smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz9709-wordpress.patch

diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress     2019-04-09 23:23:57.038000000 -0400
@@ -0,0 +1,68 @@
+{
+
+my $status = $fail2ban{'wordpress'} || 'disabled';
+return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
+my @ports = ();
+push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
+push @ports, ($modSSL{'TCPPort'} || '443');
+my $port = join (",", @ports);
+
+my $wphbantime  = $fail2ban{'WPHbantime'} || $bantime;
+my $wpsbantime  = $fail2ban{'WPSbantime'} || $bantime;
+my $wpxbantime  = $fail2ban{'WPXbantime'} || $bantime;
+my $wphfindtime = $fail2ban{'WPHfindtime'} || $findtime;
+my $wpsfindtime = $fail2ban{'WPSfindtime'} || $findtime;
+my $wpxfindtime = $fail2ban{'WPXfindtime'} || $findtime;
+my $wphmaxretry = $fail2ban{'WPHmaxretry'} || $maxretry;
+my $wpsmaxretry = $fail2ban{'WPSmaxretry'} || $maxretry;
+my $wpxmaxretry = $fail2ban{'WPXmaxretry'} || $maxretry;
+
+$OUT .=<<"EOF";
+
+[wordpress-hard]
+enabled = true
+filter = wordpress-hard
+logpath = /var/log/messages
+findtime = $wphfindtime
+maxretry = $wphmaxretry
+bantime  = $wphbantime
+backend = polling
+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
+EOF
+$OUT .= "            smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+
+$OUT .=<<"EOF";
+
+[wordpress-soft]
+enabled  = true
+filter = wordpress-soft
+logpath = /var/log/messages
+findtime = $wpsfindtime
+maxretry = $wpsmaxretry
+bantime  = $wpsbantime
+backend = polling
+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
+EOF
+$OUT .= "            smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+
+$OUT .=<<"EOF";
+
+[apache-xmlrpc]
+enabled  = true
+port     = http,https
+filter   = apache-xmlrpc
+logpath  = /var/log/httpd/access_log
+findtime = $wpxfindtime
+maxretry = $wpxmaxretry
+bantime  = $wpxbantime
+action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
+EOF
+$OUT .= "           smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
+    if ($mail eq 'enabled');
+
+}
+
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf     2019-04-09 22:58:52.245000000 -0400
@@ -0,0 +1,5 @@
+[Definition]
+failregex = ^<HOST> .*POST .*xmlrpc\.php.*
+ignoreregex =
+
+# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf    2019-04-09 22:53:33.432000000 -0400
@@ -0,0 +1,26 @@
+# Fail2Ban filter for WordPress hard failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
+            ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
+            ^%(__prefix_line)sPingback error .* generated from <HOST>$
+            ^%(__prefix_line)sSpam comment \d+ from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
+
+ignoreregex =
+
+# DEV Notes:
+# Requires the 'WP fail2ban' plugin:
+# https://wordpress.org/plugins/wp-fail2ban/
+#
+# Author: Charles Lecklider
diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf    2019-04-09 22:53:19.722000000 -0400
@@ -0,0 +1,31 @@
+# Fail2Ban configuration file
+#
+# Author: Charles Lecklider
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = (?:wordpress|wp)
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
+            ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
1	diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress
2	--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 1969-12-31 19:00:00.000000000 -0500
3	+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress 2019-04-09 23:23:57.038000000 -0400
4	@@ -0,0 +1,68 @@
5	+{
6	+
7	+my $status = $fail2ban{'wordpress'} \|\| 'disabled';
8	+return "\n# wordpress disabled \n" if ($status ne 'enabled') ;
9	+my @ports = ();
10	+push @ports, (${'httpd-e-smith'}{'TCPPort'} \|\| '80');
11	+push @ports, ($modSSL{'TCPPort'} \|\| '443');
12	+my $port = join (",", @ports);
13	+
14	+my $wphbantime = $fail2ban{'WPHbantime'} \|\| $bantime;
15	+my $wpsbantime = $fail2ban{'WPSbantime'} \|\| $bantime;
16	+my $wpxbantime = $fail2ban{'WPXbantime'} \|\| $bantime;
17	+my $wphfindtime = $fail2ban{'WPHfindtime'} \|\| $findtime;
18	+my $wpsfindtime = $fail2ban{'WPSfindtime'} \|\| $findtime;
19	+my $wpxfindtime = $fail2ban{'WPXfindtime'} \|\| $findtime;
20	+my $wphmaxretry = $fail2ban{'WPHmaxretry'} \|\| $maxretry;
21	+my $wpsmaxretry = $fail2ban{'WPSmaxretry'} \|\| $maxretry;
22	+my $wpxmaxretry = $fail2ban{'WPXmaxretry'} \|\| $maxretry;
23	+
24	+$OUT .=<<"EOF";
25	+
26	+[wordpress-hard]
27	+enabled = true
28	+filter = wordpress-hard
29	+logpath = /var/log/messages
30	+findtime = $wphfindtime
31	+maxretry = $wphmaxretry
32	+bantime = $wphbantime
33	+backend = polling
34	+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime]
35	+EOF
36	+$OUT .= " smeserver-sendmail[name="Wordpress (hard)",dest=$maildest]\n"
37	+ if ($mail eq 'enabled');
38	+
39	+
40	+$OUT .=<<"EOF";
41	+
42	+[wordpress-soft]
43	+enabled = true
44	+filter = wordpress-soft
45	+logpath = /var/log/messages
46	+findtime = $wpsfindtime
47	+maxretry = $wpsmaxretry
48	+bantime = $wpsbantime
49	+backend = polling
50	+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime]
51	+EOF
52	+$OUT .= " smeserver-sendmail[name="Wordpress (soft)",dest=$maildest]\n"
53	+ if ($mail eq 'enabled');
54	+
55	+
56	+$OUT .=<<"EOF";
57	+
58	+[apache-xmlrpc]
59	+enabled = true
60	+port = http,https
61	+filter = apache-xmlrpc
62	+logpath = /var/log/httpd/access_log
63	+findtime = $wpxfindtime
64	+maxretry = $wpxmaxretry
65	+bantime = $wpxbantime
66	+action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime]
67	+EOF
68	+$OUT .= " smeserver-sendmail[name="Wordpress (xmlrpc)",dest=$maildest]\n"
69	+ if ($mail eq 'enabled');
70	+
71	+}
72	+
73	diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf
74	--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 1969-12-31 19:00:00.000000000 -0500
75	+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-xmlrpc.conf 2019-04-09 22:58:52.245000000 -0400
76	@@ -0,0 +1,5 @@
77	+[Definition]
78	+failregex = ^<HOST> .POST .xmlrpc\.php.*
79	+ignoreregex =
80	+
81	+# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/
82	diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf
83	--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-hard.conf 1969-12-31 19:00:00.000000000 -0500
84	+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-hard.conf 2019-04-09 22:53:33.432000000 -0400
85	@@ -0,0 +1,26 @@
86	+# Fail2Ban filter for WordPress hard failures
87	+#
88	+
89	+[INCLUDES]
90	+
91	+before = common.conf
92	+
93	+[Definition]
94	+
95	+_daemon = (?:wordpress\|wp)
96	+
97	+failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from <HOST>$
98	+ ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
99	+ ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
100	+ ^%(__prefix_line)sPingback error .* generated from <HOST>$
101	+ ^%(__prefix_line)sSpam comment \d+ from <HOST>$
102	+ ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from <HOST>$
103	+ ^%(__prefix_line)sXML-RPC multicall authentication failure from <HOST>$
104	+
105	+ignoreregex =
106	+
107	+# DEV Notes:
108	+# Requires the 'WP fail2ban' plugin:
109	+# https://wordpress.org/plugins/wp-fail2ban/
110	+#
111	+# Author: Charles Lecklider
112	diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf
113	--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/wordpress-soft.conf 1969-12-31 19:00:00.000000000 -0500
114	+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/wordpress-soft.conf 2019-04-09 22:53:19.722000000 -0400
115	@@ -0,0 +1,31 @@
116	+# Fail2Ban configuration file
117	+#
118	+# Author: Charles Lecklider
119	+#
120	+
121	+[INCLUDES]
122	+
123	+# Read common prefixes. If any customizations available -- read them from
124	+# common.local
125	+before = common.conf
126	+
127	+
128	+[Definition]
129	+
130	+_daemon = (?:wordpress\|wp)
131	+
132	+# Option: failregex
133	+# Notes.: regex to match the password failures messages in the logfile. The
134	+# host must be matched by a group named "host". The tag "<HOST>" can
135	+# be used for standard IP/hostname matching and is only an alias for
136	+# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
137	+# Values: TEXT
138	+#
139	+failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
140	+ ^%(__prefix_line)sXML-RPC authentication failure from <HOST>$
141	+
142	+# Option: ignoreregex
143	+# Notes.: regex to ignore. If this regex matches, the line is ignored.
144	+# Values: TEXT
145	+#
146	+ignoreregex =