inital fail2ban addition

AppendCMS.sh

@@ -234,4 +234,4 @@ fi
 ##-------##
 
 msg "                Added CMS!"
-bash /etc/update-motd.d/51*
+if [ -f /etc/update-motd.d/51* ]; then bash /etc/update-motd.d/51*;fi

AppendModule.sh

@@ -259,4 +259,4 @@ done
 ##-------##
 
 msg "                Added Module!"
-bash /etc/update-motd.d/51*
+if [ -f /etc/update-motd.d/51* ]; then bash /etc/update-motd.d/51*;fi

CMS/nextcloud/conf.sh

@@ -9,4 +9,8 @@ mkdir /var/log/nextcloud
 chmod 774 -R /var/log/nextcloud
 ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
 
+#fail2ban
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud_unconfigured -O /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+
 systemctl reload php"$phpver"-fpm

CMS/wordpress/conf.sh

@@ -39,6 +39,11 @@ useradd -g "$sitename" "$sitename"
 
 systemctl reload php"$phpver"-fpm
 
+#fail2ban
+if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
+    wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/wordpress-syslog.jail -O /etc/fail2ban/jail.d/wordpress-syslog.local
+fi
+
 #Setting Permsissions
 chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 

CoreModules/generic/apt.list

@@ -1 +1 @@
-mailutils htop ufw nload
+mailutils htop ufw nload fail2ban

CoreModules/generic/conf.sh

@@ -13,24 +13,6 @@ root:          $email
 EOF
 newaliases
 
-
-##------------##
-#   Fail2Ban   #
-##------------##
-
-##Disabled
-#sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local
-#if [[ $CMS == "Nextcloud" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local
-#fi
-#if [[ $CMS == "Wordpress" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local
-#fi
-
-
 ##-------##
 #   UFW   #
 ##-------##
@@ -41,4 +23,21 @@ ufw default allow outgoing > $OUTPUT 2>&1
 ufw allow 80/tcp > $OUTPUT 2>&1
 ufw allow 443/tcp > $OUTPUT 2>&1
 ufw limit 4242/tcp > $OUTPUT 2>&1
-echo "y" | ufw enable > $OUTPUT 2>&1
+echo "y" | ufw enable > $OUTPUT 2>&1
+
+##------------##
+#   Fail2Ban   #
+##------------##
+
+#General config
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local
+
+#Custom Fiters
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/nextcloud.filter -O /etc/fail2ban/filter.d/nextcloud.local
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -O /etc/fail2ban/filter.d/phpmyadmin-authlog.local
+wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -O /etc/fail2ban/filter.d/wordpress-hard.local
+wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -O /etc/fail2ban/filter.d/wordpress-soft.local
+
+#General jails
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.jail -O /etc/fail2ban/jail.d/sshd.local
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/phpmyadmin.jail -O /etc/fail2ban/jail.d/phpmyadmin.local

config/fail2ban/Filters/nextcloud.filter

@@ -0,0 +1,4 @@
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

config/fail2ban/Filters/phpmyadmin-authlog.filter

@@ -0,0 +1,11 @@
+# Fail2Ban filter for the phpMyAdmin-Authlog
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
+

config/fail2ban/Jails/nextcloud_unconfigured

@@ -0,0 +1,9 @@
+[nextcloud_SITEname]
+enabled = true
+port     = http,https
+protocol = tcp
+filter = nextcloud
+maxretry = 20
+bantime = 900
+findtime = 900
+logpath = /var/log/nextcloud/SITEname

config/fail2ban/Jails/nginx-Basic-auth_unconfigured

@@ -0,0 +1,5 @@
+[nginx-auth-SITEname]
+enabled  = true
+filter   = nginx-http-auth
+port     = http,https
+logpath  = /var/log/nginx/SITEname-error.log

config/fail2ban/Jails/phpmyadmin.jail

@@ -0,0 +1,5 @@
+[phpmyadmin]
+enabled  = true
+port    = http,https
+filter   = phpmyadmin-authlog
+logpath  = /var/log/PhpMyAdmin/PhpMyAdmin_auth.log

config/fail2ban/Jails/sshd-jail.jail

@@ -0,0 +1,2 @@
+[sshd]
+enabled = true

config/fail2ban/Jails/wordpress-syslog.jail

@@ -0,0 +1,11 @@
+[wordpress-hard]
+enabled = true
+filter = wordpress-hard
+logpath = /var/log/auth.log
+port = http,https
+
+[wordpress-soft]
+enabled = true
+filter = wordpress-soft
+logpath = /var/log/auth.log
+port = http,https

config/fail2ban/jail.local

@@ -0,0 +1,53 @@
+[DEFAULT]
+# External command that will take an tagged arguments to ignore, e.g. <ip>,
+# and return true if the IP is to be ignored. False otherwise.
+#
+# ignorecommand = /path/to/command <ip>
+ignorecommand =
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 10m
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 10m
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 5
+
+backend = auto
+
+
+
+#
+# ACTIONS
+#
+
+# Some options used for actions
+
+# Destination email address used solely for the interpolations in
+# jail.{conf,local,d/*} configuration files.
+destemail = root@localhost
+
+# Sender email address used solely for some actions
+sender = root@<fq-hostname>
+
+# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
+# mailing. Change mta configuration parameter to mail if you want to
+# revert to conventional 'mail'.
+mta = sendmail
+
+# Default protocol
+protocol = tcp
+
+# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
+chain = <known/chain>
+
+# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
+fail2ban_agent = Fail2Ban/%(fail2ban_version)s
+
+#
+# Action shortcuts. To be used to define action parameter
+
+banaction = ufw
+banaction_allports = ufw

config/fail2ban/nextcloud.conf

@@ -1,4 +0,0 @@
-[Definition]
-failregex=^{"reqId":".<em>","remoteAddr":".</em>","app":"core","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;","level":2,"time":".</em>"}$
-        ^{"reqId":".<em>","level":2,"time":".</em>","remoteAddr":".<em>","app":"core".</em>","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;".</em>}$
-        ^.<em>\"remoteAddr\":\"<HOST>\".</em>Trusted domain error.*$

config/fail2ban/nextcloud.local

@@ -1,11 +0,0 @@
-[nextcloud]
-ignoreip = 192.168.1.0/24
-backend = auto
-enabled = true
-port = 80,443
-protocol = tcp
-filter = nextcloud
-maxretry = 3
-bantime = 36000
-findtime = 36000
-logpath = /var/nextcloud/data/nextcloud.log

config/fail2ban/sshd.local

@@ -1,6 +0,0 @@
-[sshd]
-enabled = true
-port = 4242
-filter = sshd
-logpath = /var/log/auth.log
-maxretry = 5

config/fail2ban/wordpress.conf

@@ -1,2 +0,0 @@
-[Definition]
-failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 200

config/fail2ban/wordpress.local

@@ -1,7 +0,0 @@
-[wordpress]
-enabled = true
-port = http,https
-filter = wordpress
-logpath = /var/log/nginx/access.log
-maxretry = 10
-bantime = 3600

installer.sh

@@ -579,4 +579,4 @@ systemctl reload sshd postfix postfix@-
 ##-------##
 
 msg "                Done installing!"
-bash /etc/update-motd.d/51*
+if [ -f /etc/update-motd.d/51* ]; then bash /etc/update-motd.d/51*;fi