victor|wang)[0-9]*', 563 '(aaron|alexander|bill|david|james|sergio|thomas|timson|tom|victor|wang)[0-9]*',
566 'Pa\$\$word_', 571 'Pa\$\$word_',
567 'Passwd123(\$%%\^)', 572 'Passwd123(\$%%\^)',
568 'password', 573 'password',
569 'pass123?4?', 574 'pass123?4?',
570 'qwer?[0-9]+', 575 'qwer?[0-9]+',
576 ]
571 ] 577 ]
572 578
573 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf': 579 file { '/etc/fail2ban/filter.d/ibb-sshd-bad-user.conf':
574 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }), 580 content => epp('fail2ban/ibb-sshd-bad-user.epp', { 'bad_users' => $bad_users }),
575 } 581 }