From 197253af4676fb39d4af3239942fb181abb0fc5d Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Sat, 7 Sep 2024 19:53:18 +1000 Subject: [PATCH] initial commit of file from CVS for smeserver-fail2ban on Sat Sep 7 19:53:17 AEST 2024 --- .gitignore | 4 + Makefile | 21 + README.md | 18 +- additional/CHANGELOG.git | 792 ++++++++++++++++++ additional/smeserver-fail2ban.spec | 119 +++ additional/usr/bin/sfail2ban | 6 + contriborbase | 1 + createlinks | 62 ++ root/etc/cron.daily/cleanup_fail2ban | 27 + .../db/configuration/defaults/fail2ban/Mail | 1 + .../db/configuration/defaults/fail2ban/status | 1 + .../db/configuration/defaults/fail2ban/type | 1 + .../events/actions/fail2ban-resume-logs | 32 + .../events/actions/fail2ban-suspend-logs | 27 + .../bg/etc/e-smith/web/functions/fail2ban | 196 +++++ .../da/etc/e-smith/web/functions/fail2ban | 196 +++++ .../de/etc/e-smith/web/functions/fail2ban | 196 +++++ .../el/etc/e-smith/web/functions/fail2ban | 196 +++++ .../en-us/etc/e-smith/web/functions/fail2ban | 204 +++++ .../es/etc/e-smith/web/functions/fail2ban | 196 +++++ .../et/etc/e-smith/web/functions/fail2ban | 196 +++++ .../fr/etc/e-smith/web/functions/fail2ban | 196 +++++ .../he/etc/e-smith/web/functions/fail2ban | 196 +++++ .../hu/etc/e-smith/web/functions/fail2ban | 196 +++++ .../id/etc/e-smith/web/functions/fail2ban | 196 +++++ .../it/etc/e-smith/web/functions/fail2ban | 196 +++++ .../ja/etc/e-smith/web/functions/fail2ban | 196 +++++ .../nb/etc/e-smith/web/functions/fail2ban | 196 +++++ .../nl/etc/e-smith/web/functions/fail2ban | 196 +++++ .../pl/etc/e-smith/web/functions/fail2ban | 196 +++++ .../pt-br/etc/e-smith/web/functions/fail2ban | 196 +++++ .../pt/etc/e-smith/web/functions/fail2ban | 196 +++++ .../ro/etc/e-smith/web/functions/fail2ban | 196 +++++ .../ru/etc/e-smith/web/functions/fail2ban | 196 +++++ .../sl/etc/e-smith/web/functions/fail2ban | 196 +++++ .../sv/etc/e-smith/web/functions/fail2ban | 196 +++++ .../th/etc/e-smith/web/functions/fail2ban | 196 +++++ .../tr/etc/e-smith/web/functions/fail2ban | 196 +++++ .../zh-cn/etc/e-smith/web/functions/fail2ban | 196 +++++ .../zh-tw/etc/e-smith/web/functions/fail2ban | 196 +++++ .../smeserver-fail2ban.include/template-begin | 22 + .../etc/fail2ban/fail2ban.conf/10All | 8 + .../etc/fail2ban/jail.conf/00Default | 1 + .../etc/fail2ban/jail.conf/05IgnoreIP | 38 + .../etc/fail2ban/jail.conf/10BanTime | 7 + .../etc/fail2ban/jail.conf/10FindTime | 7 + .../etc/fail2ban/jail.conf/15MaxRetries | 6 + .../templates/etc/fail2ban/jail.conf/16Dns | 1 + .../etc/fail2ban/jail.conf/20Backend | 1 + .../etc/fail2ban/jail.conf/25Actions | 7 + .../etc/fail2ban/jail.conf/30Service10ssh | 31 + .../etc/fail2ban/jail.conf/30Service15dovecot | 25 + .../etc/fail2ban/jail.conf/30Service20qpsmtpd | 27 + .../etc/fail2ban/jail.conf/30Service25httpd | 97 +++ .../etc/fail2ban/jail.conf/30Service30pam | 11 + .../fail2ban/jail.conf/30Service32Smanager | 25 + .../etc/fail2ban/jail.conf/30Service35SOGo | 24 + .../fail2ban/jail.conf/30Service40LemonLDAPNG | 23 + .../etc/fail2ban/jail.conf/30Service45ftp | 21 + .../fail2ban/jail.conf/30Service50Ejabberd | 21 + .../etc/fail2ban/jail.conf/45wordpress | 68 ++ .../etc/fail2ban/jail.conf/90Recidive | 21 + .../templates/etc/logrotate.d/fail2ban/10All | 8 + .../templates/etc/rc.d/init.d/masq/40Fail2Ban | 6 + .../etc/rc.d/init.d/masq/90adjustFail2Ban | 33 + root/etc/e-smith/web/functions/fail2ban | 154 ++++ .../fail2ban/action.d/smeserver-iptables.conf | 13 + .../fail2ban/action.d/smeserver-sendmail.conf | 21 + root/etc/fail2ban/filter.d/apache-auth.local | 2 + root/etc/fail2ban/filter.d/apache-scan.conf | 11 + root/etc/fail2ban/filter.d/apache-xmlrpc.conf | 5 + root/etc/fail2ban/filter.d/lemonldap-ng.conf | 11 + root/etc/fail2ban/filter.d/qpsmtpd.conf | 11 + root/etc/fail2ban/filter.d/smanager.conf | 12 + root/etc/fail2ban/filter.d/sshd-ddos.conf | 28 + .../etc/fail2ban/filter.d/wordpress-hard.conf | 28 + .../etc/fail2ban/filter.d/wordpress-soft.conf | 34 + root/sbin/e-smith/smeserver-fail2ban | 132 +++ root/usr/bin/sfail2ban | 6 + .../esmith/FormMagick/Panel/fail2ban.pm | 461 ++++++++++ .../lib/SrvMngr/Controller/Fail2ban.pm | 455 ++++++++++ .../I18N/Modules/Fail2ban/fail2ban_en.lex | 56 ++ .../themes/default/templates/fail2ban.html.ep | 180 ++++ .../templates/partials/_f2b_blocked.html.ep | 47 ++ .../templates/partials/_f2b_valid.html.ep | 35 + smeserver-fail2ban.spec | 231 +++++ 86 files changed, 8686 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 additional/CHANGELOG.git create mode 100644 additional/smeserver-fail2ban.spec create mode 100644 additional/usr/bin/sfail2ban create mode 100644 contriborbase create mode 100644 createlinks create mode 100644 root/etc/cron.daily/cleanup_fail2ban create mode 100644 root/etc/e-smith/db/configuration/defaults/fail2ban/Mail create mode 100644 root/etc/e-smith/db/configuration/defaults/fail2ban/status create mode 100644 root/etc/e-smith/db/configuration/defaults/fail2ban/type create mode 100644 root/etc/e-smith/events/actions/fail2ban-resume-logs create mode 100644 root/etc/e-smith/events/actions/fail2ban-suspend-logs create mode 100644 root/etc/e-smith/locale/bg/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/da/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/de/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/el/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/es/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/et/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/fr/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/he/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/hu/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/id/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/it/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/ja/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/nb/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/nl/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/pl/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/pt/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/ro/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/ru/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/sl/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/sv/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/th/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/tr/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/e-smith/templates/etc/backup-data.d/smeserver-fail2ban.include/template-begin create mode 100644 root/etc/e-smith/templates/etc/fail2ban/fail2ban.conf/10All create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/00Default create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/10BanTime create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/10FindTime create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/15MaxRetries create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/16Dns create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/20Backend create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/90Recidive create mode 100644 root/etc/e-smith/templates/etc/logrotate.d/fail2ban/10All create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Fail2Ban create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban create mode 100644 root/etc/e-smith/web/functions/fail2ban create mode 100644 root/etc/fail2ban/action.d/smeserver-iptables.conf create mode 100644 root/etc/fail2ban/action.d/smeserver-sendmail.conf create mode 100644 root/etc/fail2ban/filter.d/apache-auth.local create mode 100644 root/etc/fail2ban/filter.d/apache-scan.conf create mode 100644 root/etc/fail2ban/filter.d/apache-xmlrpc.conf create mode 100644 root/etc/fail2ban/filter.d/lemonldap-ng.conf create mode 100644 root/etc/fail2ban/filter.d/qpsmtpd.conf create mode 100644 root/etc/fail2ban/filter.d/smanager.conf create mode 100644 root/etc/fail2ban/filter.d/sshd-ddos.conf create mode 100644 root/etc/fail2ban/filter.d/wordpress-hard.conf create mode 100644 root/etc/fail2ban/filter.d/wordpress-soft.conf create mode 100644 root/sbin/e-smith/smeserver-fail2ban create mode 100644 root/usr/bin/sfail2ban create mode 100644 root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm create mode 100644 root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm create mode 100644 root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex create mode 100644 root/usr/share/smanager/themes/default/templates/fail2ban.html.ep create mode 100644 root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep create mode 100644 root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep create mode 100644 smeserver-fail2ban.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cbb3a13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.gz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..abeedf6 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: smeserver-fail2ban +# $Id: Makefile,v 1.1 2020/06/10 08:53:03 brianr Exp $ +NAME := smeserver-fail2ban +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index 355b562..f425dc1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,17 @@ -# smeserver-fail2ban +# smeserver-fail2ban -SMEServer Koozali developed git repo for smeserver-fail2ban smecontribs \ No newline at end of file +SMEServer Koozali developed git repo for smeserver-fail2ban smecontribs + +## Wiki +
https://wiki.koozali.org/Fail2ban +
https://wiki.koozali.org/Fail2ban/fr +
https://wiki.koozali.org/SME-101.10:_Supplément:_Fail2ban + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-fail2ban&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
