smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch

diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress     2019-04-09 23:23:57.038000000 -0400
@@ -0,0 +1,68 @@
+{
+
+my $status = $fail2ban{'wordpress'} || 'disabled';
+return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
+my @ports = ();
+push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
+push @ports, ($modSSL{'TCPPort'} || '443');
+my $port = join (",", @ports);
+
+my $wphbantime  = $fail2ban{'WPHbantime'} || $bantime;
+my $wpsbantime  = $fail2ban{'WPSbantime'} || $bantime;
+my $wpxbantime  = $fail2ban{'WPXbantime'} || $bantime;
+my $wphfindtime = $fail2ban{'WPHfindtime'} || $findtime;
+my $wpsfindtime = $fail2ban{'WPSfindtime'} || $findtime;
+my $wpxfindtime = $fail2ban{'WPXfindtime'} || $findtime;
+my $wphmaxretry = $fail2ban{'WPHmaxretry'} || $maxretry;
+my $wpsmaxretry = $fail2ban{'WPSmaxretry'} || $maxretry;
+my $wpxmaxretry = $fail2ban{'WPXmaxretry'} || $maxretry;
+
+$OUT .=<<"EOF";
+
+[wordpress-hard]
+enabled = true
+filter = wordpress-hard
+logpath = /var/log/messages
+findtime = $wphfindtime
+maxretry = $wphmaxretry
+bantime  = $wphbantime
+backend = polling
+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
+EOF
+$OUT .= "            smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+
+$OUT .=<<"EOF";
+
+[wordpress-soft]
+enabled  = true
+filter = wordpress-soft
+logpath = /var/log/messages
+findtime = $wpsfindtime
+maxretry = $wpsmaxretry
+bantime  = $wpsbantime
+backend = polling
+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
+EOF
+$OUT .= "            smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+
+$OUT .=<<"EOF";
+
+[apache-xmlrpc]
+enabled  = true
+port     = http,https
+filter   = apache-xmlrpc
+logpath  = /var/log/httpd/access_log
+findtime = $wpxfindtime
+maxretry = $wpxmaxretry
+bantime  = $wpxbantime
+action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
+EOF
+$OUT .= "           smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+}
+
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf     2019-04-09 22:58:52.245000000 -0400
@@ -0,0 +1,5 @@
+[Definition]
+failregex = ^<HOST> .*POST .*xmlrpc\.php.*
+ignoreregex =
+
+# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf    2019-04-09 22:53:33.432000000 -0400
@@ -0,0 +1,26 @@
+# Fail2Ban filter for WordPress hard failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+
+ignoreregex =
+
+# DEV Notes:
+# Requires the 'WP fail2ban' plugin:
+# https://wordpress.org/plugins/wp-fail2ban/
+#
+# Author: Charles Lecklider
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf    2019-04-09 22:53:19.722000000 -0400
@@ -0,0 +1,31 @@
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
1	jpp	1.1	diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
2			--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
3			+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 2019-04-09 23:23:57.038000000 -0400
4			@@ -0,0 +1,68 @@
5			+{
6			+
7			+my $status = $fail2ban{'wordpress'} \|\| 'disabled';
8			+return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
9			+my @ports = ();
10			+push @ports, (${'httpd-e-smith'}{'TCPPort'} \|\| '80');
11			+push @ports, ($modSSL{'TCPPort'} \|\| '443');
12			+my $port = join (",", @ports);
13			+
14			+my $wphbantime = $fail2ban{'WPHbantime'} \|\| $bantime;
15			+my $wpsbantime = $fail2ban{'WPSbantime'} \|\| $bantime;
16			+my $wpxbantime = $fail2ban{'WPXbantime'} \|\| $bantime;
17			+my $wphfindtime = $fail2ban{'WPHfindtime'} \|\| $findtime;
18			+my $wpsfindtime = $fail2ban{'WPSfindtime'} \|\| $findtime;
19			+my $wpxfindtime = $fail2ban{'WPXfindtime'} \|\| $findtime;
20			+my $wphmaxretry = $fail2ban{'WPHmaxretry'} \|\| $maxretry;
21			+my $wpsmaxretry = $fail2ban{'WPSmaxretry'} \|\| $maxretry;
22			+my $wpxmaxretry = $fail2ban{'WPXmaxretry'} \|\| $maxretry;
23			+
24			+$OUT .=<<"EOF";
25			+
26			+[wordpress-hard]
27			+enabled = true
28			+filter = wordpress-hard
