Update sample for fail2ban

dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf

@@ -1,8 +1,7 @@
 # Fail2Ban configuration file
 #
-# Regexp to catch known spambots and software alike. Please verify
-# that it is your intent to block IPs which were driven by
-# above mentioned bots.
+# Regexp to detect access on public pages so we can add mitigation on IP making too much 
+# access to your a Dolibarr instance.
 
 
 [Definition]
@@ -11,7 +10,7 @@
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /public/clicktodial/cidlookup.php" >> /mypath/documents/dolibarr.log
 #
 # then 
-# fail2ban-client status web-dol-passforgotten 
+# fail2ban-client status web-dolibarr-limitpublic 
 #
 # To test rule file on a existing log file
 # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-limitpublic.conf

dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf

@@ -1,8 +1,7 @@
 # Fail2Ban configuration file
 #
-# Regexp to catch known spambots and software alike. Please verify
-# that it is your intent to block IPs which were driven by
-# above mentioned bots.
+# Regexp to detect try to check a couple login/password so we can add mitigation 
+# on IP making too much tries. 
 
 
 [Definition]
@@ -11,7 +10,7 @@
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
 #
 # then 
-# fail2ban-client status web-dol-bruteforce 
+# fail2ban-client status web-dolibarr-rulesbruteforce 
 #
 # To test rule file on a existing log file
 # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf

dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf

@@ -1,8 +1,7 @@
 # Fail2Ban configuration file
 #
-# Regexp to catch known spambots and software alike. Please verify
-# that it is your intent to block IPs which were driven by
-# above mentioned bots.
+# Regexp to detect access on passwordforgotten.php page so we can add mitigation on IP making too much 
+# access to this Dolibarr page.
 
 
 [Definition]
@@ -11,7 +10,7 @@
 # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
 #
 # then 
-# fail2ban-client status web-dol-passforgotten 
+# fail2ban-client status web-dolibarr-rulespassforgotten 
 #
 # To test rule file on a existing log file
 # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf

htdocs/admin/system/security.php

@@ -570,9 +570,10 @@ print 'For a higher security, we also recommend to implement limits and mitigati
 print '</span>';
 
 print '<br>';
-print 'Login process -> This can be done using a fail2ban rule (see example into dev/setup)'."<br>";
-print DOL_URL_ROOT.'/passwordforgotten.php (see example into dev/setup)'."<br>";
-print DOL_URL_ROOT.'/public/* (see example into dev/setup)'."<br>";
+$urlexamplebase = 'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/fail2ban/filter.d/';
+print '- Login process (see fail2ban example on <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-rulesbruteforce.conf">GitHub</a>)<br>';
+print '- '.DOL_URL_ROOT.'/passwordforgotten.php (see fail2ban example on <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-rulespassgorgotten.conf">GitHub</a>)<br>';
+print '- '.DOL_URL_ROOT.'/public/* (see fail2ban example on <a target="_blank" rel="noopener" href="'.$urlexamplebase.'web-dolibarr-limitpublic.conf">GitHub</a>)<br>';
 
 
 

htdocs/langs/en_US/admin.lang

@@ -2329,4 +2329,6 @@ HelpCssOnViewDesc=The Css used when viewing the field.
 HelpCssOnListDesc=The Css used when field is inside a list table.<br>Example: "tdoverflowmax200"
 RECEPTION_PDF_HIDE_ORDERED=Hide the quantity ordered on the generated documents for receptions
 MAIN_PDF_RECEPTION_DISPLAY_AMOUNT_HT=Show the price on the generated documents for receptions
-WarningDisabled=Warning disabled
+WarningDisabled=Warning disabled
+LimitsAndMitigation=Access limits and mitigation
+