lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

instructions

Browse Source
This commit is contained in:
Lukas
2026-02-28 20:52:29 +01:00
commit 460d877339
530 changed files with 62160 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
fail2ban-master/files/bash-completion Normal file
View File

@@ -0,0 +1,182 @@
# fail2ban bash-completion -*- shell-script -*-
#
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
__fail2ban_jails () {
"$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g'
}
__fail2ban_jail_actions () {
"$1" get "$2" actions 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
}
__fail2ban_jail_action_properties () {
"$1" get "$2" actionproperties "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
}
__fail2ban_jail_action_methods () {
"$1" get "$2" actionmethods "$3" 2>/dev/null | sed -n '$s/\([^,]\+\),\?/\1/gp'
}
_fail2ban () {
local cur prev words cword
_init_completion || return
case $prev in
-V|--version|-h|--help)
return 0 # No further completion valid
;;
-c)
_filedir -d # Directories
return 0
;;
-s|-p)
_filedir # Files
return 0
;;
*)
if [[ "$cur" == "-"* ]];then
COMPREPLY=( $( compgen -W \
"$( _parse_help "$1" --help 2>/dev/null) -V" \
-- "$cur") )
return 0
fi
;;
esac
if [[ "$1" == *"fail2ban-regex" ]];then
_filedir
return 0
elif [[ "$1" == *"fail2ban-client" ]];then
local cmd jail action
case $prev in
"$1")
COMPREPLY=( $( compgen -W \
"$( "$1" --help 2>/dev/null | awk '/^ [a-z]+/{print $1}')" \
-- "$cur") )
return 0
;;
start|reload|stop|status)
COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
return 0
;;
set|get)
COMPREPLY=( $( compgen -W \
"$( "$1" --help 2>/dev/null | awk '/^ '$prev' [^<]/{print $2}')" \
-- "$cur") )
COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
return 0
;;
*)
if [[ "${words[$cword-2]}" == "add" ]];then
COMPREPLY=( $( compgen -W "auto polling pyinotify systemd" -- "$cur" ) )
return 0
elif [[ "${words[$cword-2]}" == "set" || "${words[$cword-2]}" == "get" ]];then
cmd="${words[cword-2]}"
# Handle in section below
elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then
cmd="${words[$cword-3]}"
jail="${words[$cword-2]}"
# Handle in section below
elif [[ "${words[$cword-4]}" == "set" || "${words[$cword-4]}" == "get" && ${words[$cword-2]} == action* ]];then
cmd="${words[$cword-4]}"
jail="${words[$cword-3]}"
action="${words[$cword-1]}"
# Handle in section below
fi
;;
esac
if [[ -z "$jail" && -n "$cmd" ]];then
case $prev in
loglevel)
if [[ "$cmd" == "set" ]];then
COMPREPLY=( $( compgen -W "CRITICAL ERROR WARNING NOTICE INFO DEBUG" -- "$cur" ) )
fi
return 0
;;
logtarget)
if [[ "$cmd" == "set" ]];then
COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG SYSOUT" -- "$cur" ) )
_filedir # And files
fi
return 0
;;
*) # Jail name
COMPREPLY=( $( compgen -W \
"$( "$1" --help 2>/dev/null | awk '/^ '${cmd}' <JAIL>/{print $3}')" \
-- "$cur") )
return 0
;;
esac
elif [[ -n "$jail" && -n "$action" ]];then
case ${words[$cwords-3]} in
action)
COMPREPLY=( $( compgen -W \
"$( __fail2ban_jail_action_properties "$1" "$jail" "$action")" \
-- "$cur" ) )
if [[ "$cmd" == "set" ]];then
COMPREPLY+=( $(compgen -W "$(__fail2ban_jail_action_methods "$1" "$jail" "$action")" -- "$cur" ) )
fi
return 0
;;
esac
elif [[ -n "$jail" && $prev == action* ]];then
case $prev in
action|actionproperties|actionmethods)
COMPREPLY=( $(compgen -W "$(__fail2ban_jail_actions "$1" "$jail")" -- "$cur" ) )
return 0
;;
esac
elif [[ -n "$jail" && "$cmd" == "set" ]];then
case $prev in
addlogpath)
_filedir
return 0
;;
dellogpath|delignoreip)
COMPREPLY=( $( compgen -W \
"$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \
-- "$cur" ) )
if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then
_filedir
fi
return 0
;;
delfailregex|delignoreregex)
COMPREPLY=( $( compgen -W \
"$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \
-- "$cur" ) )
return 0
;;
unbanip)
COMPREPLY=( $( compgen -W \
"$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \
-- "$cur" ) )
return 0
;;
idle)
COMPREPLY=( $( compgen -W "on off" -- "$cur" ) )
return 0
;;
usedns)
COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) )
return 0
;;
esac
fi
fi # fail2ban-client
} &&
complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex

53
fail2ban-master/files/cacti/README Normal file
View File

@@ -0,0 +1,53 @@
__ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.8.2) 2008/03/06
=============================================================
Cacti is a graphing solution using RRDTool. It is possible to
use Cacti to display statistics about Fail2ban.
Installation:
-------------
1/ Install Fail2ban version 0.8 or higher and ensure that it
works properly.
2/ The user running poller.php must have read and write
access to the socket used by Fail2ban.
3/ Copy fail2ban_stats.sh to scripts/. You can test it with
bash scripts/fail2ban_stats.sh
4/ Import the template cacti_host_template_fail2ban.xml
5/ TO BE CONTINUED...
Contact:
--------
You need some new features, you found bugs or you just
appreciate this program, you can contact me at:
Website: http://www.fail2ban.org
Cyril Jaquier: <cyril.jaquier@fail2ban.org>
License:
--------
Fail2Ban is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.
Fail2Ban is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public
License along with Fail2Ban; if not, write to the Free
Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110, USA

297
fail2ban-master/files/cacti/cacti_host_template_fail2ban.xml Normal file
View File

