Mercurial > repos > other > Puppet

view common/fail2ban/ibb-apache-exploits-instaban.conf @ 273:48b154d5ea53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix Mariadb setup by removing now removed config values They were necessary under CentOS 7, then deprecated, now the behaviour is the default and the option has been removed
author IBBoard <dev@ibboard.co.uk>
date Sat, 04 Jan 2020 11:34:30 +0000
parents 956e484adc12
children
line wrap: on
line source

# Fail2Ban configuration file
#
# Author: IBBoard

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex =	^<HOST> .*"(?:GET|HEAD|POST) .*/proc/self/environ.*"
		^<HOST> .*"(?:GET|HEAD|POST) /w00tw00t\.at\..+\:\).*"
		^<HOST> .*"(?:GET|HEAD|POST) .*\?module=http(?:s)?:.*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?write.phpdir=http(?:s)?:.*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?src=http(?:s)?:.*
		^<HOST> .*"(?:GET|HEAD|POST) .*ivrrecording.php.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*\?php=info&ip=uname.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*\?input_file=http(?:s)?://.*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?dir=http(?:s)?://.*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?f=http(?:s)?://.*
		^<HOST> .*"(?:GET|HEAD|POST) .*([\+-]{5,})Result.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*onmousedown=%%22
		^<HOST> .*"(?:GET|HEAD|POST) .*/bin/msgimport.*"
		^<HOST> .* " " [2-5]
		^<HOST> .*"(?:GET|HEAD|POST) .*//filemanager/.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*//php[Mm]y[Aa]dmin.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*///wp-content/themes/.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*\?[^"]+union(?:%%20|\+)select.*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?[[^"]+\+(?:and|or)\+(?:1|%%2[27][xy]%%2[27])%%3D(?:1|%%2[27][xy]%%2[27]).*
		^<HOST> .*"(?:GET|HEAD|POST) .*\?[^"]+\?\?\?
		^<HOST> .*"(?:GET|HEAD|POST) .*%%5BPLM=.*
		^<HOST> .*"(?:GET|HEAD|POST) /config/[^\.]+\.php\?[^"]+&sid=[a-z0-9]+
		^<HOST> .*\?.*(?:\.\./|%%2E%%2E%%2F){3,}.*%%00
                ^<HOST> .*"\\x16\\x03\\x01"
		^<HOST> .*"PROPFIND /[^%%/"]%%24
		^<HOST> .*"(?:GET|HEAD|POST) /manager/status [^"]*" 404
		^<HOST> .*"(?:GET|HEAD|POST) [^"]*allow_url_include%%3d1.*
		^<HOST> .*"(?:GET|HEAD|POST) .*php://.*
		^<HOST> .*"CONNECT
		^<HOST> .*"POST "
		^<HOST> .*"(?:GET|POST) /[^"]+\.php.*174\.123\.231\.2(?:29|30)
		^<HOST> .*"(?:GET|HEAD|POST)[^"]+" 402

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =