Add samples to show how to setup fail2ban

2021-04-07 19:16:07 +02:00 · 2021-04-07 19:16:07 +02:00 · 3315bf6c00
commit 3315bf6c00
parent 87d4e6e2c5
3 changed files with 68 additions and 0 deletions
--- a/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
+++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
+#
+# then 
+# fail2ban-client status web-dol-bruteforce 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
+
+failregex = ^ [A-Z\s]+ <HOST>\s+functions_dolibarr::check_user_password_.* Authentication KO
+ignoreregex =
--- a/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
+++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
+#
+# then 
+# fail2ban-client status web-dol-passforgotten 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
+
+failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/passwordforgotten.php - action=buildnewpassword
+ignoreregex =
--- a/dev/setup/fail2ban/jail.local
+++ b/dev/setup/fail2ban/jail.local
@ -0,0 +1,28 @@
+#
+# Examle of rule you can add to fail2ban to restrict bruteforce attacks.
+#
+
+[web-dol-passforgotten]
+
+; rule against call of passwordforgottenpage
+enabled = true
+port    = http,https
+filter  = web-dolibarr-rulespassforgotten
+logpath = >> /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 4320000   ; 50 days
+findtime = 86400     ; 1 day
+maxretry = 10
+
+[web-dol-bruteforce]
+
+; rule against bruteforce hacking (login + api)
+enabled = true
+port    = http,https
+filter  = web-dolibarr-rulesbruteforce
+logpath = >> /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 86400     ; 1 day
+findtime = 3600      ; 1 hour
+maxretry = 10
+