From eeadd641a8b89ddeff1cb4b19aaa2eb03f0bdc53 Mon Sep 17 00:00:00 2001 From: phil Date: Sat, 4 Nov 2023 13:19:13 +0100 Subject: [PATCH] Init --- README.md | 4 ++++ defaults/main.yml | 2 ++ files/filter.d/gitea.local | 5 +++++ files/filter.d/nextcloud.local | 5 +++++ files/filter.d/postfix-sasl.local | 21 +++++++++++++++++++++ files/filter.d/seafile.local | 21 +++++++++++++++++++++ meta/main.yml | 10 ++++++++++ tasks/main.yml | 8 ++++++++ 8 files changed, 76 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 files/filter.d/gitea.local create mode 100644 files/filter.d/nextcloud.local create mode 100644 files/filter.d/postfix-sasl.local create mode 100644 files/filter.d/seafile.local create mode 100644 meta/main.yml create mode 100644 tasks/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..a207491 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +Configure fail2ban +================== + +This is a helper role with tasks and files missing from `Oefenweb.fail2ban`. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e50a6f0 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +fail2ban_database: /var/lib/fail2ban/fail2ban.sqlite3 diff --git a/files/filter.d/gitea.local b/files/filter.d/gitea.local new file mode 100644 index 0000000..526d17b --- /dev/null +++ b/files/filter.d/gitea.local @@ -0,0 +1,5 @@ +# Ansible-Managed + +[Definition] +failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from +ignoreregex = diff --git a/files/filter.d/nextcloud.local b/files/filter.d/nextcloud.local new file mode 100644 index 0000000..3d2f8ae --- /dev/null +++ b/files/filter.d/nextcloud.local @@ -0,0 +1,5 @@ +[Definition] +_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) +failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. +datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" diff --git a/files/filter.d/postfix-sasl.local b/files/filter.d/postfix-sasl.local new file mode 100644 index 0000000..4a6ceaa --- /dev/null +++ b/files/filter.d/postfix-sasl.local @@ -0,0 +1,21 @@ +# Fail2Ban filter for postfix authentication failures +# + +[INCLUDES] + +before = common.conf + +[Definition] + +_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds] + +failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ + +ignoreregex = authentication failed: Connection lost to authentication server$ + +[Init] + +journalmatch = _SYSTEMD_UNIT=postfix.service + + +# Author: Yaroslav Halchenko diff --git a/files/filter.d/seafile.local b/files/filter.d/seafile.local new file mode 100644 index 0000000..11ae9a9 --- /dev/null +++ b/files/filter.d/seafile.local @@ -0,0 +1,21 @@ +# Fail2Ban filter for seafile +# + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + +[Definition] + +_daemon = seaf-server + +failregex = Login attempt limit reached.*, ip: + +ignoreregex = + +# DEV Notes: +# +# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: , ip: 1.2.3.4, attemps: 3 +# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3 diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..d00cf20 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,10 @@ +galaxy_info: + author: Sense.Lab admins + description: Configure fail2ban + company: Sense.Lab e.V. + license: PGLv3 + min_ansible_version: "2.14" + platforms: + - name: Debian + versions: + - "bookworm" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..42581c5 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: "Clear fail2ban database" + ansible.builtin.cron: + name: "Bereinige fail2ban-Datenbank" + minute: "1" + hour: "2" + day: "31" + job: sqlite3 '{{ fail2ban_database }}' "delete from bans where timeofban <= strftime('\%s', date('now', '-90 days'));" && sqlite3 '{{ fail2ban_database }}' "vacuum;" >/dev/null 2>&1