@@ -0,0 +1,297 @@
<cacti>
<hash_02001346a4e9f7498a8129f0dfc2e1c8c7b35a>
<name>Fail2ban</name>
<graph_templates>hash_0000132fe631a3ac1f1705e332d0aee925d21b</graph_templates>
<data_queries></data_queries>
</hash_02001346a4e9f7498a8129f0dfc2e1c8c7b35a>
<hash_0000132fe631a3ac1f1705e332d0aee925d21b>
<name>Fail2ban - Statistics</name>
<graph>
<t_title>on</t_title>
<title>|host_description| - Statistics</title>
<t_image_format_id></t_image_format_id>
<image_format_id>1</image_format_id>
<t_height></t_height>
<height>120</height>
<t_width></t_width>
<width>500</width>
<t_auto_scale></t_auto_scale>
<auto_scale>on</auto_scale>
<t_auto_scale_opts></t_auto_scale_opts>
<auto_scale_opts>2</auto_scale_opts>
<t_auto_scale_log></t_auto_scale_log>
<auto_scale_log></auto_scale_log>
<t_auto_scale_rigid></t_auto_scale_rigid>
<auto_scale_rigid></auto_scale_rigid>
<t_auto_padding></t_auto_padding>
<auto_padding>on</auto_padding>
<t_export></t_export>
<export>on</export>
<t_upper_limit></t_upper_limit>
<upper_limit>100</upper_limit>
<t_lower_limit></t_lower_limit>
<lower_limit>0</lower_limit>
<t_base_value></t_base_value>
<base_value>1000</base_value>
<t_unit_value></t_unit_value>
<unit_value></unit_value>
<t_unit_exponent_value></t_unit_exponent_value>
<unit_exponent_value></unit_exponent_value>
<t_vertical_label></t_vertical_label>
<vertical_label>hits/5min</vertical_label>
</graph>
<items>
<hash_100013f76575fdcd7f2684843e8f2cbae4ef96>
<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
<color_id>00CF00</color_id>
<graph_type_id>4</graph_type_id>
<consolidation_function_id>1</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Failed</text_format>
<hard_return></hard_return>
<sequence>1</sequence>
</hash_100013f76575fdcd7f2684843e8f2cbae4ef96>
<hash_100013ca0d59c48dde83a1753e21eb1f44a396>
<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>4</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Current:</text_format>
<hard_return></hard_return>
<sequence>2</sequence>
</hash_100013ca0d59c48dde83a1753e21eb1f44a396>
<hash_1000132f8d371932ebedbb665f80abf427ffb4>
<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>1</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Average:</text_format>
<hard_return></hard_return>
<sequence>3</sequence>
</hash_1000132f8d371932ebedbb665f80abf427ffb4>
<hash_1000131b8e847f7be22014f1f0b3d098c9e702>
<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>3</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Maximum:</text_format>
<hard_return>on</hard_return>
<sequence>4</sequence>
</hash_1000131b8e847f7be22014f1f0b3d098c9e702>
<hash_1000130e6084fd4ed86d8c86dea8f84b115eaa>
<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
<color_id>FF0000</color_id>
<graph_type_id>5</graph_type_id>
<consolidation_function_id>1</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Banned</text_format>
<hard_return></hard_return>
<sequence>5</sequence>
</hash_1000130e6084fd4ed86d8c86dea8f84b115eaa>
<hash_1000132812e5f3ee8261819268854c67093b94>
<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>4</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Current:</text_format>
<hard_return></hard_return>
<sequence>6</sequence>
</hash_1000132812e5f3ee8261819268854c67093b94>
<hash_10001336fcfc1d017e975fa22a3ce0d0492daf>
<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>1</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Average:</text_format>
<hard_return></hard_return>
<sequence>7</sequence>
</hash_10001336fcfc1d017e975fa22a3ce0d0492daf>
<hash_100013e5fddd5da42b9bf296d7f344b2a00446>
<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
<color_id>0</color_id>
<graph_type_id>9</graph_type_id>
<consolidation_function_id>3</consolidation_function_id>
<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
<value></value>
<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
<text_format>Maximum:</text_format>
<hard_return>on</hard_return>
<sequence>8</sequence>
</hash_100013e5fddd5da42b9bf296d7f344b2a00446>
</items>
<inputs>
<hash_090013a5d69bc5ca8b53ef62b61221a69b8055>
<name>Data Source [banned]</name>
<description></description>
<column_name>task_item_id</column_name>
<items>hash_0000130e6084fd4ed86d8c86dea8f84b115eaa|hash_0000132812e5f3ee8261819268854c67093b94|hash_00001336fcfc1d017e975fa22a3ce0d0492daf|hash_000013e5fddd5da42b9bf296d7f344b2a00446</items>
</hash_090013a5d69bc5ca8b53ef62b61221a69b8055>
<hash_0900132cee6f79f051b0dd39cafcbfcfd87960>
<name>Data Source [failed]</name>
<description></description>
<column_name>task_item_id</column_name>
<items>hash_000013f76575fdcd7f2684843e8f2cbae4ef96|hash_000013ca0d59c48dde83a1753e21eb1f44a396|hash_0000131b8e847f7be22014f1f0b3d098c9e702|hash_0000132f8d371932ebedbb665f80abf427ffb4</items>
</hash_0900132cee6f79f051b0dd39cafcbfcfd87960>
</inputs>
</hash_0000132fe631a3ac1f1705e332d0aee925d21b>
<hash_0100130fce21647570158d210c7832cd50e98a>
<name>Fail2ban - Statistics</name>
<ds>
<t_name></t_name>
<name>|host_description| - Statistics</name>
<data_input_id>hash_030013a3adf3f2607747859b08262d972eabf0</data_input_id>
<t_rra_id></t_rra_id>
<t_rrd_step></t_rrd_step>
<rrd_step>300</rrd_step>
<t_active></t_active>
<active>on</active>
<rra_items>hash_150013c21df5178e5c955013591239eb0afd46|hash_1500130d9c0af8b8acdc7807943937b3208e29|hash_1500136fc2d038fb42950138b0ce3e9874cc60|hash_150013e36f3adb9f152adfa5dc50fd2b23337e</rra_items>
</ds>
<items>
<hash_0800132d7bfb27a7ecb33f23433863e6f90612>
<t_data_source_name></t_data_source_name>
<data_source_name>failed</data_source_name>
<t_rrd_minimum></t_rrd_minimum>
<rrd_minimum>0</rrd_minimum>
<t_rrd_maximum></t_rrd_maximum>
<rrd_maximum>0</rrd_maximum>
<t_data_source_type_id></t_data_source_type_id>
<data_source_type_id>2</data_source_type_id>
<t_rrd_heartbeat></t_rrd_heartbeat>
<rrd_heartbeat>600</rrd_heartbeat>
<t_data_input_field_id></t_data_input_field_id>
<data_input_field_id>hash_0700134027ae7d3baefb02f510c09de07d159f</data_input_field_id>
</hash_0800132d7bfb27a7ecb33f23433863e6f90612>
<hash_080013b224f2764ba5a827de959b1ff44cbc1d>
<t_data_source_name></t_data_source_name>
<data_source_name>banned</data_source_name>
<t_rrd_minimum></t_rrd_minimum>
<rrd_minimum>0</rrd_minimum>
<t_rrd_maximum></t_rrd_maximum>
<rrd_maximum>0</rrd_maximum>
<t_data_source_type_id></t_data_source_type_id>
<data_source_type_id>2</data_source_type_id>
<t_rrd_heartbeat></t_rrd_heartbeat>
<rrd_heartbeat>600</rrd_heartbeat>
<t_data_input_field_id></t_data_input_field_id>
<data_input_field_id>hash_07001319c32c9466152aa6cfc2bbc639a246d8</data_input_field_id>
</hash_080013b224f2764ba5a827de959b1ff44cbc1d>
</items>
<data>
<item_000>
<data_input_field_id>hash_0700131cda0f872b68c87e508a29e8976a6a7a</data_input_field_id>
<t_value>on</t_value>
<value>ssh-iptables</value>
</item_000>
</data>
</hash_0100130fce21647570158d210c7832cd50e98a>
<hash_030013a3adf3f2607747859b08262d972eabf0>
<name>Fail2ban - Get statistics</name>
<type_id>1</type_id>
<input_string>bash &lt;path_cacti&gt;/scripts/fail2ban_stats.sh &lt;jail&gt;</input_string>
<fields>
<hash_0700131cda0f872b68c87e508a29e8976a6a7a>
<name>Jail name</name>
<update_rra></update_rra>
<regexp_match></regexp_match>
<allow_nulls></allow_nulls>
<type_code></type_code>
<input_output>in</input_output>
<data_name>jail</data_name>
</hash_0700131cda0f872b68c87e508a29e8976a6a7a>
<hash_0700134027ae7d3baefb02f510c09de07d159f>
<name>Total of failed logins</name>
<update_rra>on</update_rra>
<regexp_match></regexp_match>
<allow_nulls></allow_nulls>
<type_code></type_code>
<input_output>out</input_output>
<data_name>failed</data_name>
</hash_0700134027ae7d3baefb02f510c09de07d159f>
<hash_07001319c32c9466152aa6cfc2bbc639a246d8>
<name>Total of banned hosts</name>
<update_rra>on</update_rra>
<regexp_match></regexp_match>
<allow_nulls></allow_nulls>
<type_code></type_code>
<input_output>out</input_output>
<data_name>banned</data_name>
</hash_07001319c32c9466152aa6cfc2bbc639a246d8>
</fields>
</hash_030013a3adf3f2607747859b08262d972eabf0>
<hash_150013c21df5178e5c955013591239eb0afd46>
<name>Daily (5 Minute Average)</name>
<x_files_factor>0.5</x_files_factor>
<steps>1</steps>
<rows>600</rows>
<timespan>86400</timespan>
<cf_items>1|2|3|4</cf_items>
</hash_150013c21df5178e5c955013591239eb0afd46>
<hash_1500130d9c0af8b8acdc7807943937b3208e29>
<name>Weekly (30 Minute Average)</name>
<x_files_factor>0.5</x_files_factor>
<steps>6</steps>
<rows>700</rows>
<timespan>604800</timespan>
<cf_items>1|2|3|4</cf_items>
</hash_1500130d9c0af8b8acdc7807943937b3208e29>
<hash_1500136fc2d038fb42950138b0ce3e9874cc60>
<name>Monthly (2 Hour Average)</name>
<x_files_factor>0.5</x_files_factor>
<steps>24</steps>
<rows>775</rows>
<timespan>2678400</timespan>
<cf_items>1|2|3|4</cf_items>
</hash_1500136fc2d038fb42950138b0ce3e9874cc60>
<hash_150013e36f3adb9f152adfa5dc50fd2b23337e>
<name>Yearly (1 Day Average)</name>
<x_files_factor>0.5</x_files_factor>
<steps>288</steps>
<rows>797</rows>
<timespan>33053184</timespan>
<cf_items>1|2|3|4</cf_items>
</hash_150013e36f3adb9f152adfa5dc50fd2b23337e>
<hash_050013e961cc8ec04fda6ed4981cf5ad501aa5>
<name>Make Per 5 Minutes</name>
<items>
<hash_14001340bb7a1143b0f2e2efca14eb356236de>
<sequence>1</sequence>
<type>4</type>
<value>CURRENT_DATA_SOURCE</value>
</hash_14001340bb7a1143b0f2e2efca14eb356236de>
<hash_140013faf1b148b2c0e0527362ed5b8ca1d351>
<sequence>2</sequence>
<type>6</type>
<value>300</value>
</hash_140013faf1b148b2c0e0527362ed5b8ca1d351>
<hash_14001342686ea0925c0220924b7d333599cd67>
<sequence>3</sequence>
<type>2</type>
<value>3</value>
</hash_14001342686ea0925c0220924b7d333599cd67>
</items>
</hash_050013e961cc8ec04fda6ed4981cf5ad501aa5>
<hash_060013e9c43831e54eca8069317a2ce8c6f751>
<name>Normal</name>
<gprint_text>%8.2lf %s</gprint_text>
</hash_060013e9c43831e54eca8069317a2ce8c6f751>
</cacti>

