diff options
Diffstat (limited to 'company.example/fail2ban-files')
7 files changed, 0 insertions, 144 deletions
diff --git a/company.example/fail2ban-files/filter.d/20_example-blns.filter b/company.example/fail2ban-files/filter.d/20_example-blns.filter deleted file mode 100644 index c39cefa..0000000 --- a/company.example/fail2ban-files/filter.d/20_example-blns.filter +++ /dev/null @@ -1,32 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/filter.d/20_example-blns.filter -# Source: ansible bgstack15-fail2ban/files/example-blns.filter -# Date: 2016-04-19 -# Reference: -# NOTE: This file is managed via Ansible: manual changes will be lost - -[Definition] -failregex = ^.*<HOST>.*(GET|POST).*/etc/passwd.*$ - ^.*<HOST>.*(GET|POST).*/etc/group.*$ - ^.*<HOST>.*(GET|POST).*/etc/hosts.*$ - ^.*<HOST>.*(GET|POST).*/proc/self/environ.*$ - ^.*<HOST>.*(GET|POST).*(?i)admin.*admin.*$ - ^.*<HOST>.*(GET|POST).*(?i)(php|db|pma|web|sql).*admin.*$ - ^.*<HOST>.*(GET|POST).*(?i)admin.*(php|db|pma|web|sql).*$ - ^.*<HOST>.*(GET|POST).*(?i)DELETE_comment.*$ - ^.*<HOST>.*(GET|POST).*(?i)pma/scripts.*setup.*$ - ^.*<HOST>.*(GET|POST).*(?i)pma([0-9]{4})?/? HTTP.*$ - ^.*<HOST>.*(GET|POST).*(?i)(database|myadmin|mysql)/? HTTP.*$ - ^.*<HOST>.*(GET|POST).*(?i)(dbweb|webdb|websql|sqlweb).*$ - ^.*<HOST>.*(GET|POST).*(?i)(my)?sql.*manager.*$ - ^.*<HOST>.*(GET|POST).*(?i)wp-(admin|login|signup|config).*$ - ^.*<HOST>.*(GET|POST).*president/.*wp-cron\.php*$ - ^.*<HOST>.*(GET|POST).*w00t.*blackhats.*$ - ^.*<HOST>.*(GET|POST).*\+\+liker.profile_URL\+\+.*$ - ^.*<HOST>.*(GET|POST).*muieblackcat.*$ - ^.*<HOST>.*(GET|POST).*(?i)ldlogon.*$ - ^.*<HOST>.*(GET|POST).*(?i)\.cobalt$ - ^.*<HOST>.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ - ^.*<HOST>.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ - ^.*<HOST>.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ - -ignoreregex = diff --git a/company.example/fail2ban-files/filter.d/30_example-max3.filter b/company.example/fail2ban-files/filter.d/30_example-max3.filter deleted file mode 100644 index af692af..0000000 --- a/company.example/fail2ban-files/filter.d/30_example-max3.filter +++ /dev/null @@ -1,13 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/filter.d/30_example-max3.filter -# Source: ansible bgstack15-fail2ban/files/example-max3.filter -# Date: 2016-07-12 -# Reference: example-blns.filter -# NOTE: This file is managed via Ansible: manual changes will be lost - -[Definition] -failregex = ^.*<HOST>.*(GET|POST).*(?i)\.cobalt$ - ^.*<HOST>.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ - ^.*<HOST>.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ - ^.*<HOST>.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ - -ignoreregex = diff --git a/company.example/fail2ban-files/filter.d/60_sshd.filter b/company.example/fail2ban-files/filter.d/60_sshd.filter deleted file mode 100644 index 33b8ba8..0000000 --- a/company.example/fail2ban-files/filter.d/60_sshd.filter +++ /dev/null @@ -1,31 +0,0 @@ -# Ansible-controlled filename: /etc/fail2ban/filter.d/60_sshd.filter -# Source: ansible bgstack15-fail2ban/files/sshd.filter -# Date: 2016-06-23 -# Reference: Ubuntu 16.04 fail2ban package sshd filter -# NOTE: This file is managed via Ansible: manual changes will be lost - -[INCLUDES] -before = common.conf - -[Definition] -_daemon = sshd -failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$ - ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ - ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$ - ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ - ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ - ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$ - ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$ - ^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$ - ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ - ^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$ - ^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$ - ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ - ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$ - ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$ - ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$ - ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$ -ignoreregex = -[Init] -maxlines = 10 -journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd diff --git a/company.example/fail2ban-files/jail.d/00_default.jail b/company.example/fail2ban-files/jail.d/00_default.jail deleted file mode 100644 index 71cd3e8..0000000 --- a/company.example/fail2ban-files/jail.d/00_default.jail +++ /dev/null @@ -1,10 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/jail.d/00_default.filter -# Source: ansible bgstack15-fail2ban/files/00_default.conf -# Date: 2016-06-23 -# Reference: -# NOTE: This file is managed via Ansible: manual changes will be lost - -[DEFAULT] -ignoreip = 127.0.0.1/8 203.0.0.0/16 10.0.0.0/8 192.168.0.0/16 204.13.201.0/24 64.37.231.0/24 -# TrustKeeper Vulnerability Scan IPs = 204.13.201.0/24 64.37.231.0/24 - diff --git a/company.example/fail2ban-files/jail.d/20_example-blns.jail b/company.example/fail2ban-files/jail.d/20_example-blns.jail deleted file mode 100644 index eb1d1c9..0000000 --- a/company.example/fail2ban-files/jail.d/20_example-blns.jail +++ /dev/null @@ -1,21 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/jail.d/20_example-blns.jail -# Source: ansible bgstack15-fail2ban/files/example-blns.jail -# Date: 2016-04-19 -# Reference: -# NOTE: This file is managed via Ansible: manual changes will be lost - -[example-blns] -enabled = true -action = iptables-allports - sendmail[name=exampleblns, dest=linuxadmin@example.com] -filter = 20_example-blns -logpath = /var/log/httpd/access_log - /var/log/httpd/error_log - /var/log/httpd/ssl_access_log - /var/log/httpd/ssl_error_log - /var/log/apache2/access_log - /var/log/apache2/error_log - /var/log/apache2/ssl_access_log - /var/log/apache2/ssl_error_log -maxretry = 1 -bantime = 86400 diff --git a/company.example/fail2ban-files/jail.d/30_example-max3.jail b/company.example/fail2ban-files/jail.d/30_example-max3.jail deleted file mode 100644 index 6ca7781..0000000 --- a/company.example/fail2ban-files/jail.d/30_example-max3.jail +++ /dev/null @@ -1,21 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/jail.d/30_example-max3.jail -# Source: ansible bgstack15-fail2ban/files/example-max3.jail -# Date: 2016-07-12 -# Reference: example-blns.jail -# NOTE: This file is managed via Ansible: manual changes will be lost - -[example-max3] -enabled = true -action = iptables-allports - sendmail[name=examplemax3, dest=linuxadmin@example.com] -filter = 30_example-max3 -logpath = /var/log/httpd/access_log - /var/log/httpd/error_log - /var/log/httpd/ssl_access_log - /var/log/httpd/ssl_error_log - /var/log/apache2/access_log - /var/log/apache2/error_log - /var/log/apache2/ssl_access_log - /var/log/apache2/ssl_error_log -maxretry = 3 -bantime = 86400 diff --git a/company.example/fail2ban-files/jail.d/60_sshd.jail b/company.example/fail2ban-files/jail.d/60_sshd.jail deleted file mode 100644 index aeb2751..0000000 --- a/company.example/fail2ban-files/jail.d/60_sshd.jail +++ /dev/null @@ -1,16 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/jail.d/60_sshd.jail -# Source: ansible bgstack15-fail2ban/files/sshd.jail -# Date: 2016-06-23 -# Reference: Ubuntu 16.04 fail2ban package sshd jail -# NOTE: This file is managed via Ansible: manual changes will be lost - -[ssh-iptables] - -enabled = true -filter = sshd -action = iptables[name=SSH, port=ssh, protocol=tcp] - sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] -logpath = %(sshd_log)s -maxretry = 5 - -ignoreip = 203.0.193.232/24 |