Mercurial > repos > other > Puppet
changeset 195:f70831cc2864 puppet-3.6
Separate out SSH repeats from web/email repeats
Hopefully this should prevent accidental lock-outs! Worst case, I
trigger a web lock-out and get back in on SSH.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Wed, 17 Apr 2019 12:00:31 +0100 |
| parents | a08de3153548 |
| children | d3ef339b53a6 |
| files | common/fail2ban/ibb-repeat-offender-ssh.conf common/fail2ban/ibb-repeat-offender.conf common/fail2ban/jail.local manifests/templates.pp |
| diffstat | 4 files changed, 38 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/fail2ban/ibb-repeat-offender-ssh.conf Wed Apr 17 12:00:31 2019 +0100 @@ -0,0 +1,23 @@ +# IBB-Repeat-Offender-SSH configuration file +# +# Author: Tom Hendrikx, minor modifications by Amir Caspi +# See http://whyscream.net/wiki/index.php/Fail2ban_monitoring_Fail2ban +# Renamed and adjusted by IBBoard for consistency +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "<HOST>" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) +# Values: TEXT +# +failregex = NOTICE\s+\[ssh-[^\]]+\]\s+Ban\s+<HOST> + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +#ignoreregex =
--- a/common/fail2ban/ibb-repeat-offender.conf Wed Apr 10 20:11:55 2019 +0100 +++ b/common/fail2ban/ibb-repeat-offender.conf Wed Apr 17 12:00:31 2019 +0100 @@ -2,9 +2,7 @@ # # Author: Tom Hendrikx, minor modifications by Amir Caspi # See http://whyscream.net/wiki/index.php/Fail2ban_monitoring_Fail2ban -# Renamed by IBBoard for consistency -# -# $Revision: 1 $ +# Renamed and adjusted by IBBoard for consistency # [Definition] @@ -22,4 +20,4 @@ # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # -ignoreregex = fail2ban.actions:\s+NOTICE\s+\[(ibb-repeat-offender|[^\]]+warning)\]\s+Ban\s+<HOST> +ignoreregex = fail2ban.actions:\s+NOTICE\s+\[(ibb-repeat-offender|ssh-)[^\]]+\]\s+Ban\s+<HOST>
--- a/common/fail2ban/jail.local Wed Apr 10 20:11:55 2019 +0100 +++ b/common/fail2ban/jail.local Wed Apr 17 12:00:31 2019 +0100 @@ -51,7 +51,16 @@ enabled = true maxretry = 2 filter = ibb-repeat-offender -action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465,222"] +action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"] +logpath = /var/log/fail2ban.log +findtime = 2592000 +bantime = 2592000 + +[repeat-offenders-ssh] +enabled = true +maxretry = 2 +filter = ibb-repeat-offender-ssh +action = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"] logpath = /var/log/fail2ban.log findtime = 2592000 bantime = 2592000
--- a/manifests/templates.pp Wed Apr 10 20:11:55 2019 +0100 +++ b/manifests/templates.pp Wed Apr 17 12:00:31 2019 +0100 @@ -373,6 +373,9 @@ file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': source => 'puppet:///common/fail2ban/ibb-repeat-offender.conf', } + file { '/etc/fail2ban/filter.d/ibb-repeat-offender-ssh.conf': + source => 'puppet:///common/fail2ban/ibb-repeat-offender-ssh.conf', + } file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf': source => 'puppet:///common/fail2ban/ibb-postfix-spammers.conf', }