46
fail2ban-master/files/cacti/fail2ban_stats.sh Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/bash
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# This script can be used to collect data for Cacti. One parameter is needed,
# the jail name. It must be a currently running jail. The script returns two
# value: the number of failures and the number of banned host.
#
# If Fail2ban is not available in the path, you can change the value of the
# variable FAIL2BAN below.. You can add option to this variable too. Please
# look at the man page of fail2ban-client for more information.
#
# Author: Cyril Jaquier
#
FAIL2BAN="fail2ban-client"
JAIL=$1
if [ -z $JAIL ]; then
echo "Usage:" `basename $0` "<jail>"
exit
fi
IFS=""
STATS=$($FAIL2BAN status $JAIL)
TOTAL_FAILED=$(echo $STATS | grep "Total failed:" | awk '{ print $5 }')
TOTAL_BANNED=$(echo $STATS | grep "Total banned:" | awk '{ print $4 }')
echo "failed:"$TOTAL_FAILED "banned:"$TOTAL_BANNED

273
fail2ban-master/files/debian-initd Normal file
View File

@@ -0,0 +1,273 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: fail2ban
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $time $network $syslog $named iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm ufw
# Should-Stop: $network $syslog $named iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm ufw
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop fail2ban
# Description: Start/stop fail2ban, a daemon scanning the log files and
# banning potential attackers.
### END INIT INFO
# Author: Aaron Isotton <aaron@isotton.com>
# Modified: by Yaroslav Halchenko <debian@onerussian.com>
# reindented + minor corrections + to work on sarge without modifications
# Modified: by Glenn Aaldering <glenn@openvideo.nl>
# added exit codes for status command
# Modified: by Juan Karlo de Guzman <jkarlodg@gmail.com>
# corrected the DAEMON's path and the SOCKFILE
# rename this file: (sudo) mv /etc/init.d/fail2ban.init /etc/init.d/fail2ban
# same with the logrotate file: (sudo) mv /etc/logrotate.d/fail2ban.logrotate /etc/logrotate.d/fail2ban
#
PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin"
DESC="Authentication failure monitor"
NAME="fail2ban"
# fail2ban-client is not a daemon itself but starts a daemon and
# loads its with configuration
DAEMON="/usr/local/bin/$NAME-client"
SCRIPTNAME="/etc/init.d/$NAME"
# Ad-hoc way to parse out socket file name
SOCKFILE="$(grep -h '^[^#]*socket *=' "/etc/$NAME/$NAME.conf" "/etc/$NAME/$NAME.local" 2>/dev/null \
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g')"
[ -z "$SOCKFILE" ] && SOCKFILE="/var/run/fail2ban.sock"
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Run as root by default.
FAIL2BAN_USER="root"
# Read configuration variable file if it is present
[ -r "/etc/default/$NAME" ] && . "/etc/default/$NAME"
DAEMON_ARGS="$FAIL2BAN_OPTS"
# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS
# Predefine what can be missing from lsb source later on -- necessary to run
# on sarge. Just present it in a bit more compact way from what was shipped
log_daemon_msg()
{
[ -z "$1" ] && return 1
echo -n "$1:"
[ -z "$2" ] || echo -n " $2"
}
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
# so we must be ok
. /lib/lsb/init-functions
#
# Shortcut function for abnormal init script interruption
#
report_bug()
{
echo "$*"
echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
exit 1
}
#
# Helper function to check if socket is present, which is often left after
# abnormal exit of fail2ban and needs to be removed
#
check_socket()
{
# Return
# 0 if socket is present and readable
# 1 if socket file is not present
# 2 if socket file is present but not readable
# 3 if socket file is present but is not a socket
[ -e "$SOCKFILE" ] || return 1
[ -r "$SOCKFILE" ] || return 2
[ -S "$SOCKFILE" ] || return 3
return 0
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
do_status && return 1
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = force-start ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi
# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
if [ "$FAIL2BAN_USER" != root ]; then
# Make the socket directory, IP lists and fail2ban log
# files writable by fail2ban
chown "$FAIL2BAN_USER" /var/run/fail2ban
# Create the logfile if it doesn't exist
touch /var/log/fail2ban.log
chown "$FAIL2BAN_USER" /var/log/fail2ban.log
find /proc/net/xt_recent -name "fail2ban-*" -exec chown "$FAIL2BAN_USER" "{}" ";"
fi
# $DAEMON_ARGS need to be expanded possibly with multiple or no options
# shellcheck disable=SC2086
start-stop-daemon --start --quiet --chuid "$FAIL2BAN_USER" --exec "$DAEMON" -- \
$DAEMON_ARGS start >/dev/null \
|| return 2
return 0
}
#
# Function that checks the status of fail2ban and returns
# corresponding code
#
do_status()
{
$DAEMON ping >/dev/null 2>&1
return "$?"
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
$DAEMON status >/dev/null 2>&1 || return 1
$DAEMON stop >/dev/null || return 2
# now we need actually to wait a bit since it might take time
# for server to react on client's stop request. Especially
# important for restart command on slow boxes
count=1
while do_status && [ "$count" -lt 60 ]; do
sleep 1
count="$((count + 1))"
done
[ "$count" -lt 60 ] || return 3 # failed to stop
return 0
}
#
# Function to reload configuration
#
do_reload()
{
"$DAEMON" reload >/dev/null && return 0 || return 1
return 0
}
# yoh:
# shortcut function to don't duplicate case statements and to don't use
# bashisms (arrays). Fixes #368218
#
log_end_msg_wrapper()
{
if [ "$1" != 0 ] && [ "$1" != "$2" ]; then
value="1"
else
value="0"
fi
if [ "$3" != no ]; then
log_end_msg "$value"
fi
if [ "$value" != 0 ]; then
exit "$1"
fi
}
command="$1"
case "$command" in
start|force-start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start "$command"
log_end_msg_wrapper "$?" 255 "$VERBOSE"
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
log_end_msg_wrapper "$?" 255 "$VERBOSE"
;;
restart|force-reload)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
log_end_msg_wrapper "$?" 0 always
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg "$?"
;;
status)
log_daemon_msg "Status of $DESC"
do_status
case "$?" in
0)
log_success_msg " $NAME is running"
;;
255)
check_socket
case "$?" in
1)
log_failure_msg " $NAME is not running" && exit 3
;;
0)
log_failure_msg " $NAME is not running but $SOCKFILE exists" && exit 3
;;
2)
log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown" && exit 3
;;
3)
log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown" && exit 3
;;
*)
report_bug "Unknown return code from $NAME:check_socket." && exit 4
;;
esac
;;
*)
report_bug "Unknown $NAME status code" && exit 4
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|force-start|stop|restart|force-reload|status}" 1>&2
exit 3
;;
esac
:

11
fail2ban-master/files/fail2ban-logrotate Normal file
View File

@@ -0,0 +1,11 @@
#
# Debian:
# https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate
/var/log/fail2ban.log {
missingok
notifempty
postrotate
/usr/bin/fail2ban-client flushlogs >/dev/null || true
endscript
}

2
fail2ban-master/files/fail2ban-openrc.conf Normal file
View File

@@ -0,0 +1,2 @@
# For available options, please run "fail2ban-server --help".
#FAIL2BAN_OPTIONS="-x"

