add a jail for apache

12 years ago · 52bf6b871d
parent 4df9a2848c
commit 52bf6b871d
2 changed files with 48 additions and 0 deletions
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd
@ -0,0 +1,38 @@
+{
+
+my $status = $httpd-e-smith{'status'} || 'enabled';
+return "" if ($status ne 'enabled');
+my @ports = ();
+push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
+push @ports, ($modSSL{'TCPPort'} || '443');
+my $port = join (",", @ports);
+
+$OUT .=<<"EOF";
+
+[http-overflows]
+enabled  = true
+filter   = apache-overflows
+action   = smeserver[port=$port, protocol=tcp]
+logpath  = /var/log/httpd/error_log
+
+[http-noscript]
+enabled  = true
+filter   = apache-noscript
+action   = smeserver[port=$port, protocol=tcp]
+logpath  = /var/log/httpd/error_log
+
+[http-scan]
+enabled  = true
+filter   = apache-scan
+action   = smeserver[port=$port, protocol=tcp]
+logpath  = /var/log/httpd/error_log
+
+[http-auth]
+enabled  = true
+filter   = apache-auth
+action   = smeserver[port=$port, protocol=tcp]
+logpath  = /var/log/httpd/error_log
+
+EOF
+
+}
--- a/root/etc/fail2ban/filter.d/apache-scan.conf
+++ b/root/etc/fail2ban/filter.d/apache-scan.conf
@ -0,0 +1,10 @@
+[Definition]
+re_pma = pma|PMA|phpmyadmin|phpMyAdmin|myadmin|mysql|mysqladmin|sqladmin|mypma|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2|php\-my\-admin|sqlmanager|websql|sqlweb|MyAdmin|phpadmin|sql|pma2005|databaseadmin|
+phpmanager
+re_admin = administrator|manager|webadmin|ecrire|admin|mailadmin
+re_proxy = freenode-proxy-checker\.txt|proxy|proxychecker
+re_various = vtigercrm|typo3|scripts|wp\-admin|wordpress|horde
+
+failregex = \[client <HOST>\] File does not exist: .*\/(%(re_pma)s|%(re_admin)s|%(re_proxy)s|%(re_various)s)$
+
+ignoreregex =