29			+logpath = /var/log/messages
30			+findtime = $wphfindtime
31			+maxretry = $wphmaxretry
32			+bantime = $wphbantime
33			+backend = polling
34			+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
35			+EOF
36			+$OUT .= " smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
37			+ if ($mail eq 'enabled');
38			+
39			+
40			+$OUT .=<<"EOF";
41			+
42			+[wordpress-soft]
43			+enabled = true
44			+filter = wordpress-soft
45			+logpath = /var/log/messages
46			+findtime = $wpsfindtime
47			+maxretry = $wpsmaxretry
48			+bantime = $wpsbantime
49			+backend = polling
50			+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
51			+EOF
52			+$OUT .= " smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
53			+ if ($mail eq 'enabled');
54			+
55			+
56			+$OUT .=<<"EOF";
57			+
58			+[apache-xmlrpc]
59			+enabled = true
60			+port = http,https
61			+filter = apache-xmlrpc
62			+logpath = /var/log/httpd/access_log
63			+findtime = $wpxfindtime
64			+maxretry = $wpxmaxretry
65			+bantime = $wpxbantime
66			+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
67			+EOF
68			+$OUT .= " smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
69			+ if ($mail eq 'enabled');
70			+
71			+}
72			+
73			diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
74			--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
75			+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 2019-04-09 22:58:52.245000000 -0400
76			@@ -0,0 +1,5 @@
77			+[Definition]
78			+failregex = ^<HOST> .POST .xmlrpc\.php.*
79			+ignoreregex =
80			+
81			+# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
82			diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
83			--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf 1969-12-31 19:00:00.000000000 -0500
84			+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf 2019-04-09 22:53:33.432000000 -0400
85			@@ -0,0 +1,26 @@
86			+# Fail2Ban filter for WordPress hard failures
87			+#
88			+
89			+[INCLUDES]
90			+
91			+before = common.conf
92			+
93			+[Definition]
94			+
95			+_daemon = (?:wordpress\|wp)
96			+
97			+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
98			+ ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
99			+ ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
100			+ ^%(__prefix_line)sPingback error .* generated from <HOST>$
101			+ ^%(__prefix_line)sSpam comment \d+ from <HOST>$
102			+ ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
103			+ ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
104			+
105			+ignoreregex =
106			+
107			+# DEV Notes:
108			+# Requires the 'WP fail2ban' plugin:
109			+# https://wordpress.org/plugins/wp-fail2ban/
110			+#
111			+# Author: Charles Lecklider
112			diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
113			--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf 1969-12-31 19:00:00.000000000 -0500
114			+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf 2019-04-09 22:53:19.722000000 -0400
115			@@ -0,0 +1,31 @@
116			+# Fail2Ban configuration file
117			+#
118			+# Author: Charles Lecklider
119			+#
120			+
121			+[INCLUDES]
122			+
123			+# Read common prefixes. If any customizations available -- read them from
124			+# common.local
125			+before = common.conf
126			+
127			+
128			+[Definition]
129			+
130			+_daemon = (?:wordpress\|wp)
131			+
132			+# Option: failregex
133			+# Notes.: regex to match the password failures messages in the logfile. The
134			+# host must be matched by a group named "host". The tag "<HOST>" can
135			+# be used for standard IP/hostname matching and is only an alias for
136			+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
137			+# Values: TEXT
138			+#
139			+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
140			+ ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
141			+
142			+# Option: ignoreregex
143			+# Notes.: regex to ignore. If this regex matches, the line is ignored.
144			+# Values: TEXT
145			+#
146			+ignoreregex =