86
fail2ban-master/files/fail2ban-openrc.init.in Normal file
View File

@@ -0,0 +1,86 @@
#!/sbin/openrc-run
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Sireyessire, Cyril Jaquier
#
description="Ban hosts that cause multiple authentication errors"
description_reload="reload configuration without dropping bans"
extra_started_commands="reload"
# Can't (and shouldn't) be changed by the end-user.
#
# Note that @BINDIR@ is already supplied by the build system. Some
# day, it might be nice to have @RUNDIR@ supplied by the build system
# as well, so that we don't have to hard-code /run here.
FAIL2BAN_RUNDIR="/run/${RC_SVCNAME}"
FAIL2BAN_SOCKET="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.sock"
# The fail2ban-client program is also capable of starting and stopping
# the server, but things are simpler if we let start-stop-daemon do it.
command="@BINDIR@/fail2ban-server"
pidfile="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.pid"
# We force the pidfile/socket location in this service script because
# we're taking responsibility for ensuring that their parent directory
# exists and has the correct permissions (which we can't do if the
# user is allowed to change them).
command_args="${FAIL2BAN_OPTIONS} -p ${pidfile} -s ${FAIL2BAN_SOCKET}"
retry="30"
depend() {
use logger
after iptables nftables
}
checkconfig() {
"${command}" ${command_args} --test
}
start_pre() {
# If this isn't a restart, make sure that the user's config isn't
# busted before we try to start the daemon (this will produce
# better error messages than if we just try to start it blindly).
#
# If, on the other hand, this *is* a restart, then the stop_pre
# action will have ensured that the config is usable and we don't
# need to do that again.
if [ "${RC_CMD}" != "restart" ] ; then
checkconfig || return $?
fi
checkpath -d "${FAIL2BAN_RUNDIR}"
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
# The fail2ban-client uses an undocumented protocol to tell
# the server to reload(), so we have to use it here rather
# than e.g. sending a signal to the server daemon. Note that
# the reload will fail (on the server side) if the new config
# is invalid; we therefore don't need to test it ourselves
# with checkconfig() before initiating the reload.
ebegin "Reloading ${RC_SVCNAME}"
"@BINDIR@/fail2ban-client" ${command_args} reload
eend $? "Failed to reload ${RC_SVCNAME}"
}

21
fail2ban-master/files/fail2ban.service.in Normal file
View File

@@ -0,0 +1,21 @@
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
RuntimeDirectory=fail2ban
StateDirectory=fail2ban
ExecStart=@BINDIR@/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start
ExecStop=@BINDIR@/fail2ban-client stop
ExecReload=@BINDIR@/fail2ban-client reload
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target

20
fail2ban-master/files/fail2ban.upstart Normal file
View File

@@ -0,0 +1,20 @@
description "fail2ban - ban hosts that cause multiple authentication errors"
start on filesystem and static-network-up
stop on runlevel [016]
expect fork
respawn
env RUNDIR=/var/run/fail2ban
pre-start script
test -d $RUNDIR || mkdir -p $RUNDIR
test ! -e $RUNDIR/fail2ban.sock || rm -f $RUNDIR/fail2ban.sock
end script
exec /usr/bin/fail2ban-client -f -x start
pre-stop exec /usr/bin/fail2ban-client stop
post-stop exec rm -f $RUNDIR/fail2ban.pid

75
fail2ban-master/files/gen_badbots Normal file
View File

@@ -0,0 +1,75 @@
#!/bin/bash
#-------------------------- =+- Shell script -+= --------------------------
#
# Yaroslav Halchenko CS@UNM, CS@NJIT
# web: http://www.onerussian.com & PSYCH@RUTGERS
# e-mail: yoh@onerussian.com ICQ#: 60653192
#
# DESCRIPTION (NOTES):
#
# Script to fetch list of agent strings from http://www.user-agents.org
# which are known to be from malicious bots, and create apache-badbots.conf
# filter for fail2ban
#
# COPYRIGHT: Yaroslav Halchenko 2007-2013
#
# LICENSE:
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
# On Debian system see /usr/share/common-licenses/GPL for the full license.
#
#-----------------\____________________________________/------------------
url=http://www.user-agents.org/index.shtml
badbots=$(
for f in "" "?g_m" "?moz" "?n_s" "?t_z"; do
wget -q -O- $url$f;
done \
| grep -h -B4 '<td class="smallcell" nowrap>S&nbsp;</td>'\
| sed -e 's/&nbsp;//g' \
| awk '/^--/{getline; gsub(" ",""); print $0}' \
| sed -e 's/\([.\:|()+]\)/\\\1/g' \
| uniq \
| tr '\n' '|' \
| sed -e 's/|$//g'
)
echo $badbots >| /tmp/badbots.tmp
cat >| config/filter.d/apache-badbots.conf <<EOF
# Fail2Ban configuration file
#
# Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# above mentioned bots.
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
badbots = $badbots
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
ignoreregex =
# DEV Notes:
# List of bad bots fetched from http://www.user-agents.org
# Generated on `date` by $0.
#
# Author: Yaroslav Halchenko
EOF

31
fail2ban-master/files/ipmasq-ZZZzzz_fail2ban.rul Normal file
View File

@@ -0,0 +1,31 @@
#! /bin/sh
#
# ZZZzzz|fail2ban.rul
#
# Ultima modifica: 20060112 <Nauta@G-B.it> Creazione
# Ultima modifica: 20071205 <Nauta@G-B.it> Verifica sia in esecuzione
#
# Riconfigura le regole di filtraggio relative a fail2ban alla fine
# dell'inizializzazione delle regole.
# Solo all'avvio del sistema mostra la (ri)esecuzione dello script
_NAME=fail2ban
_INITSCRIPT=/etc/init.d/$_NAME
_CONFIG="/etc/$_NAME/$_NAME.local /etc/$_NAME/$_NAME.conf"
if [ -s $_INITSCRIPT ]; then
SOCKFILE=`sed -n -e '/^[^#]*socket\s*=/{
s/.*socket\s*=\s*\(\S\+\).*/\1/p;q}' $_CONFIG 2>/dev/null`
[ -z "$SOCKFILE" ] && SOCKFILE="/tmp/$_NAME.sock"
if [ -S "$SOCKFILE" ]; then # Is daemon running ?
if [ "$SHOWRULES" = "yes" ]; then
echo "#: Reinitializing $_NAME"
echo $_INITSCRIPT force-reload
else
[ ! $runlevel ] && HIDEOUTPUT=true
fi
if [ "$NOACT" != "yes" ]; then
eval $_INITSCRIPT force-reload ${HIDEOUTPUT:+\>/dev/null 2\>&1}
fi
fi # SOCKFILE is a socket
fi # _INITSCRIPT exist

209
fail2ban-master/files/logwatch/fail2ban Normal file
View File

@@ -0,0 +1,209 @@
#!/usr/bin/perl
##########################################################################
# $Id: fail2ban 150 2013-06-18 22:19:38Z mtremaine $
##########################################################################
# $Log: fail2ban,v $
#
# Revision 1.6 2014/08/11 16:07:46 yoh
# Patches from Yaroslav Halchenko to match adjusted in 0.9.x lines.
# Also reports now total number of hits (matches) along with Ban:Unban
# and relaxed regular expressions for matching any log level
#
# Revision 1.5 2008/08/18 16:07:46 mike
# Patches from Paul Gear <paul at libertysys.com> -mgt
#
# Revision 1.4 2008/06/30 23:07:51 kirk
# fixed copyright holders for files where I know who they should be
#
# Revision 1.3 2008/03/24 23:31:26 kirk
# added copyright/license notice to each script
#
# Revision 1.2 2006/12/15 04:53:59 bjorn
# Additional filtering, by Willi Mann.
#
# Revision 1.1 2006/05/30 19:04:26 bjorn
# Added fail2ban service, written by Yaroslav Halchenko.
#
# Written by Yaroslav Halchenko <debian@onerussian.com> for fail2ban
#
##########################################################################
########################################################
## Copyright (c) 2008 Yaroslav Halchenko
## Covered under the included MIT/X-Consortium License:
## http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms. If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions. If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################
use strict;
use Logwatch ':all';
my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
my $DebugCounter = 0;
my $ReInitializations = 0;
my @ActionsErrors = ();
my @CommandsErrors = ();
my $NotValidIP = 0; # reported invalid IPs number
my @OtherList = ();
my %ServicesBans = ();
if ( $Debug >= 5 ) {
print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
$DebugCounter = 1;
}
while (defined(my $ThisLine = <STDIN>)) {
if ( $Debug >= 5 ) {
print STDERR "DEBUG($DebugCounter): $ThisLine";
$DebugCounter++;
}
chomp($ThisLine);
if ( ($ThisLine =~ /..,... DEBUG: /) or
($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban
($ThisLine =~ /..,... \S+: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
($ThisLine =~ /\S+\s+rollover performed on/) or
($ThisLine =~ /\S+\s+Connected to .* persistent database/) or
($ThisLine =~ /\S+\s+Jail '.*' uses .*/) or
($ThisLine =~ /\S+\s+Initiated '.*' backend/) or
($ThisLine =~ /\S+\s+Jail .* is not a JournalFilter instance/) or
($ThisLine =~ /\S+\s+Log rotation detected for/) or
($ThisLine =~ /\S+\s+Jail.+(?:stopped|started|uses poller)/) or
($ThisLine =~ /\S+\s+Changed logging target to/) or
($ThisLine =~ /\S+\s+Creating new jail/) or
($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban
($ThisLine =~ /..,... \S+: Verbose level is /) or
($ThisLine =~ /..,... \S+: Restoring firewall rules/)
)
{
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): line ignored\n";
}
} elsif ( my ($LogLevel,$Service,$Action,$Host) = ($ThisLine =~ m/(WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
}
$ServicesBans{$Service}{$Host}{$Action}++;
$ServicesBans{$Service}{"(all)"}{$Action}++;
} elsif ( my ($LogLevel,$Service,$Host) = ($ThisLine =~ m/(INFO|WARNING|NOTICE):?\s+\[?(.*?)[]:]?\sFound[^\.]* (\S+)/)) {
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found hit for $Service from $Host\n";
}
$ServicesBans{$Service}{$Host}{"Hit"}++;
$ServicesBans{$Service}{"(all)"}{"Hit"}++;
} elsif ( my ($Service,$Host,$NumFailures) = ($ThisLine =~ m/\S+:\s+(\S+): (.+) has (\d+) login failure\(s\). Banned./)) {
if ($Debug >= 4) {
print STDERR "DEBUG: Found host $Host trying to access $Service - failed $NumFailures times\n";
}
push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures;
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/ \S+:\s(.*):\s(\S+)\salready in ban list/)) {
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/\S+:?\s+\[?([^[]*?)[]:]?\s+(\S+)\salready banned/)) {
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found hit for already banned $Host against $Service\n";
}
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
} elsif ( my ($Service,$Host) = ($ThisLine =~ m/ \S+:\s(.*):\sReBan (\S+)/)) {
$ServicesBans{$Service}{$Host}{'ReBan'}++;
} elsif ($ThisLine =~ / ERROR:?\s*(Execution of command )?\'?iptables/) {
push @ActionsErrors, "$ThisLine\n";
} elsif ($ThisLine =~ / ERROR\s*Failed to execute.*action/) {
push @ActionsErrors, "$ThisLine\n";
} elsif ($ThisLine =~ / WARNING Command \[.*\] has failed. Received/) {
push @CommandsErrors, "$ThisLine\n";
} elsif ($ThisLine =~ /ERROR.*returned \d+$/) {
push @ActionsErrors, "$ThisLine\n";
} elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or
($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
$ReInitializations++;
} elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) {
# just ignore - this will be fixed within fail2ban and is harmless warning
}
else
{
# Report any unmatched entries...
push @OtherList, "$ThisLine\n";
}
}
###########################################################
if (keys %ServicesBans) {
printf("\nBanned services with Fail2Ban: Bans:Unbans:Hits\n");
foreach my $service (sort {$a cmp $b} keys %ServicesBans) {
printf(" %-55s [%3d:%d:%-3d]\n", "$service:",
$ServicesBans{$service}{'(all)'}{'Ban'},
$ServicesBans{$service}{'(all)'}{'Unban'},
$ServicesBans{$service}{'(all)'}{'Hit'});
delete $ServicesBans{$service}{'(all)'};
my $totalSort = TotalCountOrder(%{$ServicesBans{$service}}, \&SortIP);
if ($Detail >= 5) {
foreach my $ip (sort $totalSort keys %{$ServicesBans{$service}}) {
my $name = LookupIP($ip);
printf(" %-53s %3d:%d:%-3d\n",
$name,
$ServicesBans{$service}{$ip}{'Ban'},
$ServicesBans{$service}{$ip}{'Unban'},
$ServicesBans{$service}{$ip}{'Hit'});
if (($Detail >= 10) and ($ServicesBans{$service}{$ip}{'Failures'}>0)) {
print " Failed ";
foreach my $fails (@{$ServicesBans{$service}{$ip}{'Failures'}}) {
print " $fails";
}
print " times\n";
}
if ($ServicesBans{$service}{$ip}{'AlreadyInTheList'}>0) {
printf(" %d Duplicate Ban attempt(s)\n", $ServicesBans{$service}{$ip}{'AlreadyInTheList'}) ;
}
if ($ServicesBans{$service}{$ip}{'ReBan'}>0) {
printf(" %d ReBan(s) due to rules reinitilizations\n", $ServicesBans{$service}{$ip}{'ReBan'}) ;
}
}
}
}
}
if ($Detail>0) {
if ($#ActionsErrors >= 0) {
printf("\n%d faulty action invocation(s)", $#ActionsErrors+1);
if ($Detail > 5) {
print ":\n";
print @ActionsErrors ;
}
}
if ($#CommandsErrors >= 0) {
printf("\n%d faulty command invocation(s) from client(s)", $#CommandsErrors+1);
if ($Detail > 5) {
print ":\n";
print @CommandsErrors ;
}
}
if ($ReInitializations > 0) {
printf("\n%d fail2ban rules reinitialization(s)", $ReInitializations);
}
if ($#OtherList >= 0) {
print "\n**Unmatched Entries**\n";
print @OtherList;
}
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:

2
fail2ban-master/files/logwatch/fail2ban-0.8.log Normal file
View File

@@ -0,0 +1,2 @@
2014-08-04 03:06:26,161 fail2ban.actions[4822]: WARNING [apache-badbots] Ban 37.152.91.34
2014-08-05 03:06:26,448 fail2ban.actions[4822]: WARNING [apache-badbots] Unban 37.152.91.34

