This commit is contained in:
phil 2023-11-04 13:19:13 +01:00
commit eeadd641a8
8 changed files with 76 additions and 0 deletions

4
README.md Normal file
View File

@ -0,0 +1,4 @@
Configure fail2ban
==================
This is a helper role with tasks and files missing from `Oefenweb.fail2ban`.

2
defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
fail2ban_database: /var/lib/fail2ban/fail2ban.sqlite3

View File

@ -0,0 +1,5 @@
# Ansible-Managed
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =

View File

@ -0,0 +1,5 @@
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

View File

@ -0,0 +1,21 @@
# Fail2Ban filter for postfix authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
# Author: Yaroslav Halchenko

View File

@ -0,0 +1,21 @@
# Fail2Ban filter for seafile
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = seaf-server
failregex = Login attempt limit reached.*, ip: <HOST>
ignoreregex =
# DEV Notes:
#
# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3

10
meta/main.yml Normal file
View File

@ -0,0 +1,10 @@
galaxy_info:
author: Sense.Lab admins
description: Configure fail2ban
company: Sense.Lab e.V.
license: PGLv3
min_ansible_version: "2.14"
platforms:
- name: Debian
versions:
- "bookworm"

8
tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: "Clear fail2ban database"
ansible.builtin.cron:
name: "Bereinige fail2ban-Datenbank"
minute: "1"
hour: "2"
day: "31"
job: sqlite3 '{{ fail2ban_database }}' "delete from bans where timeofban <= strftime('\%s', date('now', '-90 days'));" && sqlite3 '{{ fail2ban_database }}' "vacuum;" >/dev/null 2>&1