diff --git a/additional/CHANGELOG.git b/additional/CHANGELOG.git new file mode 100644 index 0000000..46aac10 --- /dev/null +++ b/additional/CHANGELOG.git @@ -0,0 +1,792 @@ +commit 0e8f39c6b123b947450223a7a97b2cb2904a8221 +Author: Daniel Berteaud +Date: Fri Oct 27 14:34:58 2017 +0200 + + Ignore qpsmtpd greylisting + +commit a166528140bf2bd8995f0015a5d088e495bcda0a +Merge: ae727cb a9211f5 +Author: Daniel Berteaud +Date: Fri Oct 27 14:34:18 2017 +0200 + + Merge branch 'sme9' + +commit a9211f5f9312a048f714de3f0813dc5fc470240a +Author: Daniel Berteaud +Date: Thu Nov 17 11:20:14 2016 +0100 + + Spec file update + +commit bc93ec4649b8368e5ea6aaf54053bdcf4fdf34b6 +Author: Daniel Berteaud +Date: Thu Nov 17 11:07:39 2016 +0100 + + Make sure log files exist before resuming jails after logrotate + +commit 3738f0a5bf47de1868c14d16b1e0ffbbd338b80b +Author: Daniel Berteaud +Date: Tue Aug 2 09:48:36 2016 +0200 + + Spec file update + +commit f96b380bcb54b997e14e7b65aa67cb22b5ea53ef +Author: Daniel Berteaud +Date: Tue Aug 2 09:14:56 2016 +0200 + + Possibility to filter valid remote hosts + +commit 5e941c60c918a7aa59a1b550ca16e1dc9aa80cf2 +Author: Daniel Berteaud +Date: Tue Jul 5 21:24:57 2016 +0200 + + Spec file update + +commit 8584e39c21dbdec57eb859df3e1edd113a7acb71 +Author: Daniel Berteaud +Date: Tue Jul 5 21:23:45 2016 +0200 + + Fix compat with older qpsmtpd + +commit 885ab8ac54419431bfd3e36b36c707e4c95b7e08 +Author: Daniel Berteaud +Date: Thu Jun 9 14:28:46 2016 +0200 + + Spec file update + +commit 96a290ca5ed4d9df5d11bfaf69b716528411037e +Author: Daniel Berteaud +Date: Thu Jun 9 14:22:37 2016 +0200 + + Adapt qpsmtpd regex to work with qopsmtpd 0.96 + +commit 0b1549615d112b5fcd01edd9bfbb60bf0fc796f6 +Author: Daniel Berteaud +Date: Mon Feb 29 11:40:48 2016 +0100 + + Spec file update + +commit ae727cb9001d0c7a6f6456c132eac03d2433240e +Author: Daniel Berteaud +Date: Mon Feb 29 11:22:11 2016 +0100 + + Spec file update + +commit 5f11114572e45c52d1aed58dfb228837fe7bda95 +Author: Daniel Berteaud +Date: Mon Feb 29 11:21:10 2016 +0100 + + Ignore failures to retrieve proxy.pac + +commit 7ed43d417110b9b6ae3314170ad0ee5c3b524d43 +Author: Daniel Berteaud +Date: Mon Feb 29 11:21:10 2016 +0100 + + Ignore failures to retrieve proxy.pac + +commit 2ab1d8ab05e910519b1c0abe470de3e9a2dc4f10 +Author: Daniel Berteaud +Date: Fri Jan 8 11:56:58 2016 +0100 + + Spec file update + +commit 756a93cb37a247171fdf962553355f80add3ee60 +Author: Daniel Berteaud +Date: Fri Jul 24 09:41:22 2015 +0200 + + Add missing $OUT .=<<"EOF"; statements + +commit 07c989d8cebaec2caa303c39b099b20f53d67d4d +Author: Daniel Berteaud +Date: Fri Jul 24 09:15:43 2015 +0200 + + Switch to upstream Ejabberd filter + +commit 9fb1fe4b7536f01d7796b32fb28b1029a1398c48 +Author: Daniel Berteaud +Date: Fri Jul 24 09:11:03 2015 +0200 + + ENable more apache jails + +commit 5b1a6c367a92303bf1eccdf39e6a5ba508696184 +Author: Daniel Berteaud +Date: Fri Jul 24 09:10:51 2015 +0200 + + Update main daemon conf template + +commit 1672a8431c4912fe92609467b9c1965bd5d07159 +Author: Daniel Berteaud +Date: Wed Apr 15 14:07:46 2015 +0200 + + Spec file update + +commit 13cf1a2f6ef6e0889d3eec41759633583bd01a00 +Author: Daniel Berteaud +Date: Wed Apr 15 14:07:02 2015 +0200 + + Spec file update + +commit 1b06a141972db3a1581a1ab6e65b3bbfcdce1c5b +Author: Daniel Berteaud +Date: Wed Apr 15 14:06:00 2015 +0200 + + Start fail2ban later + +commit 65854c6909be6b658d6f37cf862d24192a70fcf4 +Author: Daniel Berteaud +Date: Wed Apr 15 14:06:00 2015 +0200 + + Start fail2ban later + +commit 72fd0d81c2fd43248e429e7585708783c17a4eac +Author: Daniel Berteaud +Date: Tue Jan 27 22:37:05 2015 +0100 + + Spec file update + +commit c203c38bf7502bdabe312b32b164fc0751d501db +Author: Daniel Berteaud +Date: Tue Jan 27 21:59:26 2015 +0100 + + Suspend log monitoring during logrotate + Instead of restarting fail2ban daemon + +commit a0f024c4863fb478ee456544037ff6e8779c6166 +Author: Daniel Berteaud +Date: Tue Jan 27 22:36:15 2015 +0100 + + Spec file update + +commit 35b64f0502b256159a9ceab64a2b993a40b4a5fe +Author: Daniel Berteaud +Date: Tue Jan 27 21:59:26 2015 +0100 + + Suspend log monitoring during logrotate + Instead of restarting fail2ban daemon + +commit 71c09c53f4a3c28b50e5550089523189dac27e89 +Author: Daniel Berteaud +Date: Thu Jan 15 21:53:24 2015 +0100 + + Spec file update + +commit 97e122e4cba252439d8063b50f40c6710125c206 +Author: Daniel Berteaud +Date: Thu Jan 15 21:51:39 2015 +0100 + + Spec file update + +commit bc63b7a9fe050b0c1e2dab74ef5af4352ccfe181 +Author: Daniel Berteaud +Date: Mon Jan 5 11:11:35 2015 +0100 + + Fix LL::NG jail name + +commit a1e5bd2b2c835ccb24eee02fe054df4da3955610 +Author: Daniel Berteaud +Date: Mon Jan 5 11:11:35 2015 +0100 + + Fix LL::NG jail name + +commit 337c89ced4fbc075ad5e98e1ab2152d72ed9fb1c +Author: Daniel Berteaud +Date: Wed Sep 17 17:41:53 2014 +0200 + + Spec file update + +commit cac3d51734bbb102d1b763903bf01932735a4200 +Author: Daniel Berteaud +Date: Wed Sep 17 14:40:03 2014 +0200 + + Restart fail2ban during logrotate event + +commit 30db831b060bde1a76b636b789cf3364ab838136 +Author: Daniel Berteaud +Date: Wed Sep 17 17:39:55 2014 +0200 + + Spec file update + +commit b23fc96e2eecf74f7c36bf6229a7774ad1ac8d89 +Author: Daniel Berteaud +Date: Wed Sep 17 14:40:03 2014 +0200 + + Restart fail2ban during logrotate event + +commit 2a25c2a6fdc86369bfc57eb74bd2329fe5f4a47d +Author: Daniel Berteaud +Date: Mon Sep 8 12:15:14 2014 +0200 + + Spec file update + +commit 799310bef3d35c4fa0967decd7d756d7e21c5b1b +Author: Daniel Berteaud +Date: Mon Jun 23 21:40:28 2014 +0200 + + Define empty actionstart, actionstop and actioncheck + in smeserver-iptables action + +commit 4da2dd69790d3da74bde0e531e63d6d4cb27aa87 +Author: Daniel Berteaud +Date: Mon Jun 23 21:38:17 2014 +0200 + + Define pidfile in fail2ban.conf + +commit 8f9f7ba6558657a542fe3711ba092fdc7c1f336b +Author: Daniel Berteaud +Date: Mon Jun 23 21:37:41 2014 +0200 + + Pre-create fail2ban log file so it can start the first time + Needed on EL6 version of fail2ban + +commit 58877ee9874054d5b923fd218d06ca6586520e0a +Author: Daniel Berteaud +Date: Wed Apr 23 09:21:25 2014 +0200 + + sogo-auth.conf is included in EL6 build of fail2ban + +commit b92a8aa92cd66aba40eaa937643e6be3787596e0 +Author: Daniel Berteaud +Date: Wed Jun 25 17:30:21 2014 +0200 + + spec file update + +commit bd770e2f115f391503339770feb4605d0e52a745 +Author: Daniel Berteaud +Date: Wed Jun 25 17:29:36 2014 +0200 + + spec file update + +commit fbd9cab08aec9e9cccf94f8b1440075a5bf42d21 +Author: Daniel Berteaud +Date: Wed Jun 25 17:28:19 2014 +0200 + + Correctly handle single IP in IgnoreIP prop + +commit 1db538bbd0bd1886db606750e6bdb79982912081 +Author: Daniel Berteaud +Date: Wed Jun 25 17:28:19 2014 +0200 + + Correctly handle single IP in IgnoreIP prop + +commit fd3c7ae78ad2d2c5f107e84553d286e3ae7ad378 +Author: Daniel Berteaud +Date: Tue Jun 24 08:53:42 2014 +0200 + + Spec file update + +commit 831e0580859e2e178e36f9424b1604b2bbadc5cb +Author: Daniel Berteaud +Date: Mon Jun 23 23:07:35 2014 +0200 + + Relax proxy regex to prevent proxy.pac ban + +commit 42b940281f48ce90faa106624f38ac15db7dad23 +Author: Daniel Berteaud +Date: Tue Jun 24 08:52:45 2014 +0200 + + Spec file update + +commit 8d1b7034ed90559e1bc65fc00c18054cb3b975ce +Author: Daniel Berteaud +Date: Mon Jun 23 23:07:35 2014 +0200 + + Relax proxy regex to prevent proxy.pac ban + +commit 27fffc9ef423c4738a25ebab45ec0020a1b0328d +Author: Daniel Berteaud +Date: Mon Jun 23 22:01:38 2014 +0200 + + Spec file update + +commit 593c15112004d2f3b4724820070c31eb9d9201a1 +Author: Daniel Berteaud +Date: Mon Jun 23 21:40:28 2014 +0200 + + Define empty actionstart, actionstop and actioncheck + in smeserver-iptables action + +commit a862d253283d88af383c8db916546c66ae52093f +Author: Daniel Berteaud +Date: Mon Jun 23 21:38:17 2014 +0200 + + Define pidfile in fail2ban.conf + +commit fbc84a6219d5d9b5d6f9493e17fa46d9513adf92 +Author: Daniel Berteaud +Date: Mon Jun 23 21:37:41 2014 +0200 + + Pre-create fail2ban log file so it can start the first time + Needed on EL6 version of fail2ban + +commit f214e95046bd2d87e272f146609be022d65b7219 +Author: Daniel Berteaud +Date: Wed Apr 23 09:22:25 2014 +0200 + + Spec file update + +commit 9ef3a867ec6df07d04bbc73861e8ff48d840ee3e +Author: Daniel Berteaud +Date: Wed Apr 23 09:21:25 2014 +0200 + + sogo-auth.conf is included in EL6 build of fail2ban + +commit f3d69c1264f706ca615b19e24a9365abb9da9235 +Author: Daniel Berteaud +Date: Wed Dec 18 16:07:29 2013 +0100 + + spec file update + +commit 43c8140cbd130b1f51f801bf27ad30aeafe59327 +Author: Daniel Berteaud +Date: Wed Dec 18 16:06:40 2013 +0100 + + Fix port, which was incorrectly set to proto + +commit d5d4839b9b4e13a2b5419416658aae81269b0b2e +Author: Daniel Berteaud +Date: Tue Nov 19 16:03:46 2013 +0100 + + spec file update + +commit 8c158ec422076444db488bc7ab92c24a212766fa +Author: Daniel Berteaud +Date: Tue Nov 19 11:48:21 2013 +0100 + + Create the DB entry in one transaction to reduce the amount of logs for each ban + +commit 093957117d15c7ad27c8b9033fc49bf9139474bb +Author: Daniel Berteaud +Date: Thu Jul 4 11:02:07 2013 +0200 + + update spec file + +commit 92e8668ff553df4ffb1306f9ddf5fa20a97cf0c9 +Author: Daniel Berteaud +Date: Thu Jul 4 11:01:24 2013 +0200 + + Fix service name for LemonLDAP::NG + +commit adb52654d7b9147db6bffedda4b46a38419780c0 +Author: Daniel Berteaud +Date: Tue May 14 14:50:59 2013 +0200 + + update spec file + +commit d8d650fd45e32c5fa08335e74fa985ba9f9a39b0 +Author: Daniel Berteaud +Date: Tue May 14 14:49:59 2013 +0200 + + Default to enable mail notifications + +commit 3fe622a02e7f2adba7bd8125354f1dab55c90941 +Author: Daniel Berteaud +Date: Mon May 13 12:10:15 2013 +0200 + + Add missing type in config DB for fail2ban service + +commit e4db556bf366ae9671e89bef277fcb2dd0b6dfa4 +Author: Daniel Berteaud +Date: Thu May 9 14:30:57 2013 +0200 + + Possibility to disable jails for individual services + +commit 77ba56b52ec7097ca38fa183bfa76bcd2181ea01 +Author: Daniel Berteaud +Date: Thu May 9 11:15:42 2013 +0200 + + Create fail2ban DB if it doesn't exist + +commit 5420a45ffaccd84419923da0915c5e2b801a2f2e +Author: Daniel Berteaud +Date: Sat May 4 12:52:43 2013 +0200 + + Some more apache-scan regex + +commit 2da82e6d45a337d1d7a1ca31d0c54d0eb5a8fa31 +Author: Daniel Berteaud +Date: Sat May 4 12:41:46 2013 +0200 + + Add Ejabberd filter and jail + +commit 1f8d32a6e02a5e6114bbc3708bc5058984ad4600 +Author: Daniel Berteaud +Date: Sat May 4 12:34:55 2013 +0200 + + Add a few regex in apache-scan filter + +commit 2d41499e2eeea21d63460eecc9cc72d04734a602 +Author: Daniel Berteaud +Date: Sat May 4 02:11:26 2013 +0200 + + Fix maxretry and action order in qpsmtpd jail conf + +commit 57b7e1778906424f5cb005a486788199e5a2a973 +Author: Daniel Berteaud +Date: Sat May 4 01:53:01 2013 +0200 + + Fix qpsmtpd jail to detect other denied reason (like dnsbl, early_talker etc...) + +commit 096e5264d35476d68fe89a03321ec3e093e4bbaf +Author: Daniel Berteaud +Date: Fri May 3 16:57:29 2013 +0200 + + Set default maxretry to 3 + +commit 17dd080c5d63f9d866bd5a7b2f99b5c920705b66 +Author: Daniel Berteaud +Date: Fri May 3 16:57:08 2013 +0200 + + Fix pam generic description in mail notification and increase maxretry, so it's not triggerd at the same time as other jails + +commit 0865b67e7cd90b88ef107da8a63a4da2636c1257 +Author: Daniel Berteaud +Date: Fri May 3 16:52:10 2013 +0200 + + Increase findtime to 900 + +commit 7f2dc909f2373f63e6e97d31ae6449f6ff525cb2 +Author: Daniel Berteaud +Date: Fri May 3 16:50:52 2013 +0200 + + Default to use DNS + +commit a04440c3b264d451e4ee8c1ee0b0ec62c7885bd5 +Author: Daniel Berteaud +Date: Fri May 3 15:41:30 2013 +0200 + + add ssh-ddos jail + +commit 14170ae2979aeaa533cdba1f12ab8ac470d42894 +Author: Daniel Berteaud +Date: Fri May 3 15:34:04 2013 +0200 + + Use upstream sogo-auth filter + +commit ba323c25578e5a7bf3dcb209c5607bef00f10505 +Author: Daniel Berteaud +Date: Fri May 3 12:01:31 2013 +0200 + + Fix actions for the recidive jail + +commit 5eb66234d76e22dc135b6412ace5fea477242791 +Author: Daniel Berteaud +Date: Fri May 3 11:31:30 2013 +0200 + + Add a jail for proftpd + +commit 8131efc2ecc3b605d38908e498ef673690608496 +Author: Daniel Berteaud +Date: Fri May 3 11:20:15 2013 +0200 + + Expand jail.conf and restart fail2ban on network-create, network-delete and remoteaccess-update + +commit ece16d115994b9a28091827a8ae80aeef2b141aa +Author: Daniel Berteaud +Date: Fri May 3 11:17:56 2013 +0200 + + Whitelist the local IP of the server itself + +commit 6ffdca75017c429ec3949fc42171e40085187b8b +Author: Daniel Berteaud +Date: Fri May 3 00:05:59 2013 +0200 + + rename smeserver action to smeserver-iptables + +commit b81e45174b03df2bf666a30c3a4fbe256d055dd8 +Author: Daniel Berteaud +Date: Fri May 3 00:03:59 2013 +0200 + + Use a custom sendmail conf to only send a mail on ban + +commit be1410934a09ccbc1ba13f9286f8ffe0428a45fd +Author: Daniel Berteaud +Date: Thu May 2 23:03:26 2013 +0200 + + Fix syntax error in qpsmtpd jail template + +commit 5f6c3d717405c6596e71f16ef10d25c3182d2112 +Author: Daniel Berteaud +Date: Thu May 2 19:11:51 2013 +0200 + + Set default maxretry to 4 + +commit 2bc85614b1b7c211893ea6679da5388f0b07aca0 +Author: Daniel Berteaud +Date: Thu May 2 19:10:31 2013 +0200 + + Add qpsmtpd jail + +commit f9e841e5c2e60ec0409ae4449ccfcafdbffb4bb3 +Author: Daniel Berteaud +Date: Thu May 2 17:53:28 2013 +0200 + + Remove unused name var in pam-generic jail + +commit eb22e2eb6b8c18309a836cf72d90fe401d3ba595 +Author: Daniel Berteaud +Date: Thu May 2 17:22:12 2013 +0200 + + Enhance apache-scan filters + +commit cb73eb7a4bf676207199b6cd39c0e3fc9e18ebf1 +Author: Daniel Berteaud +Date: Thu May 2 16:33:54 2013 +0200 + + Insert fail2ban rule before state_chk and local_chk so established connexions can be stopped for banned host, and local hosts may also be banned + +commit 1b7f16e314704c3e39261f9964ecae0106f724cb +Author: Daniel Berteaud +Date: Thu May 2 16:29:01 2013 +0200 + + expand $bantime variable in pam jail + +commit 911db13c49e1a64b19359cd68cb06d2a47dad6af +Author: Daniel Berteaud +Date: Thu May 2 16:28:27 2013 +0200 + + escape quotes in jail templates + +commit d33fe92435a29298ce8241b024eac4938c588331 +Author: Daniel Berteaud +Date: Thu May 2 16:19:53 2013 +0200 + + Default to disabled for jails + +commit 5240cfb528e373ec34cea694325a7d26ea19473b +Author: Daniel Berteaud +Date: Thu May 2 16:18:48 2013 +0200 + + Add LL::NG filter and jail and default to disabled for SOGo jail + +commit 3285432916cd7d4db0d1aaffeeb948271fc068b4 +Author: Daniel Berteaud +Date: Thu May 2 16:14:26 2013 +0200 + + Fix sogo failregex + +commit 97d352dda17a05b5024ebd1493d60cddacf6c3bd +Author: Daniel Berteaud +Date: Thu May 2 15:59:25 2013 +0200 + + Variables are not passed correctly, so define actions in each jail + +commit d941c985ae64128c95565b124533aabf5b13c0d1 +Author: Daniel Berteaud +Date: Thu May 2 15:41:03 2013 +0200 + + fix action tempates + +commit 08b187212a6afadbecaf368afddfd9546b651373 +Author: Daniel Berteaud +Date: Thu May 2 14:58:19 2013 +0200 + + Fix actions for all the services + +commit 8b8e59de61a859301f7f771bedb5a44f30b3921f +Author: Daniel Berteaud +Date: Thu May 2 14:44:12 2013 +0200 + + Fix a syntax error in smeserver-fail2ban + +commit f2cfad3448c62db86e1037b08a9d41ed076751c6 +Author: Daniel Berteaud +Date: Thu May 2 14:40:51 2013 +0200 + + Fix apache-scan regex + +commit 9560117ab7078ce2699f98f0d23170061f6f2d5a +Author: Daniel Berteaud +Date: Thu May 2 14:40:20 2013 +0200 + + Fix actions template in jail.conf + +commit 3f165421d4496aa573c38baf696e02efe0d54994 +Author: Daniel Berteaud +Date: Thu May 2 14:37:31 2013 +0200 + + Add a jail for SOGo + +commit 4b7d3586d5722d5f2bd2a19cc4c1526097a04cb7 +Author: Daniel Berteaud +Date: Thu May 2 14:16:04 2013 +0200 + + Define actions in the default section, and add a prop to enable mail alerts + +commit 0ba11fc416fda0045a33f693b3c930dab8a8418f +Author: Daniel Berteaud +Date: Thu May 2 14:00:14 2013 +0200 + + pass bantime arg to smeserver-fail2ban action + +commit daa6416b136fcbe44dfc1876e502cde4cea0af46 +Author: Daniel Berteaud +Date: Thu May 2 13:41:55 2013 +0200 + + Add the timestamp for unban action in the database + +commit 613b3220eff527da72ad112c01f51d765663c408 +Author: Daniel Berteaud +Date: Thu May 2 04:10:11 2013 +0200 + + Only return after all the rules have been inserted, not between each rules (in masq templates) + +commit 77662adefdb43c2ec2e16c1a37505cd6f2fcc8e8 +Author: Daniel Berteaud +Date: Thu May 2 04:06:04 2013 +0200 + + quote the port in jails to allow multiple ports with a comma + +commit 05dd76c85772c584aeb4e2500fa07b4eadcfa316 +Author: Daniel Berteaud +Date: Thu May 2 03:59:56 2013 +0200 + + Use the polling backend for the recidive jail to prevent infinite loop if we increase verbosity of the daemon + +commit 41dab440265237144de1369ef283b883d2fab058 +Author: Daniel Berteaud +Date: Thu May 2 03:58:34 2013 +0200 + + Convert networks addresses to CIDR + +commit 5e358594af7bb07d8b6fbdd5e1cdb80f27e927ab +Author: Daniel Berteaud +Date: Thu May 2 03:58:12 2013 +0200 + + Fix imap jail syntax + +commit 624ad98388c7c5fffc2ec06edaf1947a8625311f +Author: Daniel Berteaud +Date: Thu May 2 03:41:02 2013 +0200 + + Fix http jail template + +commit 42bb3ba3f4c0c7c1a2c6d8bdfb08b21445298401 +Author: Daniel Berteaud +Date: Thu May 2 03:24:35 2013 +0200 + + Fix masq template syntax + +commit a2c6621151925dc8446a0c9e359382c137409439 +Author: Daniel Berteaud +Date: Thu May 2 03:10:17 2013 +0200 + + Increase default maxretry to 5 + +commit 07c9504b39b94c6fc928dd081bb07fd76c744aff +Author: Daniel Berteaud +Date: Thu May 2 03:09:36 2013 +0200 + + Add a pam-generic jail + +commit 52bf6b871da31bf39e9299404af6462e234efcc9 +Author: Daniel Berteaud +Date: Thu May 2 03:02:54 2013 +0200 + + add a jail for apache + +commit 4df9a2848c5affc96ef2054db311c479c7405313 +Author: Daniel Berteaud +Date: Thu May 2 02:13:52 2013 +0200 + + Use multiport iptables module to support several ports in one rule + +commit d373fabde8910d7a8ad23be95b53eaed5f3f3f8d +Author: Daniel Berteaud +Date: Thu May 2 02:09:18 2013 +0200 + + Add a jail for dovecot + +commit 390c69787589767c8bc5fd0aaa497c14156584b2 +Author: Daniel Berteaud +Date: Thu May 2 01:54:11 2013 +0200 + + Only enable SSH jail if ssh service is enabled + +commit 6eb50b8c84bc3435b774e05222065ff0dd97172c +Author: Daniel Berteaud +Date: Thu May 2 01:51:49 2013 +0200 + + Enable the recidive jail (monitor fail2ban's own logs to ban for a longer period hosts which gets banned several time) + +commit 3efe85e03eab32f4b7fcd10e62d48ec226a756ad +Author: Daniel Berteaud +Date: Thu May 2 01:44:54 2013 +0200 + + whitelist the whole 127.0.0.0/8 mask + +commit 1848a6a869855b2693a7fe30d4d93359b641d440 +Author: Daniel Berteaud +Date: Thu May 2 01:44:22 2013 +0200 + + Add IgnoreIP prop to specify a local list of IP to prevent from being banned + +commit f81ad40949730ced09cfec2ba837da31d11957cb +Author: Daniel Berteaud +Date: Thu May 2 01:42:16 2013 +0200 + + rename ban script to smeserver-fail2ban + +commit 242cdc05a3a994be1a9205eff44183b4e15a0243 +Author: Daniel Berteaud +Date: Thu May 2 01:40:35 2013 +0200 + + Add a cleanup script to purge rules in case fail2ban lost them + +commit c5685730a7a29bfb83012528751a1c53f88e0eb9 +Author: Daniel Berteaud +Date: Thu May 2 01:22:37 2013 +0200 + + Increase default ban time to 30 min + +commit fa462938fbf716a22b3c3902de307da6939d9923 +Author: Daniel Berteaud +Date: Thu May 2 01:20:48 2013 +0200 + + expand fail2ban templates during bootstrap-console-save event + +commit 39337adf12c9811edd4b006e9fee91f29f71c328 +Author: Daniel Berteaud +Date: Thu May 2 01:19:12 2013 +0200 + + Disable DNS reverse lookups + +commit bc6518ba96500fa869be7c6595a1a2f6ba446562 +Author: Daniel Berteaud +Date: Thu May 2 01:15:52 2013 +0200 + + Add proto and port support in masq templates + +commit a99711dd02ef4f7cda80d3123a3b2c40338ed323 +Author: Daniel Berteaud +Date: Mon Apr 29 12:15:26 2013 +0200 + + Send daemon logs to a dedicated file and add logrotate templates + +commit d1369db297c97d5ff9ac41de85fd32faacfd61fa +Author: Daniel Berteaud +Date: Mon Apr 29 11:51:28 2013 +0200 + + remove daemontools support, fail2ban doesn't play well with it because the daemon started standalone won't do anything before the client parse the config and send the param to the server + +commit b88a9b5f1a456693080f8b1f6f1014c833a562d3 +Author: Daniel Berteaud +Date: Sun Apr 28 22:10:12 2013 +0200 + + Fix sections space + +commit d73e7df3378e5f2336fad1e0a5aa81aca24f7996 +Author: Daniel Berteaud +Date: Sun Apr 28 22:08:21 2013 +0200 + + Reverse bad logic in FilterLocalNetworks + +commit df3190298ddd8a905821a8fdc29dafd4fb465bd2 +Author: Daniel Berteaud +Date: Sun Apr 28 22:06:33 2013 +0200 + + various fixes in jail.conf templates + +commit 0b90b27eb871a2c94c8336c2b5dd61f1d185bc05 +Author: Daniel Berteaud +Date: Sun Apr 28 21:43:50 2013 +0200 + + First commit diff --git a/additional/smeserver-fail2ban.spec b/additional/smeserver-fail2ban.spec new file mode 100644 index 0000000..5b9e39e --- /dev/null +++ b/additional/smeserver-fail2ban.spec @@ -0,0 +1,119 @@ +%define version 0.1.18 +%define release 1 +%define name smeserver-fail2ban + + +Summary: fail2ban integration on SME Server +Name: %{name} +Version: %{version} +Release: %{release}%{?dist} +Epoch: 9 +License: GPL +Group: Networking/Daemons +Source: %{name}-%{version}.tar.gz + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +BuildRequires: e-smith-devtools + +Requires: e-smith-base >= 5.2.0 +Requires: fail2ban + +%description +Configure fail2ban on SME Server + +%changelog +* Fri Oct 27 2017 Daniel Berteaud - 0.1.18-1.sme +- Ignore greylisting, from Michael McCarn [SME: 10447] + +* Thu Nov 17 2016 Daniel Berteaud - 0.1.17-1.sme +- Makes sur log files exist before resuming monitoring after a logrotate + [SME: 9875] + +* Tue Aug 2 2016 Daniel Berteaud - 0.1.16-1.sme +- Add a new prop (FilterValidRemoteHosts) to allow blacklisting of hosts allowed + to access the server-manager +- Ignore 0.0.0.0/0.0.0.0 by default [SME: 9719] + +* Tue Jul 5 2016 Daniel Berteaud - 0.1.15-1.sme +- Fix compat with older qpsmtpd + +* Thu Jun 9 2016 Daniel Berteaud - 0.1.14-1.sme +- Update regex for qpsmtpd 0.96 + +* Mon Feb 29 2016 Daniel Berteaud - 0.1.13-1.sme +- Ignore failure to get proxy.pac + +* Fri Jul 24 2015 Daniel Berteaud - 0.1.12-1.sme +- Updates for fail2ban 0.9.2 +- Add more httpd jails +- Switch to upstream Ejabberd filter + +* Wed Apr 15 2015 Daniel Berteaud - 0.1.11-1.sme +- Start fail2ban a bit later [SME: 8708] + +* Tue Jan 27 2015 Daniel Berteaud - 0.1.10-1.sme +- Suspend log monitoring during logrotate [SME: 8708] + +* Thu Jan 15 2015 Daniel Berteaud - 0.1.9-1.sme +- Fix LL::NG jail name + +* Wed Sep 17 2014 Daniel Berteaud - 0.1.8-1.sme +- Restart fail2ban during logrotate event so it re-open apache log file [SME: 8557] + +* Wed Jun 25 2014 Daniel Berteaud - 0.1.7-1.sme +- Correctly handle single IP in IgnoreIP prop + +* Tue Jun 24 2014 Daniel Berteaud - 0.1.6-1.sme +- Relax proxy regex so requests for proxy.pac aren't matched + +* Mon Jun 23 2014 Daniel Berteaud - 0.1.5-1.sme +- Pre-create the logfile so fail2ban can start the first time +- Remove most warnings on startup + +* Wed Apr 23 2014 Daniel Berteaud - 0.1.4-1.sme +- New branch for SME9 +- Remove sogo-auth.conf which is included in EL6 build of fail2ban +>>>>>>> sme9 + +* Wed Dec 18 2013 Daniel Berteaud - 0.1.3-1.sme +- Fix port, which was incorrectly set to proto + +* Tue Nov 19 2013 Daniel Berteaud - 0.1.2-1.sme +- Create the DB entries in one transaction to reduce the amount of log + for each ban + +* Thu Jul 4 2013 Daniel Berteaud - 0.1.1-1.sme +- Fix service name for LemonLDAP::NG + +* Tue May 14 2013 Daniel Berteaud - 0.1.0-1.sme +- initial release + +%prep +%setup -q -n %{name}-%{version} + +%build +%{__mkdir_p} root/var/log/fail2ban +perl createlinks + +%install +/bin/rm -rf $RPM_BUILD_ROOT +(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) +/bin/rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /var/log/fail2ban 'attr(0750,root,root)' \ + --file /var/log/fail2ban/daemon.log 'config(noreplace) %attr(0600,root,root)' \ + --file /etc/cron.daily/cleanup_fail2ban 'attr(0755,root,root)' \ + --file /etc/fail2ban/filter.d/apache-auth.local 'config(noreplace) %attr(0644,root,root)' \ + > %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + +%post + +%preun + diff --git a/additional/usr/bin/sfail2ban b/additional/usr/bin/sfail2ban new file mode 100644 index 0000000..764edf8 --- /dev/null +++ b/additional/usr/bin/sfail2ban @@ -0,0 +1,6 @@ +#!/bin/bash +for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') +do +fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail' |sed 'N;s/\n/:/'|cut -d: -f2,4 +done + diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..9b7fd51 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +contribs10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..863a811 --- /dev/null +++ b/createlinks @@ -0,0 +1,62 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +# Koozali event specific for updating with yum without reboot +$event = "smeserver-fail2ban-update"; +#add here the path to your templates needed to expand +#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event + +foreach my $file (qw( + /etc/systemd/system-preset/49-koozali.preset + /etc/backup-data.d/smeserver-fail2ban.include + /etc/dar/DailyBackup.dcf +)) +{ + templates2events( $file, $event ); +} + +#action needed in case we have a systemd unit +event_link("systemd-default", $event, "10"); +event_link("systemd-reload", $event, "50"); + +#action specific to this package +#event_link("some event", $event, "30"); +#services we need to restart +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/masq"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/fail2ban"); +#and Server Manager panel link + +panel_link("fail2ban", "manager"); + +templates2events("/etc/rc.d/init.d/masq", "fail2ban-update"); +templates2events("/etc/rc.d/init.d/masq", "smeserver-fail2ban-update"); + +foreach my $event qw(smeserver-fail2ban-update fail2ban-conf bootstrap-console-save){ + templates2events("/etc/fail2ban/jail.conf", "$event"); + templates2events("/etc/fail2ban/fail2ban.conf", "$event"); + templates2events("/etc/logrotate.d/fail2ban", "$event"); +} +templates2events("/etc/fail2ban/jail.conf", "network-create"); +templates2events("/etc/fail2ban/jail.conf", "network-delete"); +templates2events("/etc/fail2ban/jail.conf", "remoteaccess-update"); +safe_symlink("adjust", "root/etc/e-smith/events/fail2ban-update/services2adjust/masq"); +safe_symlink("restart", "root/etc/e-smith/events/fail2ban-conf/services2adjust/fail2ban"); +safe_symlink("restart", "root/etc/e-smith/events/network-create/services2adjust/fail2ban"); +safe_symlink("restart", "root/etc/e-smith/events/network-delete/services2adjust/fail2ban"); +safe_symlink("restart", "root/etc/e-smith/events/remoteaccess-update/services2adjust/fail2ban"); +event_link("fail2ban-suspend-logs", "logrotate", "02"); +event_link("fail2ban-resume-logs", "logrotate", "98"); + +safe_touch("root/var/log/fail2ban/daemon.log"); + +#service_link_enhanced("fail2ban", "S99", "7"); +#service_link_enhanced("fail2ban", "K08", "6"); +#service_link_enhanced("fail2ban", "K08", "0"); + +# for smeserver-manager +my $event = "smeserver-fail2ban-update"; +safe_symlink('restart', "root/etc/e-smith/events/$event/services2adjust/smanager"); +event_link('navigation2-conf', "$event", '80'); +event_link('routes2-conf', "$event", '80'); +event_link('locales2-conf', "$event", '80'); diff --git a/root/etc/cron.daily/cleanup_fail2ban b/root/etc/cron.daily/cleanup_fail2ban new file mode 100644 index 0000000..aefb4c9 --- /dev/null +++ b/root/etc/cron.daily/cleanup_fail2ban @@ -0,0 +1,27 @@ +#!/usr/bin/perl -w + +use strict; +use warnings; +use esmith::ConfigDB; + +my $c = esmith::ConfigDB->open_ro; +my $f = esmith::ConfigDB->open('fail2ban'); +my $f2b = $c->get('fail2ban'); + +exit (0) unless ($f2b); + +my $bantime = $f2b->prop('BanTime') || '1800'; +my $mod = 0; + +foreach my $ban ($f->get_all_by_prop( type => 'ban')){ + my $ts = $ban->prop('UnbanTimestamp') || time+$bantime; + if ( $ts < time ){ + $ban->delete; + $mod = 1; + } +} +if ($mod == 1){ + die "An error occured during fail2ban rule update\n" + unless (system('/sbin/e-smith/signal-event fail2ban-update') == 0); +} +exit (0); diff --git a/root/etc/e-smith/db/configuration/defaults/fail2ban/Mail b/root/etc/e-smith/db/configuration/defaults/fail2ban/Mail new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/fail2ban/Mail @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/fail2ban/status b/root/etc/e-smith/db/configuration/defaults/fail2ban/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/fail2ban/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/fail2ban/type b/root/etc/e-smith/db/configuration/defaults/fail2ban/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/fail2ban/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/events/actions/fail2ban-resume-logs b/root/etc/e-smith/events/actions/fail2ban-resume-logs new file mode 100644 index 0000000..7e0f292 --- /dev/null +++ b/root/etc/e-smith/events/actions/fail2ban-resume-logs @@ -0,0 +1,32 @@ +#!/bin/sh + +STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled) +if [ "$STATUS" != "enabled" ]; then + exit 0 +fi + +sleep 1 +# Makes sure /var/log/httpd/error_log is not a dangling symlink +[ -e /var/log/httpd/error_log ] || touch /var/log/httpd/error_log +for JAIL in http-overflows http-noscript http-scan http-auth; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/httpd/error_log + fi +done + +[ -e /var/log/secure ] || touch /var/log/secure +for JAIL in pam-generic ftp; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/secure + fi +done + +[ -e /var/log/messages ] || touch /var/log/messages +for JAIL in lemonldap; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL addlogpath /var/log/messages + fi +done diff --git a/root/etc/e-smith/events/actions/fail2ban-suspend-logs b/root/etc/e-smith/events/actions/fail2ban-suspend-logs new file mode 100644 index 0000000..a92767f --- /dev/null +++ b/root/etc/e-smith/events/actions/fail2ban-suspend-logs @@ -0,0 +1,27 @@ +#!/bin/sh + +STATUS=$(/sbin/e-smith/db configuration getprop fail2ban status || echo disabled) +if [ "$STATUS" != "enabled" ]; then + exit 0 +fi + +for JAIL in http-overflows http-noscript http-scan http-auth; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/httpd/error_log + fi +done + +for JAIL in pam-generic ftp; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/secure + fi +done + +for JAIL in lemonldap; do + /usr/bin/fail2ban-client status $JAIL > /dev/null 2>&1 + if [ $? -eq 0 ]; then + /usr/bin/fail2ban-client set $JAIL dellogpath /var/log/messages + fi +done diff --git a/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..c25b42a --- /dev/null +++ b/root/etc/e-smith/locale/bg/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Състояние на услугата на Fail2ban. + + + STATUS + Състояние + + + FilterLocalNetworks_STATUS + Сложи в бял списък всички дефинирани локални мрежи. + + + FilterLocalNetworks + Статус на FilterLocalNetworks + + + FilterValidRemoteHosts_STATUS + Поставяне в белия списък на всички оторизирани отдалечени хостове, на които е позволено да достъпват server-manager. + + + FilterValidRemoteHosts + Състояние на FilterValidRemoteHosts + + + BANTIME + Задайте стандартното време забрана за затворите (първоначално стандарта е 1800 секунди). + + + DEFAULT_BANTIME + Време за забрана + + + FINDTIME + >Задайте стандартното време за откриване за затворите първоначално стандарта е 900 секунди). + + + DEFAULT_FINDTIME + Време за откриване + + + MAXRETRY + Задайте стандартния максимален брой опити преди поставяне на забрана (първоначално стандарта е 3). + + + DEFAULT_MAXRETRY + Макс. опити + + + SSHD_STATUS + Състояние на sshd затвор. + + + SSHD + sshd + + + QPSMTPD_STATUS + Състояние на затвора на qpsmtpd (входяща поща). + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Състояние на затвора на dovecot (imap услугата за изтегляне на поща). + + + IMAP + dovecot + + + HTTPD_STATUS + Състояние на затвора на httpd. Няколко възможности за включени тук едновремено. + + + HTTPD + httpd + + + FTP_STATUS + Състояние на затвора на proftpd. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Състояние на затвора на LemonLDAP, ако е инсталиран. Нищо не се изпълнява ако LemonLDAP не е инсталиран или е изключен. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Състояние на затвора на ejabberd, ако е инсталиран. Нищо няма да се стартира ако ejabberd не е инсталиран или изключен. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Състояние на затвора на SOGO, ако е инсталиран. Нищо няма да се стартира ако SOGO не е инсталиран или изключен. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Статус на затворите на wordpress. Трябва да ги активирате ръчно, ако имате такива в инфо слот или като добавка на сървъра. Също, моля инсталирайте и добавките на всичките му инсталации. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Позволени хостове

Това е списък от хостове, които няма да бъдат блокирани от fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Няма елементи + + + DESC_ADD_IP + За да добавите нова позволена мрежа въведете информацията по-долу. + + + ADD_IP + Оторизирана мрежа + + + DESC_ADD_BITS + За да добавите нова позволена мрежа въведете съответната маска на подмрежа като битове, напр. 22, 25 или 32. + + + ADD_BITS + Оторизирана подмрежа + + + CURRENT_DENY_DESC + Блокирани хостове

Това е списък на хостове, които са блокирани в момента. ]]> + + + FIRST_SEEN + Хост видян за пръв път + + + SUCCESS + Новите настройки на fail2ban бяха записани. + + + ERR_NO_RECORD + Не мога да открия записът на fail2ban в БД за конфигурация + + + ERROR_STOPPING + Грешка при опит за спиране на услугата + + + SUCCESS_IP + Беше махната забраната за този IP адрес + + + SUCCESS_IP_WHITE + Беше махната забраната за този IP адрес и бе поставен бели списък + + + ERROR_UPDATING + Не мога да махна забраната + + + ERROR_UPDATING_WHITE + Не мога да махна забраната и да сложа в белия списък + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Изтриване на писмо + + + + diff --git a/root/etc/e-smith/locale/da/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/da/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..7bb1e6d --- /dev/null +++ b/root/etc/e-smith/locale/da/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Ingen optegnelser + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Vært set første gang + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Fejl under forsøg på at stoppe denne service + + + SUCCESS_IP + Det følgende IP er ikke længere blokeret + + + SUCCESS_IP_WHITE + Det følgende IP er ikke længere blokeret og er hvidlistet + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Slet email + + + + diff --git a/root/etc/e-smith/locale/de/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/de/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..8781479 --- /dev/null +++ b/root/etc/e-smith/locale/de/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Noch keine Einträge + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host zuerst bemerkt am + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Fehler beim Versuch den service zu stoppen. + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + E-Mail löschen + + + + diff --git a/root/etc/e-smith/locale/el/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/el/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..3d457bf --- /dev/null +++ b/root/etc/e-smith/locale/el/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Email + + + + diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..00cf1eb --- /dev/null +++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,204 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC + +

Allowed Hosts

+

This is a list of hosts that will not be blocked by fail2ban.

+ ]]> +
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + + Blocked Hosts +

This is a list of hosts that are currently blocked. + ]]> + + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Alert Email + + + + diff --git a/root/etc/e-smith/locale/es/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/es/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..8d3e93c --- /dev/null +++ b/root/etc/e-smith/locale/es/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Estado + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Aún No Hay Entradas + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host visto por primera vez + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Ocurrió un error mientras se detenía el servicio + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Eliminar email + + + + diff --git a/root/etc/e-smith/locale/et/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/et/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..51a14c4 --- /dev/null +++ b/root/etc/e-smith/locale/et/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Olek + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Pole veel sisestusi + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Teenuse peatamisel ilmnes viga + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Kustuta e-posti + + + + diff --git a/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..6ed7c0f --- /dev/null +++ b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Statut du service fail2ban. + + + STATUS + État + + + FilterLocalNetworks_STATUS + Mettre en liste blanche tous les réseaux locaux définis. + + + FilterLocalNetworks + Statut du Filtre des réseaux Locaux + + + FilterValidRemoteHosts_STATUS + Mettre en liste blanche tous les hôtes distants autorisés à accéder au gestionnaire du serveur. + + + FilterValidRemoteHosts + Statut du Filtre des hôtes distants valides + + + BANTIME + Paramètre de la durée de bannissement pour les prisons (valeur par défaut initiale de 1800 secondes). + + + DEFAULT_BANTIME + Durée de bannissement + + + FINDTIME + >Définissez la durée de recherche par défaut pour les prisons (la valeur initiale par défaut est de 900 secondes). + + + DEFAULT_FINDTIME + Délais de recherche + + + MAXRETRY + Définissez le nombre maximal de tentatives par défaut autorisé avant d'être banni (valeur initiale par défaut est 3). + + + DEFAULT_MAXRETRY + Essais maximum + + + SSHD_STATUS + Statut de la prison sshd. + + + SSHD + sshd + + + QPSMTPD_STATUS + Statut de la prison qpsmtpd (courriels entrants). + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Statut de la prison dovecot (service imap pour récupérer les courriels). + + + IMAP + dovecot + + + HTTPD_STATUS + Statut des prisons httpd. Plusieurs fonctionnalités y sont activées à la fois. + + + HTTPD + httpd + + + FTP_STATUS + Statut de la prison proftpd. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Statut de la prison LemonLDAP, si installée. Rien ne fonctionne si LemonLDAP n'est pas installé ou désactivé. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Statut de la prison ejabberd, si installé. S'il n'est ni installé, ni activé, ni en fonction rien ne tourne. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Statut de la prison SOGO, si installé. S'il n'est ni installé, ni activé, ni en fonction rien ne tourne. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Statut des prisons Wordpress. Vous devez l'activer manuellement, que vous l'ayez dans une baie d'information ou que vous utilisiez la contribution. Veuillez également installer le module d'extension dans toutes vos instances Wordpress. + + + WORDPRESS + Wordpress + + + VALIDFROM_DESC +

Hôtes approuvés

Ceci est une liste d'hôtes qui ne sera pas bloquée par fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Aucune entrée + + + DESC_ADD_IP + Pour ajouter un nouveau réseau approuvé, entrez les détails ci-dessous. + + + ADD_IP + Réseau approuvé + + + DESC_ADD_BITS + Pour ajouter un nouveau réseau approuvé, entrez le sous-réseau associé en utilisant les bits (par ex. 22, 25 ou 32). + + + ADD_BITS + Masque de sous-réseau approuvé + + + CURRENT_DENY_DESC + Hôtes bloqués

C'est une liste d'hôtes actuellement bloqués. ]]> + + + FIRST_SEEN + Hôte vu pour la première fois + + + SUCCESS + Les nouveaux paramètres de fail2ban ont étés enregistrés. + + + ERR_NO_RECORD + Impossible de localiser la clef fail2ban dans la base de données de configuration + + + ERROR_STOPPING + Une erreur s'est produite pendant l'arrêt du service + + + SUCCESS_IP + L'IP a été dé-bannie + + + SUCCESS_IP_WHITE + L'IP a été dé-bannie et mise sur liste blanche + + + ERROR_UPDATING + Impossible de dé-bannir + + + ERROR_UPDATING_WHITE + Impossible de dé-bannir et de mettre en liste blanche + + + ERR_EXISTS + Erreur : IP déjà dans la liste blanche + + + SEND_MAIL_STATUS + Envoyer un courriel lors d'un bannissement + + + EMAIL + Courriel d'alerte + + + + diff --git a/root/etc/e-smith/locale/he/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/he/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..1f7a3a1 --- /dev/null +++ b/root/etc/e-smith/locale/he/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + מצב + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + דוא"ל + + + + diff --git a/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..5febcb4 --- /dev/null +++ b/root/etc/e-smith/locale/hu/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Állapot + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + E-mail + + + + diff --git a/root/etc/e-smith/locale/id/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/id/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..a80b0a7 --- /dev/null +++ b/root/etc/e-smith/locale/id/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Email + + + + diff --git a/root/etc/e-smith/locale/it/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/it/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..348cea9 --- /dev/null +++ b/root/etc/e-smith/locale/it/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Stato del servizio fail2ban + + + STATUS + Stato + + + FilterLocalNetworks_STATUS + Mette in whitelist tutte le reti locali. + + + FilterLocalNetworks + Stato di FilterLocalNetworks + + + FilterValidRemoteHosts_STATUS + Inserire in whitelist tutti gli host remoti autorizzati ad accedere al server-manager. + + + FilterValidRemoteHosts + Stato FilterValidRemoteHosts + + + BANTIME + Impostare il periodo di ban per jails (il default iniziale è 1800 secondi). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + Imposta il periodo di find per jails (il default iniziale è 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Impostare il valore di "default max retry" consentito prima del ban (Il default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Stato di sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Stato di qpsmtpd jail (messaggi in ingresso). + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Stato di dovecot jail (servizio imap per caricamento messaggi). + + + IMAP + dovecot + + + HTTPD_STATUS + Stato di httpd jails. Molte caratteristiche per volta vengono abilitate. + + + HTTPD + httpd + + + FTP_STATUS + Stato di proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Stato di jail LemonLDAP, se installato. Nulla è attivo se LemonLDAP non è installato o è disabilitato. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Stato di ejabberd jail, se installato. Nulla è attivo se ejabberd non è installato o è disabilitato. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Stato di SOGO jail se installato. Nulla è attivo se SOGO non è installato o è disabilitato. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Stato di wordpress jails. E' necessario attivarlo manualmente sia che lo si abbia in una I-bay o che si usi il contrib. Installare inoltre il plugin in tutte le istanze attive di wordpress. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Host consentiti

Questa è una lista di host che non saranno bloccati da fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Nessun elemento inserito + + + DESC_ADD_IP + Per aggiungere una nuova rete consentita, inserire i dettagli sotto. + + + ADD_IP + Rete autorizzata + + + DESC_ADD_BITS + Per aggiungere una nuova rete autorizzata, inserire la subnet associata usando i bits (p.e. 22, 25 or 32). + + + ADD_BITS + Subnet di rete autorizzate. + + + CURRENT_DENY_DESC + Host bloccati

Questa è la lista degli host correntemente bloccati. ]]> + + + FIRST_SEEN + Primo host individuato + + + SUCCESS + Le nuove impostazione fail2ban sono state salvate. + + + ERR_NO_RECORD + Impossibile trovare il record fail2ban nel db di configurazione + + + ERROR_STOPPING + Errore durante l'arresto del servizio + + + SUCCESS_IP + L'indirizzo IP è stato rimosso dalla ban-list + + + SUCCESS_IP_WHITE + L'indirizzo IP è stato rimosso dalla ban-list ed inserito in white-list + + + ERROR_UPDATING + Impossibile rimuovere dalla banlist + + + ERROR_UPDATING_WHITE + Impossibile rimuovere dalla banlist ed inserire nella whitelist + + + ERR_EXISTS + Errore: indirizzo IP già in whitelist + + + SEND_MAIL_STATUS + Invia la posta in ban + + + EMAIL + Mail di allerta + + + + diff --git a/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..2af4b84 --- /dev/null +++ b/root/etc/e-smith/locale/ja/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + 状態 + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Email + + + + diff --git a/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..e48f9a2 --- /dev/null +++ b/root/etc/e-smith/locale/nb/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + E-post + + + + diff --git a/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..d83c31f --- /dev/null +++ b/root/etc/e-smith/locale/nl/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Nog geen gegevens + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host voor het eerst gezien + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Fout opgetreden bij proberen dienst te stoppen + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Verwijder e-mail + + + + diff --git a/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..fa61a5d --- /dev/null +++ b/root/etc/e-smith/locale/pl/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Stan + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + E-mail + + + + diff --git a/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..9ee5e72 --- /dev/null +++ b/root/etc/e-smith/locale/pt-br/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Nenhuma entrada ainda + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host visto primeiro em + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Erro enquanto tentando parar serviço + + + SUCCESS_IP + O seguinte IP deixou de ser banido + + + SUCCESS_IP_WHITE + O seguinte IP deixou de ser banido e foi colocado na lista branca + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Apagar e-mail + + + + diff --git a/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..3cff3bf --- /dev/null +++ b/root/etc/e-smith/locale/pt/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Nenhuma entrada ainda + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host visto primeiro em + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Erro enquanto tentando parar serviço + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Apagar e-mail + + + + diff --git a/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..101ece9 --- /dev/null +++ b/root/etc/e-smith/locale/ro/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Stare + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Nu există nici o înregistrare + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Client observat prima data + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + A apărut o eroare când s-a încercat oprirea serviciului + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Șterge email + + + + diff --git a/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..dc3f62b --- /dev/null +++ b/root/etc/e-smith/locale/ru/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Состояние + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Нет элементов + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Хост впервые обнаружен + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Ошибка при попытке остановить службу + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Удалить письмо + + + + diff --git a/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..b356021 --- /dev/null +++ b/root/etc/e-smith/locale/sl/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Email + + + + diff --git a/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..f6caf13 --- /dev/null +++ b/root/etc/e-smith/locale/sv/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Status + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Inga värden ännu + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Värd sett första gången + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Ett fel uppstod vid försök att stoppa service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + Radera e-post + + + + diff --git a/root/etc/e-smith/locale/th/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/th/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..3109ac2 --- /dev/null +++ b/root/etc/e-smith/locale/th/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + สถานะ + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + No Entries Yet + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Host first seen + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Error while trying to stop service + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + ลบอีเมล์ + + + + diff --git a/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..825cfcc --- /dev/null +++ b/root/etc/e-smith/locale/tr/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + Durum + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + Giriş izni yok + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + Sunucunu ilk defa görülmesi + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + Servisi durdurmaya çalışırken hata oluştu + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + E-posta + + + + diff --git a/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..1b5ce92 --- /dev/null +++ b/root/etc/e-smith/locale/zh-cn/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + 状态 + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + 还没有输入 + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + 第一次出现的主机 + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + 停止服务时出错 + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + 删除邮件 + + + + diff --git a/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..ba26c09 --- /dev/null +++ b/root/etc/e-smith/locale/zh-tw/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,196 @@ + + + SERVICE_STATUS + Fail2ban service status. + + + STATUS + 狀態 + + + FilterLocalNetworks_STATUS + Whitelist all the local network defined. + + + FilterLocalNetworks + FilterLocalNetworks status + + + FilterValidRemoteHosts_STATUS + Whitelist all the authorized remote hosts allowed to acces server-manager. + + + FilterValidRemoteHosts + FilterValidRemoteHosts status + + + BANTIME + Set the default ban time for jails (Initial default is 1800 seconds). + + + DEFAULT_BANTIME + Bantime + + + FINDTIME + >Set the default find time for jails (Initial default is 900 seconds). + + + DEFAULT_FINDTIME + Findtime + + + MAXRETRY + Set the default max retry allowed before being ban (Initial default is 3). + + + DEFAULT_MAXRETRY + Maxretry + + + SSHD_STATUS + Status of sshd jail. + + + SSHD + sshd + + + QPSMTPD_STATUS + Status of qpsmtpd (incoming emails) jail. + + + QPSMTPD + qpsmtpd + + + IMAP_STATUS + Status of dovecot (imap service to retrieve emails) jail. + + + IMAP + dovecot + + + HTTPD_STATUS + Status of httpd jails. Multiple features are enabled at once there. + + + HTTPD + httpd + + + FTP_STATUS + Status of proftpd jail. + + + FTP + proftpd + + + LEMONLDAP_STATUS + Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled. + + + LEMONLDAP + LemonLDAP + + + EJABBERD_STATUS + Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled. + + + EJABBERD + ejabberd + + + SOGOD_STATUS + Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled. + + + SOGOD + SOGO + + + WORDPRESS_STATUS + Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances. + + + WORDPRESS + wordpress + + + VALIDFROM_DESC +

Allowed Hosts

This is a list of hosts that will not be blocked by fail2ban.

]]>
+
+ + NO_ENTRIES_YET + 尚無輸入 + + + DESC_ADD_IP + To add a new allowed network, enter the details below. + + + ADD_IP + Authorized network + + + DESC_ADD_BITS + To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32). + + + ADD_BITS + Authorized network subnet + + + CURRENT_DENY_DESC + Blocked Hosts