52
fail2ban-master/files/logwatch/fail2ban-0.9.log Normal file
View File

@@ -0,0 +1,52 @@
2014-08-08 14:59:35,013 fail2ban.server.server[31122]: INFO Exiting Fail2ban
2014-08-08 14:59:36,041 fail2ban.server.server[21667]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.0
2014-08-08 14:59:36,043 fail2ban.server.database[21667]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2014-08-08 14:59:36,072 fail2ban.server.jail[21667]: INFO Creating new jail 'exim'
2014-08-08 14:59:36,137 fail2ban.server.jail[21667]: INFO Jail 'exim' uses pyinotify
2014-08-08 14:59:36,172 fail2ban.server.filter[21667]: INFO Set jail log file encoding to UTF-8
2014-08-08 14:59:36,172 fail2ban.server.jail[21667]: INFO Initiated 'pyinotify' backend
2014-08-08 14:59:36,233 fail2ban.server.filter[21667]: INFO Added logfile = /var/log/exim4/mainlog
2014-08-08 14:59:36,249 fail2ban.server.filter[21667]: INFO Set maxRetry = 5
2014-08-08 14:59:36,251 fail2ban.server.filter[21667]: INFO Set jail log file encoding to UTF-8
2014-08-08 14:59:36,252 fail2ban.server.actions[21667]: INFO Set banTime = 600
2014-08-08 14:59:36,254 fail2ban.server.filter[21667]: INFO Set findtime = 600
2014-08-08 14:59:36,284 fail2ban.server.jail[21667]: INFO Creating new jail 'sshd'
2014-08-08 14:59:36,284 fail2ban.server.jail[21667]: INFO Jail 'sshd' uses pyinotify
2014-08-08 14:59:36,286 fail2ban.server.filter[21667]: INFO Set jail log file encoding to UTF-8
2014-08-08 14:59:36,286 fail2ban.server.jail[21667]: INFO Initiated 'pyinotify' backend
2014-08-08 14:59:36,499 fail2ban.server.filter[21667]: INFO Added logfile = /var/log/auth.log
2014-08-08 14:59:36,510 fail2ban.server.filter[21667]: INFO Set maxRetry = 5
2014-08-08 14:59:36,512 fail2ban.server.filter[21667]: INFO Set jail log file encoding to UTF-8
2014-08-08 14:59:36,513 fail2ban.server.actions[21667]: INFO Set banTime = 600
2014-08-08 14:59:36,514 fail2ban.server.filter[21667]: INFO Set findtime = 600
2014-08-08 14:59:36,515 fail2ban.server.filter[21667]: INFO Set maxlines = 10
2014-08-08 14:59:36,788 fail2ban.server.server[21667]: INFO Jail sshd is not a JournalFilter instance
2014-08-08 14:59:36,798 fail2ban.server.jail[21667]: INFO Jail 'exim' started
2014-08-08 14:59:36,802 fail2ban.server.jail[21667]: INFO Jail 'sshd' started
2014-08-08 15:01:30,120 fail2ban.server.transmitter[21667]: WARNING Command ['status', 'ssh'] has failed. Received UnknownJailException('ssh',)
2014-08-08 15:09:36,978 fail2ban.server.actions[21667]: NOTICE [sshd] Unban 116.10.191.199
2014-08-08 15:09:37,187 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/116.10.191.199.auto
iptables -D INPUT -s 116.10.191.199 -j DROP -- stdout: ''
2014-08-08 15:09:37,188 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/116.10.191.199.auto
iptables -D INPUT -s 116.10.191.199 -j DROP -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).\n'
2014-08-08 15:09:37,188 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/116.10.191.199.auto
iptables -D INPUT -s 116.10.191.199 -j DROP -- returned 1
2014-08-08 15:09:37,188 fail2ban.server.actions[21667]: ERROR Failed to execute unban jail 'sshd' action 'symbiosis-blacklist': Error unbanning 116.10.191.199
2014-08-10 02:27:27,235 fail2ban.server.server[21667]: INFO rollover performed on /var/log/fail2ban.log
2014-08-10 02:27:28,109 fail2ban.server.filter[21667]: INFO Log rotation detected for /var/log/exim4/mainlog
2014-08-10 02:28:01,747 fail2ban.server.filter[21667]: INFO Log rotation detected for /var/log/auth.log
2014-08-10 02:33:29,500 fail2ban.server.filter[21667]: INFO [sshd] Found 86.101.234.57
2014-08-10 02:46:06,846 fail2ban.server.filter[21667]: INFO [sshd] Found 220.130.163.247
2014-08-10 03:10:43,794 fail2ban.server.filter[21667]: INFO [sshd] Found 220.130.163.247
2014-08-10 06:49:27,446 fail2ban.server.actions[21667]: NOTICE [sshd] Ban 116.10.191.181
2014-08-10 06:59:28,375 fail2ban.server.actions[21667]: NOTICE [sshd] Unban 116.10.191.181
2014-08-10 20:06:41,576 fail2ban.server.actions[21667]: NOTICE [sshd] Unban 50.30.34.7
2014-08-13 17:55:50,401 fail2ban.server.actions[17436]: NOTICE [sshd] 144.0.0.25 already banned
2014-08-10 20:06:41,785 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/50.30.34.7.auto
iptables -D INPUT -s 50.30.34.7 -j DROP -- stdout: ''
2014-08-10 20:06:41,785 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/50.30.34.7.auto
iptables -D INPUT -s 50.30.34.7 -j DROP -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).\n'
2014-08-10 20:06:41,786 fail2ban.server.action[21667]: ERROR rm -f /etc/symbiosis/firewall/blacklist.d/50.30.34.7.auto
iptables -D INPUT -s 50.30.34.7 -j DROP -- returned 1
2014-08-10 20:06:41,786 fail2ban.server.actions[21667]: ERROR Failed to execute unban jail 'sshd' action 'symbiosis-blacklist': Error unbanning 50.30.34.7
2014-08-11 02:27:35,433 fail2ban.server.filter[21667]: INFO Log rotation detected for /var/log/exim4/mainlog

19
fail2ban-master/files/macosx-initd Normal file
View File

@@ -0,0 +1,19 @@
/Library/LaunchDaemonsm/org.fail2ban.plist
===================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>fail2ban</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/fail2ban-client</string>
<string>start</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

9
fail2ban-master/files/monit/fail2ban Normal file
View File

@@ -0,0 +1,9 @@
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
group services
start program = "/etc/init.d/fail2ban force-start"
stop program = "/etc/init.d/fail2ban stop"
if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
if 5 restarts within 5 cycles then timeout
check file fail2ban_log with path /var/log/fail2ban.log
if match "ERROR|WARNING" then alert

104
fail2ban-master/files/nagios/README Normal file
View File

@@ -0,0 +1,104 @@
Description
-----------
This plugin checks if the fail2ban server is running and how many IPs are currently banned.
You can use this plugin to monitor all the jails or just a specific jail.
How to use
----------
Just have to run the following command:
$ ./check_fail2ban --help
If you need to use this script with NRPE you just have to do the
following steps:
1 allow your user to run the script with the sudo rights. Just add
something like that in your /etc/sudoers (use visudo) :
nagios ALL=(ALL) NOPASSWD: /<path-to>/check_fail2ban
2 then just add this kind of line in your NRPE config file :
command[check_fail2ban]=/usr/bin/sudo /<path-to>/check_fail2ban
3 don't forget to restart your NRPE daemon
/!\ be careful to let no one able to update the check_fail2ban ;)
------------------------------------------------------------------------------
Notes (from f2ban.txt)
-----
It seems that Fail2ban is currently not working, please login and check
HELP:
1.) stop the Service
/etc/init.d/fail2ban stop
2.) delete the socket if available
rm /var/run/fail2ban/fail2ban.sock
3.) start the Service
/etc/init.d/fail2ban start
4.) check if fail2ban is working
fail2ban-client ping
Answer should be "pong"
5.) if the answer is not "pong" run away or CRY FOR HELP ;-)
Help
----
Usage: /<path-to>/check_fail2ban [-p] [-D "CHECK FAIL2BAN ACTIVITY"] [-v] [-c 2] [-w 1] [-s /<path-to>/socket] [-P /usr/bin/fail2ban-client]
Options:
-h, --help
Print detailed help screen
-V, --version
Print version information
-D, --display=STRING
To modify the output display
default is "CHECK FAIL2BAN ACTIVITY"
-P, --path-fail2ban_client=STRING
Specify the path to the tw_cli binary
default value is /usr/bin/fail2ban-client
-c, --critical=INT
Specify a critical threshold
default is 2
-w, --warning=INT
Specify a warning threshold
default is 1
-s, --socket=STRING
Specify a socket path
default is unset
-p, --perfdata
If you want to activate the perfdata output
-v, --verbose
Show details for command-line debugging (Nagios may truncate the output)
Example
-------
# for a specific jail
$ ./check_fail2ban --verbose -p -j ssh -w 1 -c 5 -P /usr/bin/fail2ban-client
DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client
DEBUG : /usr/bin/fail2ban-client exists and is executable
DEBUG : final fail2ban command: /usr/bin/fail2ban-client
DEBUG : warning threshold : 1, critical threshold : 5
DEBUG : it seems the connection with the fail2ban server is ok
CHECK FAIL2BAN ACTIVITY - OK - 0 current banned IP(s) for the specific jail ssh | currentBannedIP=0
# for all the current jails
$ ./check_fail2ban --verbose -p -w 1 -c 5 -P /usr/bin/fail2ban-client
DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client
DEBUG : /usr/bin/fail2ban-client exists and is executable
DEBUG : final fail2ban command: /usr/bin/fail2ban-client
DEBUG : warning threshold : 1, critical threshold : 5
DEBUG : it seems the connection with the fail2ban server is ok
DEBUG : jails list: apache, ssh-ddos, ssh
DEBUG : the jail apache has currently 0 banned IPs
DEBUG : the jail ssh-ddos has currently 0 banned IPs
DEBUG : the jail ssh has currently 0 banned IPs
CHECK FAIL2BAN ACTIVITY - OK - 3 detected jails with 0 current banned IP(s) | currentBannedIP=0

349
fail2ban-master/files/nagios/check_fail2ban Normal file
View File

@@ -0,0 +1,349 @@
#!/usr/bin/perl
# -------------------------------------------------------
# -=- <check_fail2ban> -=-
# -------------------------------------------------------
#
# Description : This plugin checks if the fail2ban server is running
# and how many IPs are currently banned.
#
#
# inspired by the work of Sebastian Mueller - http://www.elchtest.eu
#
#
# Version : 0.1
# -------------------------------------------------------
# In :
# - see the How to use section
#
# Out :
# - only print on the standard output
#
# Features :
# - perfdata output
# - works with only a specific jail
#
# Fix Me/Todo :
# - too many things ;) but let me know what do you think about it
#
# ####################################################################
# ####################################################################
# GPL v2
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# ####################################################################
# ####################################################################
# How to use :
# ------------
#
# Just have to run the following command:
# $ ./check_fail2ban --help
#
# If you need to use this script with NRPE you just have to do the
# following steps:
#
# 1 allow your user to run the script with the sudo rights. Just add
# something like that in your /etc/sudoers (use visudo) :
# nagios ALL=(ALL) NOPASSWD: /<path-to>/check_fail2ban
#
# 2 then just add this kind of line in your NRPE config file :
# command[check_fail2ban]=/usr/bin/sudo /<path-to>/check_fail2ban
#
# 3 don't forget to restart your NRPE daemon
#
#
# /!\ be careful to let no one able to update the check_fail2ban ;)
# ------------------------------------------------------------------------------
#
# ####################################################################
# ####################################################################
# Changelog :
# -----------
#
# --------------------------------------------------------------------
# Date:12/03/2013 Version:0.1 Author:Erwan Ben Souiden
# >> creation
# ####################################################################
# ####################################################################
# Don't touch anything under this line!
# You shall not pass - Gandalf is watching you
# ####################################################################
use strict;
use warnings;
use Getopt::Long qw(:config no_ignore_case);
# Generic variables
# -----------------
my $version = '0.1';
my $author = 'Erwan Labynocle Ben Souiden';
my $a_mail = 'erwan@aleikoum.net';
my $script_name = 'check_fail2ban';
my $verbose_value = 0;
my $version_value = 0;
my $more_value = 0;
my $help_value = 0;
my $perfdata_value = 0;
my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
# Plugin default variables
# ------------------------
my $display = 'CHECK FAIL2BAN ACTIVITY';
my ($critical,$warning) = (2,1);
my $fail2ban_client_path = '/usr/bin/fail2ban-client';
my $fail2ban_socket = '';
my $jail_specific = '';
my $jail_name = '';
GetOptions (
'P=s' => \ $fail2ban_client_path,
'path-fail2ban_client=s' => \ $fail2ban_client_path,
'j=s' => \ $jail_specific,
'jail=s' => \ $jail_specific,
'w=i' => \ $warning,
'warning=i' => \ $warning,
'socket=s' => \ $fail2ban_socket,
'S=s' => \ $fail2ban_socket,
'c=i' => \ $critical,
'critical=i' => \ $critical,
'V' => \ $version_value,
'version' => \ $version_value,
'h' => \ $help_value,
'H' => \ $help_value,
'help' => \ $help_value,
'display=s' => \ $display,
'D=s' => \ $display,
'perfdata' => \ $perfdata_value,
'p' => \ $perfdata_value,
'v' => \ $verbose_value,
'verbose' => \ $verbose_value
);
print_usage() if ($help_value);
print_version() if ($version_value);
# Syntax check of your specified options
# --------------------------------------
print "DEBUG : fail2ban_client_path: $fail2ban_client_path\n" if ($verbose_value);
if (($fail2ban_client_path eq "")) {
print $display.'- one or more following arguments are missing: fail2ban_client_path'."\n";
exit $ERRORS{"UNKNOWN"};
}
if(! -x $fail2ban_client_path) {
print $display.' - '.$fail2ban_client_path.' is not executable by you'."\n";
exit $ERRORS{"UNKNOWN"};
}
print "DEBUG : $fail2ban_client_path exists and is executable\n" if ($verbose_value);
my $fail2ban_cmd = $fail2ban_client_path;
$fail2ban_cmd .= " -s $fail2ban_socket" if ($fail2ban_socket);
print "DEBUG : final fail2ban command: $fail2ban_cmd\n" if ($verbose_value);
print "DEBUG : warning threshold : $warning, critical threshold : $critical\n" if ($verbose_value);
if (($critical < 0) or ($warning < 0) or ($critical < $warning)) {
print $display.' - the thresholds must be integers and the critical threshold higher or equal than the warning threshold'."\n";
exit $ERRORS{"UNKNOWN"};
}
# Core script
# -----------
my ($how_many_jail,$how_many_banned,$return_print,$perf_print,$plugstate) = (0,0,"","","OK");
### Test the connection to the fail2ban server
my @command_output = `$fail2ban_cmd ping`;
my $return_code = $?;
if ($return_code) {
print $display.'CRITICAL - non-zero exit code during testing fail2ban-client ping, check if the server is running and if you have the good permissions';
exit $ERRORS{"CRITICAL"};
}
else {
print "DEBUG : it seems the connection with the fail2ban server is ok\n" if ($verbose_value);
}
### Only if you specify one jail
if ($jail_specific) {
my $current_ban_number = currently_ban("$fail2ban_cmd","$jail_specific");
if ($current_ban_number == -1) {
print $display.' - CRITICAL - impossible to retrieve info about the jail '.$jail_specific;
exit $ERRORS{"CRITICAL"};
}
else {
$how_many_banned = int($current_ban_number);
$return_print = $how_many_banned.' current banned IP(s) for the specific jail '.$jail_specific;
$perf_print .= "$current_ban_number " if ($perfdata_value);
}
}
### To analyze all the jail
else {
# Retrieve the jails list
my @jail_list = obtain_jail_list("$fail2ban_cmd");
if ($jail_list[0] eq "-1") {
print $display.' - CRITICAL - impossible to retrieve the jail list'."\n";
exit $ERRORS{"CRITICAL"};
}
foreach (@jail_list) {
$how_many_jail ++;
my $jail_name = $_;
$jail_name =~ tr/ //ds;
my $current_ban_number = currently_ban("$fail2ban_cmd","$jail_name");
if ($current_ban_number == -1) {
print "DEBUG : problem to parse the current banned IPs for jail $jail_name\n" if ($verbose_value);
}
else {
print "DEBUG : the jail $jail_name has currently $current_ban_number banned IPs\n" if ($verbose_value);
$how_many_banned += int($current_ban_number);
$perf_print .= "$jail_name.currentBannedIP=$current_ban_number " if ($perfdata_value);
}
}
$return_print = $how_many_jail.' detected jails with '.$how_many_banned.' current banned IP(s)';
}
### Final
$plugstate = "CRITICAL" if ($how_many_banned >= $critical);
$plugstate = "WARNING" if (($how_many_banned >= $warning) && ($how_many_banned < $critical));
$return_print = $display." - ".$plugstate." - ".$return_print;
$return_print .= " | $perf_print" if ($perfdata_value);
print $return_print;
exit $ERRORS{"$plugstate"};
# ####################################################################
# function 1 : display the help
# -----------------------------
sub print_usage {
print <<EOT;
$script_name version $version by $author
This plugin checks if the fail2ban server is running and how many IPs are currently banned.
You can use this plugin to monitor all the jails or just a specific jail.
Usage: /<path-to>/$script_name [-p] [-D "$display"] [-v] [-c 2] [-w 1] [-s /<path-to>/socket] [-P /usr/bin/fail2ban-client]
Options:
-h, --help
Print detailed help screen
-V, --version
Print version information
-D, --display=STRING
To modify the output display
default is "CHECK FAIL2BAN ACTIVITY"
-P, --path-fail2ban_client=STRING
Specify the path to the tw_cli binary
default value is /usr/bin/fail2ban-client
-c, --critical=INT
Specify a critical threshold
default is 2
-w, --warning=INT
Specify a warning threshold
default is 1
-s, --socket=STRING
Specify a socket path
default is unset
-p, --perfdata
If you want to activate the perfdata output
-v, --verbose
Show details for command-line debugging (Nagios may truncate the output)
Send email to $a_mail if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to $a_mail
This plugin has been created by $author
Hope you will enjoy it ;)
Remember :
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
EOT
exit $ERRORS{"UNKNOWN"};
}
# function 2 : display version information
# ----------------------------------------
sub print_version {
print <<EOT;
$script_name version $version
EOT
exit $ERRORS{"UNKNOWN"};
}
# function 3 : return the jail list
# ---------------------------------
sub obtain_jail_list {
my ($fail2ban_client_path) = @_;
my @command_output = `$fail2ban_client_path status`;
my $return_code = $?;
if ($return_code) {
return -1;
}
my @jail_list;
foreach (@command_output) {
if ($_=~/^.*Jail list:\t+(.*)/) {
print "DEBUG : jails list: $1\n" if ($verbose_value);
@jail_list = split(/,/, $1);
}
}
return @jail_list;
}
# function 4 : return how many IP are currently ban for a given jail
# ------------------------------------------------------------------
sub currently_ban {
my ($fail2ban_client_path,$jail_name) = @_;
my @command_output = `$fail2ban_client_path status $jail_name`;
my $return_code = $?;
if ($return_code) {
return -1;
}
foreach (@command_output) {
if ($_=~/^.*Currently banned:\t+(.*)/) {
my $current_count = $1;
$current_count =~ tr/ //ds;
return $current_count;
}
}
return -1;
}

