Skip to content

Instantly share code, notes, and snippets.

@Bouhnosaure

Bouhnosaure/fail2ban-install

Created November 22, 2015 17:30
Show Gist options
  • Save Bouhnosaure/32f51f0dc8a0f1636496 to your computer and use it in GitHub Desktop.
Save Bouhnosaure/32f51f0dc8a0f1636496 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
fail2ban-install
#!/bin/bash
echo '#################################'
echo '# #'
echo '# FAIL2BAN INSTALL #'
echo '# #'
echo '#################################'
echo ''
apt-get install fail2ban
service fail2ban stop
echo "entrez les ip a autoriser séparée par un espace"
read IPWL
echo "entrez votre mail"
read EMAIL
cat > /etc/fail2ban/jail.local << EOL
[DEFAULT]
ignoreip = 127.0.0.1 $IPWL
bantime = 33600
destemail = $EMAIL
banaction = iptables-multiport
action = %(action_mwl)s
# JAILS
[ssh]
enabled = true
maxretry = 3
[pam-generic]
enabled = true
banaction = iptables-allports
[ssh-ddos]
enabled = true
[webmin]
enabled = true
port = 10000,20000
filter = webmin-auth
banaction = iptables-multiport
action = %(action_mwl)s
logpath = /var/log/auth.log
maxretry = 3
[apache]
enabled = true
[apache-noscript]
enabled = true
port = http,https
banaction = iptables-multiport
action = %(action_mwl)s
[apache-overflows]
enabled = true
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
banaction = iptables-allports
action = %(action_mwl)s
logpath = /var/log/apache*/*access.log
maxretry = 1
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
banaction = iptables-multiport
action = %(action_mwl)s
logpath = /var/log/apache*/*access.log
maxretry = 1
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/log/apache*/*access.log
maxretry = 1
[exim]
enabled = true
filter = exim
port = smtp,ssmtp
logpath = /var/log/exim*/rejectlog
maxretry = 1
[apache-w00tw00t]
enabled = true
port = http,https
filter = apache-w00tw00t
banaction = iptables-allports
action = %(action_mwl)s
logpath = /var/log/apache*/*error.log
maxretry = 1
[apache-myadmin]
enabled = true
port = http,https
filter = apache-myadmin
banaction = iptables-allports
action = %(action_mwl)s
logpath = /var/log/apache*/*error.log
maxretry = 3
[pure-ftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3
EOL
cat > /etc/fail2ban/filter.d/apache-w00tw00t.conf << EOL
[Definition]
# Option: failregex
# Notes.: regex to match the w00tw00t scan messages in the logfile.
# Values: TEXT
failregex = ^.*\[client <HOST>\].*w00tw00t\.at\.ISC\.SANS\.DFind.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =
EOL
cat > /etc/fail2ban/filter.d/apache-myadmin.conf << EOL
[Definition]
failregex = ^[[]client <HOST>[]] File does not exist: *myadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *MyAdmin* *\s*$
^[[]client <HOST>[]] File does not exist: *mysqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *setup.php* *\s*$
^[[]client <HOST>[]] File does not exist: *mysql* *\s*$
^[[]client <HOST>[]] File does not exist: *phpmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *phpadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlweb* *\s*$
^[[]client <HOST>[]] File does not exist: *webdb* *\s*
ignoreregex =
EOL
service fail2ban start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment