Mercurial > repos > other > Puppet
changeset 6:b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 28 Sep 2014 08:03:46 +0000 |
| parents | f2056be70cb8 |
| children | 3523e4c2604c |
| files | common/fail2ban/ibb-apache-shellshock.conf common/fail2ban/jail.local manifests/templates.pp |
| diffstat | 3 files changed, 29 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/fail2ban/ibb-apache-shellshock.conf Sun Sep 28 08:03:46 2014 +0000 @@ -0,0 +1,17 @@ +# Fail2Ban configuration file +# +# Author: IBBoard + +[Definition] + +# Option: failregex +# Notes.: regex to match Shellshock attempts against Apache +# Values: TEXT +# +failregex = <HOST>.*\(\s*\)\s*\{[^"]*\}\s*\;[^"]+ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex =
--- a/common/fail2ban/jail.local Sat Aug 30 10:05:08 2014 +0000 +++ b/common/fail2ban/jail.local Sun Sep 28 08:03:46 2014 +0000 @@ -79,3 +79,12 @@ logpath = /var/log/maillog findtime = 604800 bantime = 604800 + +[shellshock] +enabled = true +maxretry = 1 +filter = ibb-apache-shellshock +action = apf[name=Shellshock] +logpath = /var/log/apache/access_*.log +findtime = 604800 +bantime = 604800
--- a/manifests/templates.pp Sat Aug 30 10:05:08 2014 +0000 +++ b/manifests/templates.pp Sun Sep 28 08:03:46 2014 +0000 @@ -182,6 +182,9 @@ file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': source => 'puppet:///common/fail2ban/ibb-apache-exploits-instaban.conf', } + file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': + source => 'puppet:///common/fail2ban/ibb-apache-shellshock.conf', + } file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': source => 'puppet:///common/fail2ban/ibb-repeat-offender.conf', }