96
fail2ban-master/files/redhat-initd Normal file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
#
# chkconfig: - 92 08
# processname: fail2ban-server
# config: /etc/fail2ban/fail2ban.conf
# pidfile: /var/run/fail2ban/fail2ban.pid
# description: fail2ban is a daemon to ban hosts that cause multiple authentication errors
#
### BEGIN INIT INFO
# Provides: fail2ban
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $time $network $syslog iptables firehol shorewall ferm
# Should-Stop: $network $syslog iptables firehol shorewall ferm
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/Stop fail2ban
# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
# Check that the config file exists
[ -f /etc/fail2ban/fail2ban.conf ] || exit 0
FAIL2BAN="/usr/bin/fail2ban-client"
prog=fail2ban-server
lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
RETVAL=0
start() {
echo -n $"Starting fail2ban: "
${FAIL2BAN} -x start > /dev/null
RETVAL=$?
if [ $RETVAL = 0 ]; then
touch ${lockfile}
echo_success
else
echo_failure
fi
echo
return $RETVAL
}
stop() {
echo -n $"Stopping fail2ban: "
${FAIL2BAN} stop > /dev/null
RETVAL=$?
if [ $RETVAL = 0 ]; then
rm -f ${lockfile} ${pidfile}
echo_success
else
echo_failure
fi
echo
return $RETVAL
}
reload() {
echo "Reloading fail2ban: "
${FAIL2BAN} reload
RETVAL=$?
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status -p ${pidfile} ${prog}
RETVAL=$?
[ $RETVAL = 0 ] && ${FAIL2BAN} status
;;
*)
echo $"Usage: fail2ban {start|stop|restart|reload|status}"
RETVAL=2
esac
exit $RETVAL

74
fail2ban-master/files/solaris-fail2ban.xml Normal file
View File

@@ -0,0 +1,74 @@
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!--
Hanno 'Rince' Wagner 03 2007
Service manifest for fail2ban
E-Mail: wagner@rince.de
-->
<service_bundle type='manifest' name='fail2ban:fail2ban'>
<service
name='network/fail2ban'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance />
<dependency name='fs'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency name='net'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/loopback' />
</dependency>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/svc-fail2ban start'
timeout_seconds='-1'>
<method_context>
<method_credential user='root' group='root' />
</method_context>
</exec_method>
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/svc-fail2ban stop'
timeout_seconds='-1'>
</exec_method>
<exec_method
type='method'
name='reload'
exec='/lib/svc/method/svc-fail2ban reload'
timeout_seconds='-1'>
</exec_method>
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/svc-fail2ban refresh'
timeout_seconds='-1'>
</exec_method>
<exec_method
type='method'
name='restart'
exec='/lib/svc/method/svc-fail2ban restart'
timeout_seconds='-1'>
</exec_method>
</service>
</service_bundle>

65
fail2ban-master/files/solaris-svc-fail2ban Normal file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/bash -e
#
# fail2ban This init.d script is used to start fail2ban.
# (C) by Hanno Wagner <wagner@rince.de>, License is GPL
#set -x
. /lib/svc/share/smf_include.sh
set -e
F2B_CONF="/etc/fail2ban/fail2ban.conf"
if [ -n "$2" ] && [ -f "$F2B_CONF" ]; then
F2B_CONF="$2"
fi
ENV="/usr/bin/env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin:/opt/sfw/bin:/usr/sfw/bin"
# get socket/pid conf and check dir exists
# sock and pid default dirs are currently the same
# mkdir if it doesn't exist
SOCK_FILE=$(sed "/^\#/d" "$F2B_CONF" | grep "socket" | tail -1 | cut -d "=" -f2-)
SOCK_DIR=$(dirname $SOCK_FILE)
if [ -n "$SOCK_DIR" ]; then
if [ ! -d "$SOCK_DIR" ]; then
mkdir "$SOCK_DIR" || exit 1
fi
fi
case $1 in
start)
# remove any lingering sockets
# don't quote the var for the -e test
if [ -n "$SOCK_FILE" ]; then
if [ -e $SOCK_FILE ]; then
rm -f $SOCK_FILE || exit 1
fi
fi
[ -f /etc/fail2ban.conf ] || touch /etc/fail2ban.conf
echo "Starting fail2ban-server with $F2B_CONF"
eval $ENV /usr/local/bin/fail2ban-client start &
;;
stop)
echo "Stopping fail2ban-server with $F2B_CONF"
eval $ENV /usr/local/bin/fail2ban-client stop &
;;
reload | refresh )
echo "Reloading fail2ban-server with $F2B_CONF"
eval $ENV /usr/local/bin/fail2ban-client reload &
;;
restart | force-reload)
echo "Forcing reload of fail2ban-server with $F2B_CONF"
eval $ENV /usr/local/bin/fail2ban-client stop &
sleep 2
eval $ENV /usr/local/bin/fail2ban-client start &
;;
status)
/usr/local/bin/fail2ban-client status &
;;
*)
echo "Usage: /lib/svc/method/svc-fail2ban start|stop|status|refresh|restart|reload|force-reload" >&2
exit 2
;;
esac

114
fail2ban-master/files/suse-initd Normal file
View File

@@ -0,0 +1,114 @@
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: fail2ban
# Required-Start: $remote_fs $local_fs
# Should-Start: $syslog $time $network iptables
# Required-Stop: $remote_fs $local_fs
# Should-Stop: $syslog $time $network iptables
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Pidfile: /var/run/fail2ban/fail2ban.pid
# Short-Description: Bans IPs with too many authentication failures
# Description: Start fail2ban to scan logfiles and ban IP addresses
# which make too many logfiles failures, and/or sent e-mails about
### END INIT INFO
# Check for missing binaries (stale symlinks should not happen)
FAIL2BAN_CLI=/usr/bin/fail2ban-client
test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
FAIL2BAN_SRV=/usr/bin/fail2ban-server
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
FAIL2BAN_CONFIG="/etc/sysconfig/fail2ban"
FAIL2BAN_SOCKET_DIR="/var/run/fail2ban"
FAIL2BAN_SOCKET="$FAIL2BAN_SOCKET_DIR/fail2ban.sock"
FAIL2BAN_PID="$FAIL2BAN_SOCKET_DIR/fail2ban.pid"
if [ -e $FAIL2BAN_CONFIG ]; then
. $FAIL2BAN_CONFIG
fi
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting fail2ban "
if [ ! -d $FAIL2BAN_SOCKET_DIR ]; then
mkdir -p $FAIL2BAN_SOCKET_DIR
fi
if [ -e $FAIL2BAN_SOCKET ]; then
if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then
rm $FAIL2BAN_SOCKET
fi
fi
$FAIL2BAN_CLI -x -q $FAIL2BAN_OPTIONS start &>/dev/null 2>&1
rc_status -v
;;
stop)
echo -n "Shutting down fail2ban "
## Stop daemon with built-in functionality 'stop'
/sbin/startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
if [ -f $FAIL2BAN_SOCKET ]
then
echo "$FAIL2BAN_SOCKET not removed .. removing .."
rm $FAIL2BAN_SOCKET
fi
if [ -f $FAIL2BAN_PID ]
then
echo "$FAIL2BAN_PID not removed .. removing .."
rm $FAIL2BAN_PID
fi
rc_status -v
;;
try-restart|condrestart)
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
rc_status
;;
restart)
$0 stop
i=60
while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do
sleep 1
i=$[$i-1]
echo -n "."
done
$0 start
rc_status
;;
reload|force-reload)
echo -n "Reload service Fail2ban "
/sbin/startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
rc_status -v
;;
status)
echo -n "Checking for service fail2ban "
/sbin/checkproc $FAIL2BAN_SRV
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit