/[smecontribs]/rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch
ViewVC logotype

Annotation of /rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Apr 10 03:26:12 2019 UTC (5 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-fail2ban-0_1_18-4_el6_sme, smeserver-fail2ban-0_1_18-3_el6_sme, smeserver-fail2ban-0_1_18-6_el6_sme, smeserver-fail2ban-0_1_18-5_el6_sme, smeserver-fail2ban-0_1_18-7_el6_sme, smeserver-fail2ban-0_1_18-9_el6_sme, smeserver-fail2ban-0_1_18-2_el6_sme, smeserver-fail2ban-0_1_18-8_el6_sme, smeserver-fail2ban-0_1_18-10_el6_sme, HEAD
* Tue Apr 09 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-2.sme
- add admin panel [SME: 10767]
- add wordpress jails and filters [SME: 9709]

1 jpp 1.1 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
2     --- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
3     +++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 2019-04-09 23:23:57.038000000 -0400
4     @@ -0,0 +1,68 @@
5     +{
6     +
7     +my $status = $fail2ban{'wordpress'} || 'disabled';
8     +return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
9     +my @ports = ();
10     +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
11     +push @ports, ($modSSL{'TCPPort'} || '443');
12     +my $port = join (",", @ports);
13     +
14     +my $wphbantime = $fail2ban{'WPHbantime'} || $bantime;
15     +my $wpsbantime = $fail2ban{'WPSbantime'} || $bantime;
16     +my $wpxbantime = $fail2ban{'WPXbantime'} || $bantime;
17     +my $wphfindtime = $fail2ban{'WPHfindtime'} || $findtime;
18     +my $wpsfindtime = $fail2ban{'WPSfindtime'} || $findtime;
19     +my $wpxfindtime = $fail2ban{'WPXfindtime'} || $findtime;
20     +my $wphmaxretry = $fail2ban{'WPHmaxretry'} || $maxretry;
21     +my $wpsmaxretry = $fail2ban{'WPSmaxretry'} || $maxretry;
22     +my $wpxmaxretry = $fail2ban{'WPXmaxretry'} || $maxretry;
23     +
24     +$OUT .=<<"EOF";
25     +
26     +[wordpress-hard]
27     +enabled = true
28     +filter = wordpress-hard
29     +logpath = /var/log/messages
30     +findtime = $wphfindtime
31     +maxretry = $wphmaxretry
32     +bantime = $wphbantime
33     +backend = polling
34     +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
35     +EOF
36     +$OUT .= " smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
37     + if ($mail eq 'enabled');
38     +
39     +
40     +$OUT .=<<"EOF";
41     +
42     +[wordpress-soft]
43     +enabled = true
44     +filter = wordpress-soft
45     +logpath = /var/log/messages
46     +findtime = $wpsfindtime
47     +maxretry = $wpsmaxretry
48     +bantime = $wpsbantime
49     +backend = polling
50     +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
51     +EOF
52     +$OUT .= " smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
53     + if ($mail eq 'enabled');
54     +
55     +
56     +$OUT .=<<"EOF";
57     +
58     +[apache-xmlrpc]
59     +enabled = true
60     +port = http,https
61     +filter = apache-xmlrpc
62     +logpath = /var/log/httpd/access_log
63     +findtime = $wpxfindtime
64     +maxretry = $wpxmaxretry
65     +bantime = $wpxbantime
66     +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
67     +EOF
68     +$OUT .= " smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
69     + if ($mail eq 'enabled');
70     +
71     +}
72     +
73     diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
74     --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
75     +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 2019-04-09 22:58:52.245000000 -0400
76     @@ -0,0 +1,5 @@
77     +[Definition]
78     +failregex = ^<HOST> .*POST .*xmlrpc\.php.*
79     +ignoreregex =
80     +
81     +# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
82     diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
83     --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf 1969-12-31 19:00:00.000000000 -0500
84     +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf 2019-04-09 22:53:33.432000000 -0400
85     @@ -0,0 +1,26 @@
86     +# Fail2Ban filter for WordPress hard failures
87     +#
88     +
89     +[INCLUDES]
90     +
91     +before = common.conf
92     +
93     +[Definition]
94     +
95     +_daemon = (?:wordpress|wp)
96     +
97     +failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
98     + ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
99     + ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
100     + ^%(__prefix_line)sPingback error .* generated from <HOST>$
101     + ^%(__prefix_line)sSpam comment \d+ from <HOST>$
102     + ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
103     + ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
104     +
105     +ignoreregex =
106     +
107     +# DEV Notes:
108     +# Requires the 'WP fail2ban' plugin:
109     +# https://wordpress.org/plugins/wp-fail2ban/
110     +#
111     +# Author: Charles Lecklider
112     diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
113     --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf 1969-12-31 19:00:00.000000000 -0500
114     +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf 2019-04-09 22:53:19.722000000 -0400
115     @@ -0,0 +1,31 @@
116     +# Fail2Ban configuration file
117     +#
118     +# Author: Charles Lecklider
119     +#
120     +
121     +[INCLUDES]
122     +
123     +# Read common prefixes. If any customizations available -- read them from
124     +# common.local
125     +before = common.conf
126     +
127     +
128     +[Definition]
129     +
130     +_daemon = (?:wordpress|wp)
131     +
132     +# Option: failregex
133     +# Notes.: regex to match the password failures messages in the logfile. The
134     +# host must be matched by a group named "host". The tag "<HOST>" can
135     +# be used for standard IP/hostname matching and is only an alias for
136     +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
137     +# Values: TEXT
138     +#
139     +failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
140     + ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
141     +
142     +# Option: ignoreregex
143     +# Notes.: regex to ignore. If this regex matches, the line is ignored.
144     +# Values: TEXT
145     +#
146     +ignoreregex =

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed