confdroid/confdroid_fail2ban
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

finalized jail.local

Browse Source
This commit is contained in:
Arne Teuke
2017-08-06 15:30:02 +01:00
parent 5361f997c9
commit fa4758835e
2 changed files with 81 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
manifests/params.pp
View File

@@ -105,46 +105,65 @@
# @param [string] fn_action_ ban only # @param [string] fn_action_ ban only
# @param [string] fn_action_mw ban & send an e-mail with whois report to the # @param [string] fn_action_mw ban & send an e-mail with whois report to the
# destemail. # destemail.
# @param [string] fn_action_mwl ban & send an e-mail with whois report and
# relevant log lines
# @param [string] fn_action_xarf ban & send a xarf e-mail to abuse contact of
# IP address and include relevant log lines.
# @param [string] fn_action_cf_mwl ban IP on CloudFlare & send an e-mail with
# whois report and relevant log lines.
# @param [string] fn_action_blocklist_de Report block via blocklist.de fail2ban
# reporting service API
# @param [string] Report ban via badips.com, and use as blacklist
# @param [string] fn_action_badips_report # Report ban via badips.com
# (uses action.d/badips.conf for reporting only).
# @param [string] fn_default_action Choose default action.
############################################################################### ###############################################################################
class cd_fail2ban::params ( class cd_fail2ban::params (
$pkg_ensure = 'latest', $pkg_ensure = 'latest',
$fn_manage_config = true, $fn_manage_config = true,
$fn_enable_service = 'running', $fn_enable_service = 'running',
# fail2ban.conf/local # fail2ban.conf/local
$fn_loglevel = 'INFO', $fn_loglevel = 'INFO',
$fn_logtarget = 'SYSLOG', $fn_logtarget = 'SYSLOG',
$fn_syslogsocket = 'auto', $fn_syslogsocket = 'auto',
$fn_socket = '/var/run/fail2ban/fail2ban.sock', $fn_socket = '/var/run/fail2ban/fail2ban.sock',
$fn_pidfile = '/var/run/fail2ban/fail2ban.pid', $fn_pidfile = '/var/run/fail2ban/fail2ban.pid',
$fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3', $fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3',
$fn_dbpurgeage = '86400', $fn_dbpurgeage = '86400',
# jail.conf/local # jail.conf/local
$fn_ignoreip = '127.0.0.1/8', $fn_ignoreip = '127.0.0.1/8',
$fn_ignorecommand = '', $fn_ignorecommand = '',
$fn_bantime = '600', $fn_bantime = '600',
$fn_findtime = '600', $fn_findtime = '600',
$fn_maxretry = '5', $fn_maxretry = '5',
$fn_backend = 'auto', $fn_backend = 'auto',
$fn_usedns = 'warn', $fn_usedns = 'warn',
$fn_logencoding = 'auto', $fn_logencoding = 'auto',
$fn_enabled = 'false', $fn_enabled = 'false',
$fn_filter = '%(__name__)s', $fn_filter = '%(__name__)s',
$fn_destemail = 'root@localhost', $fn_destemail = 'root@localhost',
$fn_sender = 'root@localhost', $fn_sender = 'root@localhost',
$fn_mta = 'sendmail', $fn_mta = 'sendmail',
$fn_protocol = 'tcp', $fn_protocol = 'tcp',
$fn_chain = 'INPUT', $fn_chain = 'INPUT',
$fn_port = '0:65535', $fn_port = '0:65535',
$fn_fail2ban_agent = 'Fail2Ban/%(fail2ban_version)s', $fn_fail2ban_agent = 'Fail2Ban/%(fail2ban_version)s',
$fn_banaction = 'iptables-multiport', $fn_banaction = 'iptables-multiport',
$fn_banaction_allports = 'iptables-allports', $fn_banaction_allports = 'iptables-allports',
$fn_action_ = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]', $fn_action_ = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]',
$fn_action_mw = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]', $fn_action_mw = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]',
$fn_action_mwl = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
$fn_action_xarf = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]',
$fn_action_cf_mwl = 'cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
$fn_action_blocklist_de = 'blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]',
$fn_action_badips = 'badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]',
$fn_action_badips_report = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
$fn_default_action = 'action_',
) { ) {

97
templates/jail_local.erb
View File

@@ -8,73 +8,38 @@
[INCLUDES] [INCLUDES]
before = paths-<%= @fn_jail_paths %>.conf before = paths-<%= @fn_jail_paths %>.conf
[DEFAULT] [DEFAULT]
ignoreip = <%= @fn_ignoreip %> ignoreip = <%= @fn_ignoreip %>
ignorecommand = <%= @fn_ignorecommand %> ignorecommand = <%= @fn_ignorecommand %>
bantime = <%= @fn_bantime %> bantime = <%= @fn_bantime %>
findtime = <%= @fn_findtime %> findtime = <%= @fn_findtime %>
maxretry = <%= @fn_maxretry %> maxretry = <%= @fn_maxretry %>
backend = <%= @fn_backend %> backend = <%= @fn_backend %>
usedns = <%= @fn_usedns %> usedns = <%= @fn_usedns %>
logencoding = <%= @fn_logencoding %> logencoding = <%= @fn_logencoding %>
enabled = <%= @fn_enabled %> enabled = <%= @fn_enabled %>
filter = <%= @fn_enabled %> filter = <%= @fn_enabled %>
destemail = <%= @fn_destemail %> destemail = <%= @fn_destemail %>
sender = <%= @fn_sender %> sender = <%= @fn_sender %>
mta = <%= @fn_sender %> mta = <%= @fn_sender %>
protocol = <%= @fn_protocol %> protocol = <%= @fn_protocol %>
chain = <%= @fn_chain %> chain = <%= @fn_chain %>
port = <%= @fn_port %> port = <%= @fn_port %>
fail2ban_agent = <%= @fn_fail2ban_agent %> fail2ban_agent = <%= @fn_fail2ban_agent %>
banaction = <%= @fn_banaction %> banaction = <%= @fn_banaction %>
banaction_allports = <%= @fn_banaction_allports %> banaction_allports = <%= @fn_banaction_allports %>
action_ = <%= @fn_action_ %> # available actions
action_mw = <%= @fn_action_mw %> action_ = <%= @fn_action_ %>
action_mw = <%= @fn_action_mw %>
action_mwl = <%= @fn_action_mwl %>
action_xarf = <%= @fn_action_xarf %>
action_cf_mwl = <%= @fn_action_cf_mwl %>
action_blocklist_de = <%= @fn_action_blocklist_de %>
action_badips = <%= @fn_action_badips %>
action_badips_report = <%= @fn_action_badips_report %>
# ban & send an e-mail with whois report and relevant log lines # Default action
# to the destemail. action = %(<%= @fn_default_action %>)s
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
# Report block via blocklist.de fail2ban reporting service API
#
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action. Create a file jail.d/blocklist_de.local containing
# [Init]
# blocklist_de_apikey = {api key from registration]
#
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
#
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
#
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s