Add Fail2ban configs and setup to installer
Start with dovecot, then move on to ftp, and other services. (working in Debian Squeeze but fail2ban uses common config directories on all servers.) This is a starting patch to get the ball rolling
Index: install/tpl/dovecot_fail2ban_jail.local.master
--- install/tpl/dovecot_fail2ban_jail.local.master (revision 0) +++ install/tpl/dovecot_fail2ban_jail.local.master (revision 0) @@ -0,0 +1,10 @@ +[dovecot-pop3imap] +enabled = true +filter = dovecot-pop3imap +action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] +# optionaly mail notification # mail[name=dovecot-pop3imap, dest=root@domain] # see /etc/fail2ban/action.d/ or Fail2Ban doc +logpath = /var/log/maillog +maxretry = 20 +findtime = 1200 +bantime = 1200 + Index: install/tpl/dovecot-pop3imap.conf.master
--- install/tpl/dovecot-pop3imap.conf.master (revision 0) +++ install/tpl/dovecot-pop3imap.conf.master (revision 0) @@ -0,0 +1,3 @@ +[Definition] +failregex = (?: pop3-login|imap-login): .(?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed).rip=(?P\S),. +ignoreregex = Index: install/dist/lib/debian60.lib.php
--- install/dist/lib/debian60.lib.php (revision 2341)
+++ install/dist/lib/debian60.lib.php (working copy)
@@ -95,6 +95,9 @@
chown(config_dir.'/'.
configfile, 'root');
chgrp(config_dir.'/'.
configfile, 'root');
-
copy('tpl/dovecot-pop3imap.conf.master',"/etc/fail2ban/filter.d/dovecot-pop3imap.conf");
-
copy('tpl/dovecot_fail2ban_jail.local.master','/etc/fail2ban/jail.local');
-
} public function configure_apache() {
@@ -104,7 +107,6 @@
parent::configure_apache();
}
}
-?> +?> \ No newline at end of file Index: install/lib/installer_base.lib.php
--- install/lib/installer_base.lib.php (revision 2341) +++ install/lib/installer_base.lib.php (working copy) @@ -133,6 +133,7 @@ if(is_installed('squid')) $conf['squid']['installed'] = true; if(is_installed('nginx')) $conf['nginx']['installed'] = true; if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
-
if(is_installed('fail2ban')) $conf['fail2ban']['installed'] = true; if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true; if ($conf['services']['web'] && $conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) $this->ispconfig_interface_installed = true;
@@ -1898,4 +1899,4 @@ } }
-?> +?> \ No newline at end of file