diff --git a/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf b/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf new file mode 100644 index 00000000000..d5922909ba9 --- /dev/null +++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# +# Regexp to catch known spambots and software alike. Please verify +# that it is your intent to block IPs which were driven by +# above mentioned bots. + + +[Definition] + +# To test, you can inject this example into log +# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log +# +# then +# fail2ban-client status web-dol-bruteforce +# +# To test rule file on a existing log file +# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf + +failregex = ^ [A-Z\s]+ \s+functions_dolibarr::check_user_password_.* Authentication KO +ignoreregex = diff --git a/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf b/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf new file mode 100644 index 00000000000..edc2ca68092 --- /dev/null +++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# +# Regexp to catch known spambots and software alike. Please verify +# that it is your intent to block IPs which were driven by +# above mentioned bots. + + +[Definition] + +# To test, you can inject this example into log +# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log +# +# then +# fail2ban-client status web-dol-passforgotten +# +# To test rule file on a existing log file +# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf + +failregex = ^ [A-Z\s]+ \s+--- Access to .*/passwordforgotten.php - action=buildnewpassword +ignoreregex = diff --git a/dev/setup/fail2ban/jail.local b/dev/setup/fail2ban/jail.local new file mode 100644 index 00000000000..bd506e20812 --- /dev/null +++ b/dev/setup/fail2ban/jail.local @@ -0,0 +1,28 @@ +# +# Examle of rule you can add to fail2ban to restrict bruteforce attacks. +# + +[web-dol-passforgotten] + +; rule against call of passwordforgottenpage +enabled = true +port = http,https +filter = web-dolibarr-rulespassforgotten +logpath = >> /mypath/documents/documents/dolibarr.log +action = %(action_mw)s +bantime = 4320000 ; 50 days +findtime = 86400 ; 1 day +maxretry = 10 + +[web-dol-bruteforce] + +; rule against bruteforce hacking (login + api) +enabled = true +port = http,https +filter = web-dolibarr-rulesbruteforce +logpath = >> /mypath/documents/documents/dolibarr.log +action = %(action_mw)s +bantime = 86400 ; 1 day +findtime = 3600 ; 1 hour +maxretry = 10 +