From 49aef0810a4c953f3aa34af95b00ca9dd9b5f5d0 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 3 Oct 2016 12:22:55 -0400 Subject: Fixed filename export process in scrub.py --- company/fail2ban-files/filter.d/20_bju-blns.filter | 32 ---------------------- .../fail2ban-files/filter.d/20_example-blns.filter | 32 ++++++++++++++++++++++ company/fail2ban-files/filter.d/30_bju-max3.filter | 13 --------- .../fail2ban-files/filter.d/30_example-max3.filter | 13 +++++++++ 4 files changed, 45 insertions(+), 45 deletions(-) delete mode 100644 company/fail2ban-files/filter.d/20_bju-blns.filter create mode 100644 company/fail2ban-files/filter.d/20_example-blns.filter delete mode 100644 company/fail2ban-files/filter.d/30_bju-max3.filter create mode 100644 company/fail2ban-files/filter.d/30_example-max3.filter (limited to 'company/fail2ban-files/filter.d') diff --git a/company/fail2ban-files/filter.d/20_bju-blns.filter b/company/fail2ban-files/filter.d/20_bju-blns.filter deleted file mode 100644 index c39cefa..0000000 --- a/company/fail2ban-files/filter.d/20_bju-blns.filter +++ /dev/null @@ -1,32 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/filter.d/20_example-blns.filter -# Source: ansible bgstack15-fail2ban/files/example-blns.filter -# Date: 2016-04-19 -# Reference: -# NOTE: This file is managed via Ansible: manual changes will be lost - -[Definition] -failregex = ^.*.*(GET|POST).*/etc/passwd.*$ - ^.*.*(GET|POST).*/etc/group.*$ - ^.*.*(GET|POST).*/etc/hosts.*$ - ^.*.*(GET|POST).*/proc/self/environ.*$ - ^.*.*(GET|POST).*(?i)admin.*admin.*$ - ^.*.*(GET|POST).*(?i)(php|db|pma|web|sql).*admin.*$ - ^.*.*(GET|POST).*(?i)admin.*(php|db|pma|web|sql).*$ - ^.*.*(GET|POST).*(?i)DELETE_comment.*$ - ^.*.*(GET|POST).*(?i)pma/scripts.*setup.*$ - ^.*.*(GET|POST).*(?i)pma([0-9]{4})?/? HTTP.*$ - ^.*.*(GET|POST).*(?i)(database|myadmin|mysql)/? HTTP.*$ - ^.*.*(GET|POST).*(?i)(dbweb|webdb|websql|sqlweb).*$ - ^.*.*(GET|POST).*(?i)(my)?sql.*manager.*$ - ^.*.*(GET|POST).*(?i)wp-(admin|login|signup|config).*$ - ^.*.*(GET|POST).*president/.*wp-cron\.php*$ - ^.*.*(GET|POST).*w00t.*blackhats.*$ - ^.*.*(GET|POST).*\+\+liker.profile_URL\+\+.*$ - ^.*.*(GET|POST).*muieblackcat.*$ - ^.*.*(GET|POST).*(?i)ldlogon.*$ - ^.*.*(GET|POST).*(?i)\.cobalt$ - ^.*.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ - ^.*.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ - ^.*.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ - -ignoreregex = diff --git a/company/fail2ban-files/filter.d/20_example-blns.filter b/company/fail2ban-files/filter.d/20_example-blns.filter new file mode 100644 index 0000000..c39cefa --- /dev/null +++ b/company/fail2ban-files/filter.d/20_example-blns.filter @@ -0,0 +1,32 @@ +# Ansible controlled filename: /etc/fail2ban/filter.d/20_example-blns.filter +# Source: ansible bgstack15-fail2ban/files/example-blns.filter +# Date: 2016-04-19 +# Reference: +# NOTE: This file is managed via Ansible: manual changes will be lost + +[Definition] +failregex = ^.*.*(GET|POST).*/etc/passwd.*$ + ^.*.*(GET|POST).*/etc/group.*$ + ^.*.*(GET|POST).*/etc/hosts.*$ + ^.*.*(GET|POST).*/proc/self/environ.*$ + ^.*.*(GET|POST).*(?i)admin.*admin.*$ + ^.*.*(GET|POST).*(?i)(php|db|pma|web|sql).*admin.*$ + ^.*.*(GET|POST).*(?i)admin.*(php|db|pma|web|sql).*$ + ^.*.*(GET|POST).*(?i)DELETE_comment.*$ + ^.*.*(GET|POST).*(?i)pma/scripts.*setup.*$ + ^.*.*(GET|POST).*(?i)pma([0-9]{4})?/? HTTP.*$ + ^.*.*(GET|POST).*(?i)(database|myadmin|mysql)/? HTTP.*$ + ^.*.*(GET|POST).*(?i)(dbweb|webdb|websql|sqlweb).*$ + ^.*.*(GET|POST).*(?i)(my)?sql.*manager.*$ + ^.*.*(GET|POST).*(?i)wp-(admin|login|signup|config).*$ + ^.*.*(GET|POST).*president/.*wp-cron\.php*$ + ^.*.*(GET|POST).*w00t.*blackhats.*$ + ^.*.*(GET|POST).*\+\+liker.profile_URL\+\+.*$ + ^.*.*(GET|POST).*muieblackcat.*$ + ^.*.*(GET|POST).*(?i)ldlogon.*$ + ^.*.*(GET|POST).*(?i)\.cobalt$ + ^.*.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ + ^.*.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ + ^.*.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ + +ignoreregex = diff --git a/company/fail2ban-files/filter.d/30_bju-max3.filter b/company/fail2ban-files/filter.d/30_bju-max3.filter deleted file mode 100644 index af692af..0000000 --- a/company/fail2ban-files/filter.d/30_bju-max3.filter +++ /dev/null @@ -1,13 +0,0 @@ -# Ansible controlled filename: /etc/fail2ban/filter.d/30_example-max3.filter -# Source: ansible bgstack15-fail2ban/files/example-max3.filter -# Date: 2016-07-12 -# Reference: example-blns.filter -# NOTE: This file is managed via Ansible: manual changes will be lost - -[Definition] -failregex = ^.*.*(GET|POST).*(?i)\.cobalt$ - ^.*.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ - ^.*.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ - ^.*.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ - -ignoreregex = diff --git a/company/fail2ban-files/filter.d/30_example-max3.filter b/company/fail2ban-files/filter.d/30_example-max3.filter new file mode 100644 index 0000000..af692af --- /dev/null +++ b/company/fail2ban-files/filter.d/30_example-max3.filter @@ -0,0 +1,13 @@ +# Ansible controlled filename: /etc/fail2ban/filter.d/30_example-max3.filter +# Source: ansible bgstack15-fail2ban/files/example-max3.filter +# Date: 2016-07-12 +# Reference: example-blns.filter +# NOTE: This file is managed via Ansible: manual changes will be lost + +[Definition] +failregex = ^.*.*(GET|POST).*(?i)\.cobalt$ + ^.*.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$ + ^.*.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$ + ^.*.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$ + +ignoreregex = -- cgit