forked from evolix/ansible-roles
fail2ban: add wordpress filters
This commit is contained in:
parent
938aaa4ec1
commit
97e4abb37c
|
@ -2,3 +2,4 @@
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
fail2ban_alert_email: Null
|
fail2ban_alert_email: Null
|
||||||
fail2ban_ignore_ips: []
|
fail2ban_ignore_ips: []
|
||||||
|
fail2ban_wordpress: False
|
||||||
|
|
31
fail2ban/files/wordpress-hard.conf
Normal file
31
fail2ban/files/wordpress-hard.conf
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Fail2Ban configuration file soft
|
||||||
|
#
|
||||||
|
# Author: Charles Lecklider
|
||||||
|
#
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes. If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
_daemon = (?:wordpress|wp)
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
|
||||||
|
^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
33
fail2ban/files/wordpress-soft.conf
Normal file
33
fail2ban/files/wordpress-soft.conf
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Fail2Ban configuration file hard
|
||||||
|
#
|
||||||
|
# Author: Charles Lecklider
|
||||||
|
#
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes. If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
_daemon = (?:wordpress|wp)
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>( via XML-RPC)?$
|
||||||
|
^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>( via XML-RPC)?$
|
||||||
|
^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
|
||||||
|
^%(__prefix_line)sPingback error .* generated from <HOST>$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
|
@ -38,6 +38,8 @@
|
||||||
with_items:
|
with_items:
|
||||||
- dovecot-evolix.conf
|
- dovecot-evolix.conf
|
||||||
- sasl-evolix.conf
|
- sasl-evolix.conf
|
||||||
|
- wordpress-soft.conf
|
||||||
|
- wordpress-hard.conf
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
|
@ -26,3 +26,21 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
|
||||||
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
||||||
|
|
||||||
action = %(action_mwl)s
|
action = %(action_mwl)s
|
||||||
|
|
||||||
|
{% if fail2ban_wordpress %}
|
||||||
|
[wordpress-hard]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = wordpress-hard
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
maxretry = 1
|
||||||
|
findtime = 300
|
||||||
|
|
||||||
|
[wordpress-soft]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = wordpress-soft
|
||||||
|
logpath = /var/log/auth.log
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 300
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue