/[smecontribs]/rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch
ViewVC logotype

Contents of /rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Apr 10 03:26:12 2019 UTC (5 years, 6 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-fail2ban-0_1_18-4_el6_sme, smeserver-fail2ban-0_1_18-3_el6_sme, smeserver-fail2ban-0_1_18-6_el6_sme, smeserver-fail2ban-0_1_18-5_el6_sme, smeserver-fail2ban-0_1_18-7_el6_sme, smeserver-fail2ban-0_1_18-9_el6_sme, smeserver-fail2ban-0_1_18-2_el6_sme, smeserver-fail2ban-0_1_18-8_el6_sme, smeserver-fail2ban-0_1_18-10_el6_sme, HEAD
* Tue Apr 09 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-2.sme
- add admin panel [SME: 10767]
- add wordpress jails and filters [SME: 9709]

1 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
2 --- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
3 +++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 2019-04-09 23:23:57.038000000 -0400
4 @@ -0,0 +1,68 @@
5 +{
6 +
7 +my $status = $fail2ban{'wordpress'} || 'disabled';
8 +return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
9 +my @ports = ();
10 +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
11 +push @ports, ($modSSL{'TCPPort'} || '443');
12 +my $port = join (",", @ports);
13 +
14 +my $wphbantime = $fail2ban{'WPHbantime'} || $bantime;
15 +my $wpsbantime = $fail2ban{'WPSbantime'} || $bantime;
16 +my $wpxbantime = $fail2ban{'WPXbantime'} || $bantime;
17 +my $wphfindtime = $fail2ban{'WPHfindtime'} || $findtime;
18 +my $wpsfindtime = $fail2ban{'WPSfindtime'} || $findtime;
19 +my $wpxfindtime = $fail2ban{'WPXfindtime'} || $findtime;
20 +my $wphmaxretry = $fail2ban{'WPHmaxretry'} || $maxretry;
21 +my $wpsmaxretry = $fail2ban{'WPSmaxretry'} || $maxretry;
22 +my $wpxmaxretry = $fail2ban{'WPXmaxretry'} || $maxretry;
23 +
24 +$OUT .=<<"EOF";
25 +
26 +[wordpress-hard]
27 +enabled = true
28 +filter = wordpress-hard
29 +logpath = /var/log/messages
30 +findtime = $wphfindtime
31 +maxretry = $wphmaxretry
32 +bantime = $wphbantime
33 +backend = polling
34 +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
35 +EOF
36 +$OUT .= " smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
37 + if ($mail eq 'enabled');
38 +
39 +
40 +$OUT .=<<"EOF";
41 +
42 +[wordpress-soft]
43 +enabled = true
44 +filter = wordpress-soft
45 +logpath = /var/log/messages
46 +findtime = $wpsfindtime
47 +maxretry = $wpsmaxretry
48 +bantime = $wpsbantime
49 +backend = polling
50 +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
51 +EOF
52 +$OUT .= " smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
53 + if ($mail eq 'enabled');
54 +
55 +
56 +$OUT .=<<"EOF";
57 +
58 +[apache-xmlrpc]
59 +enabled = true
60 +port = http,https
61 +filter = apache-xmlrpc
62 +logpath = /var/log/httpd/access_log
63 +findtime = $wpxfindtime
64 +maxretry = $wpxmaxretry
65 +bantime = $wpxbantime
66 +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
67 +EOF
68 +$OUT .= " smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
69 + if ($mail eq 'enabled');
70 +
71 +}
72 +
73 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
74 --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
75 +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 2019-04-09 22:58:52.245000000 -0400
76 @@ -0,0 +1,5 @@
77 +[Definition]
78 +failregex = ^<HOST> .*POST .*xmlrpc\.php.*
79 +ignoreregex =
80 +
81 +# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
82 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
83 --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf 1969-12-31 19:00:00.000000000 -0500
84 +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf 2019-04-09 22:53:33.432000000 -0400
85 @@ -0,0 +1,26 @@
86 +# Fail2Ban filter for WordPress hard failures
87 +#
88 +
89 +[INCLUDES]
90 +
91 +before = common.conf
92 +
93 +[Definition]
94 +
95 +_daemon = (?:wordpress|wp)
96 +
97 +failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
98 + ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
99 + ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
100 + ^%(__prefix_line)sPingback error .* generated from <HOST>$
101 + ^%(__prefix_line)sSpam comment \d+ from <HOST>$
102 + ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
103 + ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
104 +
105 +ignoreregex =
106 +
107 +# DEV Notes:
108 +# Requires the 'WP fail2ban' plugin:
109 +# https://wordpress.org/plugins/wp-fail2ban/
110 +#
111 +# Author: Charles Lecklider
112 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
113 --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf 1969-12-31 19:00:00.000000000 -0500
114 +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf 2019-04-09 22:53:19.722000000 -0400
115 @@ -0,0 +1,31 @@
116 +# Fail2Ban configuration file
117 +#
118 +# Author: Charles Lecklider
119 +#
120 +
121 +[INCLUDES]
122 +
123 +# Read common prefixes. If any customizations available -- read them from
124 +# common.local
125 +before = common.conf
126 +
127 +
128 +[Definition]
129 +
130 +_daemon = (?:wordpress|wp)
131 +
132 +# Option: failregex
133 +# Notes.: regex to match the password failures messages in the logfile. The
134 +# host must be matched by a group named "host". The tag "<HOST>" can
135 +# be used for standard IP/hostname matching and is only an alias for
136 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
137 +# Values: TEXT
138 +#
139 +failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
140 + ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
141 +
142 +# Option: ignoreregex
143 +# Notes.: regex to ignore. If this regex matches, the line is ignored.
144 +# Values: TEXT
145 +#
146 +ignoreregex =

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed