Init

2023-11-04 13:19:13 +01:00 · 2023-11-04 13:19:13 +01:00 · eeadd641a8
commit eeadd641a8
8 changed files with 76 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,4 @@
+Configure fail2ban
+==================
+
+This is a helper role with tasks and files missing from `Oefenweb.fail2ban`.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,2 @@
+---
+fail2ban_database: /var/lib/fail2ban/fail2ban.sqlite3
--- a/files/filter.d/gitea.local
+++ b/files/filter.d/gitea.local
@ -0,0 +1,5 @@
+# Ansible-Managed
+
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =
--- a/files/filter.d/nextcloud.local
+++ b/files/filter.d/nextcloud.local
@ -0,0 +1,5 @@
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
--- a/files/filter.d/postfix-sasl.local
+++ b/files/filter.d/postfix-sasl.local
@ -0,0 +1,21 @@
+# Fail2Ban filter for postfix authentication failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
+
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
+
+ignoreregex = authentication failed: Connection lost to authentication server$
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=postfix.service
+
+
+# Author: Yaroslav Halchenko
--- a/files/filter.d/seafile.local
+++ b/files/filter.d/seafile.local
@ -0,0 +1,21 @@
+# Fail2Ban filter for seafile
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = seaf-server
+
+failregex = Login attempt limit reached.*, ip: <HOST>
+
+ignoreregex =
+
+# DEV Notes:
+#
+# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
+#        2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,10 @@
+galaxy_info:
+  author: Sense.Lab admins
+  description: Configure fail2ban
+  company: Sense.Lab e.V.
+  license: PGLv3
+  min_ansible_version: "2.14"
+  platforms:
+    - name: Debian
+      versions:
+        - "bookworm"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,8 @@
+---
+- name: "Clear fail2ban database"
+  ansible.builtin.cron:
+    name: "Bereinige fail2ban-Datenbank"
+    minute: "1"
+    hour: "2"
+    day: "31"
+    job: sqlite3 '{{ fail2ban_database }}' "delete from bans where timeofban <= strftime('\%s', date('now', '-90 days'));" && sqlite3 '{{ fail2ban_database }}' "vacuum;" >/dev/null 2>&1