4 years ago · 3315bf6c00
--- a/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
+++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
@@ -0,0 +1,20 @@
 
				+# Fail2Ban configuration file
			
 
				+#
			
 
				+# Regexp to catch known spambots and software alike. Please verify
			
 
				+# that it is your intent to block IPs which were driven by
			
 
				+# above mentioned bots.
			
 
				+
			
 
				+
			
 
				+[Definition]
			
 
				+
			
 
				+# To test, you can inject this example into log
			
 
				+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
			
 
				+#
			
 
				+# then 
			
 
				+# fail2ban-client status web-dol-bruteforce 
			
 
				+#
			
 
				+# To test rule file on a existing log file
			
 
				+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf
			
 
				+
			
 
				+failregex = ^ [A-Z\s]+ <HOST>\s+functions_dolibarr::check_user_password_.* Authentication KO
			
 
				+ignoreregex =
			
--- a/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
+++ b/dev/setup/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
@@ -0,0 +1,20 @@
 
				+# Fail2Ban configuration file
			
 
				+#
			
 
				+# Regexp to catch known spambots and software alike. Please verify
			
 
				+# that it is your intent to block IPs which were driven by
			
 
				+# above mentioned bots.
			
 
				+
			
 
				+
			
 
				+[Definition]
			
 
				+
			
 
				+# To test, you can inject this example into log
			
 
				+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
			
 
				+#
			
 
				+# then 
			
 
				+# fail2ban-client status web-dol-passforgotten 
			
 
				+#
			
 
				+# To test rule file on a existing log file
			
 
				+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulespassforgotten.conf
			
 
				+
			
 
				+failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/passwordforgotten.php - action=buildnewpassword
			
 
				+ignoreregex =
			
--- a/dev/setup/fail2ban/jail.local
+++ b/dev/setup/fail2ban/jail.local
@@ -0,0 +1,28 @@
 
				+#
			
 
				+# Examle of rule you can add to fail2ban to restrict bruteforce attacks.
			
 
				+#
			
 
				+
			
 
				+[web-dol-passforgotten]
			
 
				+
			
 
				+; rule against call of passwordforgottenpage
			
 
				+enabled = true
			
 
				+port    = http,https
			
 
				+filter  = web-dolibarr-rulespassforgotten
			
 
				+logpath = >> /mypath/documents/documents/dolibarr.log
			
 
				+action  = %(action_mw)s
			
 
				+bantime  = 4320000   ; 50 days
			
 
				+findtime = 86400     ; 1 day
			
 
				+maxretry = 10
			
 
				+
			
 
				+[web-dol-bruteforce]
			
 
				+
			
 
				+; rule against bruteforce hacking (login + api)
			
 
				+enabled = true
			
 
				+port    = http,https
			
 
				+filter  = web-dolibarr-rulesbruteforce
			
 
				+logpath = >> /mypath/documents/documents/dolibarr.log
			
 
				+action  = %(action_mw)s
			
 
				+bantime  = 86400     ; 1 day
			
 
				+findtime = 3600      ; 1 hour
			
 
				+maxretry = 10
			
 
				+