This is a list of hosts that are currently blocked. ]]> + + + FIRST_SEEN + 首次訪問的主機 + + + SUCCESS + The new fail2ban settings have been saved. + + + ERR_NO_RECORD + Unable to locate fail2ban record in configuration db + + + ERROR_STOPPING + 錯誤發生於試圖停止服務時 + + + SUCCESS_IP + The following IP has been unbanned + + + SUCCESS_IP_WHITE + The following IP has been unbanned and whitelisted + + + ERROR_UPDATING + Unable to unban + + + ERROR_UPDATING_WHITE + Unable to unban and whitelist + + + ERR_EXISTS + Error: IP already in whitelist + + + SEND_MAIL_STATUS + Send mail on ban + + + EMAIL + 郵件刪除 + + + + diff --git a/root/etc/e-smith/templates/etc/backup-data.d/smeserver-fail2ban.include/template-begin b/root/etc/e-smith/templates/etc/backup-data.d/smeserver-fail2ban.include/template-begin new file mode 100644 index 0000000..c9ac5db --- /dev/null +++ b/root/etc/e-smith/templates/etc/backup-data.d/smeserver-fail2ban.include/template-begin @@ -0,0 +1,22 @@ +#Only non rpm owned files are backupe there +{ +use RPM2; +my $rpm_db = RPM2->open_rpm_db(); + +my @dirs = qw( +/etc/fail2ban +/etc/fail2ban/action.d +/etc/fail2ban/fail2ban.d +/etc/fail2ban/filter.d +/etc/fail2ban/jail.d +); + +foreach my $some_dir (@dirs) { + opendir(my $dh, $some_dir) || die "Can't open $some_dir: $!"; + while ( (my $file = readdir $dh) ) { + next if $file =~ /^\.{1,2}$/; + $OUT .= "$some_dir/$file\n" unless $rpm_db->find_by_file("$some_dir/$file"); + } + closedir $dh; +} +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/fail2ban.conf/10All b/root/etc/e-smith/templates/etc/fail2ban/fail2ban.conf/10All new file mode 100644 index 0000000..00eb7b3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/fail2ban.conf/10All @@ -0,0 +1,8 @@ +[Definition] +loglevel = INFO +logtarget = /var/log/fail2ban/daemon.log +syslogsocket = auto +socket = /var/run/fail2ban/fail2ban.sock +pidfile = /var/run/fail2ban/fail2ban.pid +dbfile = /var/lib/fail2ban/fail2ban.sqlite3 +dbpurgeage = 604800 diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/00Default b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/00Default new file mode 100644 index 0000000..db4574b --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/00Default @@ -0,0 +1 @@ +[DEFAULT] diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP new file mode 100644 index 0000000..c4914f3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP @@ -0,0 +1,38 @@ +{ + +use esmith::NetworksDB; +use Net::IPv4Addr; + +my $n = esmith::NetworksDB->open_ro() || + die "Couldn't open networks DB\n"; + +my @ip = ("127.0.0.0/8", $LocalIP); + +# Add hosts which can access the server-manager to the whitelist +unless (($fail2ban{FilterValidRemoteHosts} || 'disabled') eq 'enabled'){ + foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){ + my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_"); + push @ip, "$ip/$bits" unless "$ip" eq '0.0.0.0'; + } +} + +unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){ + foreach my $net ($n->networks){ + my $key = $net->key; + my $mask = $net->prop('Mask'); + my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$key/$mask"); + push @ip, "$ip/$bits"; + } +} + +# Add a local whitelist +foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')){ + my $addr = $_; + $addr .= '/32' unless ($addr =~ m/\/\d{1,2}$/); + my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$addr"); + push @ip, "$ip/$bits"; +} + +$OUT .= "ignoreip = " . join(" ", @ip); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10BanTime b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10BanTime new file mode 100644 index 0000000..5056140 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10BanTime @@ -0,0 +1,7 @@ +{ + +our $bantime = $fail2ban{'BanTime'} || '1800'; + +$OUT .= "bantime = $bantime"; + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10FindTime b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10FindTime new file mode 100644 index 0000000..c140c0c --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/10FindTime @@ -0,0 +1,7 @@ +{ + +our $findtime = $fail2ban{'FindTime'} || '900'; + +$OUT .= "findtime = $findtime"; + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/15MaxRetries b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/15MaxRetries new file mode 100644 index 0000000..e96acae --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/15MaxRetries @@ -0,0 +1,6 @@ +{ +our $maxretry = $fail2ban{'MaxRetry'} || '3'; + +$OUT .= "maxretry = $maxretry"; + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/16Dns b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/16Dns new file mode 100644 index 0000000..d6622e3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/16Dns @@ -0,0 +1 @@ +usedns = yes diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/20Backend b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/20Backend new file mode 100644 index 0000000..294cb23 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/20Backend @@ -0,0 +1 @@ +backend = auto diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions new file mode 100644 index 0000000..0eecbff --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions @@ -0,0 +1,7 @@ +{ + +our $mail = $fail2ban{'Mail'} || 'disabled'; +our $maildest = $fail2ban{'MailRecipient'} || 'root'; +return ''; + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh new file mode 100644 index 0000000..9ae74cc --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh @@ -0,0 +1,31 @@ +{ + +my $port = $sshd{'TCPPort'} || '22'; +my $status = $sshd{'status'} || 'disabled'; +my $f2b = $sshd{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +$OUT .=<<"EOF"; + +[ssh] +enabled = true +filter = sshd +logpath = /var/log/sshd/sshd.log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"SSH\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[ssh-ddos] +enabled = true +filter = sshd-ddos +logpath = /var/log/sshd/sshd.log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"SSH\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot new file mode 100644 index 0000000..b2d31f6 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot @@ -0,0 +1,25 @@ +{ + +my $status = $dovecot{'status'} || 'disabled'; +my $f2b = $dovecot{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my @ports = (); +push @ports, ($imap{'TCPPort'} || '143') + if (($imap{'status'} || 'disabled') eq 'enabled'); +push @ports, ($imaps{'TCPPort'} || '993') + if (($imaps{'status'} || 'disabled') eq 'enabled'); +my $port = join (",", @ports); + +$OUT .=<<"EOF"; + +[imap] +enabled = true +filter = dovecot +logpath = /var/log/dovecot/dovecot.log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Dovecot\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd new file mode 100644 index 0000000..bf68d9f --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd @@ -0,0 +1,27 @@ +{ + +my $status = $qpsmtpd{'status'} || 'disabled'; +my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my @ports = (); +push @ports, ($qpsmtpd{'TCPPort'} || '25'); +push @ports, ($sqpsmtpd{'TCPPort'} || '465') + if (($sqpsmtpd{'status'} || 'disabled') eq 'enabled'); +my $port = join (",", @ports); + +my $max = $maxretry*3; + +$OUT .=<<"EOF"; + +[qpsmtpd] +enabled = true +filter = qpsmtpd +logpath = /var/log/*qpsmtpd/current +maxretry = $max +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Qpsmtpd\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd new file mode 100644 index 0000000..029796f --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd @@ -0,0 +1,97 @@ +{ + +my $status = ${'httpd-e-smith'}{'status'} || 'disabled'; +my $f2b = ${'httpd-e-smith'}{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my @ports = (); +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); +push @ports, ($modSSL{'TCPPort'} || '443'); +my $port = join (",", @ports); + +$OUT .=<<"EOF"; + +[http-overflows] +enabled = true +filter = apache-overflows +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (overflows)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-noscript] +enabled = true +filter = apache-noscript +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (noscript)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-scan] +enabled = true +filter = apache-scan +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (scan)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-auth] +enabled = true +filter = apache-auth +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (auth)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-badbots] +enabled = true +filter = apache-badbots +logpath = /var/log/httpd/access_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (badbots)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-shellshock] +enabled = true +filter = apache-shellshock +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (shellshock)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[http-fakegooglebot] +enabled = true +filter = apache-fakegooglebot +logpath = /var/log/httpd/error_log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Apache (fakegooglebot)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + + + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam new file mode 100644 index 0000000..07af966 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam @@ -0,0 +1,11 @@ + +[pam-generic] +enabled = true +filter = pam-generic +logpath = /var/log/secure +maxretry = {$maxretry*2} +action = smeserver-iptables[bantime={"$bantime"}] +{ +$OUT .= " smeserver-sendmail[name=\"PAM generic\",dest=$maildest]\n" + if ($mail eq 'enabled'); +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager new file mode 100644 index 0000000..725ce9c --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager @@ -0,0 +1,25 @@ +{ +my $port = (${'httpd-e-smith'}{'TCPPort'} || '80') .','. + ($modSSL{'TCPPort'} || '443'); +my $status = $smanager{'status'} || 'disabled'; +my $f2b = $smanager{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); + +$OUT .=<<"EOF"; + +[smanager] +enabled = true +port = $port +filter = smanager +logpath = /usr/share/smanager/log/production.log +maxretry = 3 +findtime = 300 +bantime = 1800 +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] + +EOF + +$OUT .= " smeserver-sendmail[name=\"SManager\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo new file mode 100644 index 0000000..461667f --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo @@ -0,0 +1,24 @@ +{ + +my $status = $sogod{'status'} || 'disabled'; +my $f2b = $sogod{'Fail2Ban'} || 'enabled'; +return "\n#Sogo not available" unless ( -f "/var/log/sogo/sogo.log" ); +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my @ports = (); +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); +push @ports, ($modSSL{'TCPPort'} || '443'); +my $port = join (",", @ports); + +$OUT .=<<"EOF"; + +[sogo] +enabled = true +filter = sogo-auth +logpath = /var/log/sogo/sogo.log +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"SOGo\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG new file mode 100644 index 0000000..a5d2267 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG @@ -0,0 +1,23 @@ +{ + +my $status = ${'lemonldap'}{'status'} || 'disabled'; +my $f2b = ${'lemonldap'}{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my @ports = (); +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); +push @ports, ($modSSL{'TCPPort'} || '443'); +my $port = join (",", @ports); + +$OUT .=<<"EOF"; + +[lemonldap] +enabled = true +filter = lemonldap-ng +logpath = /var/log/messages +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"LemonLDAP::NG\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp new file mode 100644 index 0000000..1a9e48d --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp @@ -0,0 +1,21 @@ +{ + +my $port = $ftp{'TCPPort'} || '21'; +my $status = $ftp{'status'} || 'disabled'; +my $f2b = $ftp{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +# add the data channel port +$port .= ',20'; +$OUT .=<<"EOF"; + +[ftp] +enabled = true +filter = proftpd +logpath = /var/log/secure +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"FTP\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd new file mode 100644 index 0000000..f9b5f11 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd @@ -0,0 +1,21 @@ +{ + +my $status = $ejabberd{'status'} || 'disabled'; +my $f2b = $ejabberd{'Fail2Ban'} || 'enabled'; +return "" if (($status ne 'enabled') || ($f2b ne 'enabled')); +my $port = $ejabberd{'TCPPorts'} || '5222,5223,5269'; + +$OUT .=<<"EOF"; + +[ejabberd] +enabled = true +filter = ejabberd-auth +logpath = /var/log/ejabberd.run/current +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " smeserver-sendmail[name=\"Ejabberd\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} + diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress new file mode 100644 index 0000000..1d3895d --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/45wordpress @@ -0,0 +1,68 @@ +{ + +my $status = $fail2ban{'wordpress'} || 'disabled'; +return "\n# wordpress disabled \n" if ($status ne 'enabled') ; +my @ports = (); +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); +push @ports, ($modSSL{'TCPPort'} || '443'); +my $port = join (",", @ports); + +my $wphbantime = $fail2ban{'WPHbantime'} || $bantime; +my $wpsbantime = $fail2ban{'WPSbantime'} || $bantime; +my $wpxbantime = $fail2ban{'WPXbantime'} || $bantime; +my $wphfindtime = $fail2ban{'WPHfindtime'} || $findtime; +my $wpsfindtime = $fail2ban{'WPSfindtime'} || $findtime; +my $wpxfindtime = $fail2ban{'WPXfindtime'} || $findtime; +my $wphmaxretry = $fail2ban{'WPHmaxretry'} || $maxretry; +my $wpsmaxretry = $fail2ban{'WPSmaxretry'} || $maxretry; +my $wpxmaxretry = $fail2ban{'WPXmaxretry'} || $maxretry; + +$OUT .=<<"EOF"; + +[wordpress-hard] +enabled = true +filter = wordpress-hard +logpath = /var/log/messages +findtime = $wphfindtime +maxretry = $wphmaxretry +bantime = $wphbantime +backend = polling +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wphbantime] +EOF +$OUT .= " smeserver-sendmail[name=\"Wordpress (hard)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + + +$OUT .=<<"EOF"; + +[wordpress-soft] +enabled = true +filter = wordpress-soft +logpath = /var/log/messages +findtime = $wpsfindtime +maxretry = $wpsmaxretry +bantime = $wpsbantime +backend = polling +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpsbantime] +EOF +$OUT .= " smeserver-sendmail[name=\"Wordpress (soft)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + + +$OUT .=<<"EOF"; + +[apache-xmlrpc] +enabled = true +port = http,https +filter = apache-xmlrpc +logpath = /var/log/httpd/access_log +findtime = $wpxfindtime +maxretry = $wpxmaxretry +bantime = $wpxbantime +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$wpxbantime] +EOF +$OUT .= " smeserver-sendmail[name=\"Wordpress (xmlrpc)\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} + diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/90Recidive b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/90Recidive new file mode 100644 index 0000000..7b71963 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/90Recidive @@ -0,0 +1,21 @@ +{ +my $rbantime = $fail2ban{'RecidiveBanTime'} || '604800'; +my $rfindtime = $fail2ban{'RecidiveFindTime'} || '86400'; +my $rmaxretry = $fail2ban{'RecidiveMaxRetry'} || '5'; +my $raction = 'smeserver-iptables[bantime=' . $rbantime . ']' . "\n"; +$raction .= " smeserver-sendmail[name=\"Recidive\",dest=$maildest]\n" + if ($mail eq 'enabled'); + +$OUT .=<<"EOF"; + +[recidive] +enabled = true +filter = recidive +logpath = /var/log/fail2ban/daemon.log +bantime = $rbantime +findtime = $rfindtime +maxretry = $rmaxretry +backend = polling +action = $raction +EOF +} diff --git a/root/etc/e-smith/templates/etc/logrotate.d/fail2ban/10All b/root/etc/e-smith/templates/etc/logrotate.d/fail2ban/10All new file mode 100644 index 0000000..d967b30 --- /dev/null +++ b/root/etc/e-smith/templates/etc/logrotate.d/fail2ban/10All @@ -0,0 +1,8 @@ +/var/log/fail2ban/*.log \{ + missingok + weekly + rotate 24 + compress + notifempty + copytruncate +\} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Fail2Ban b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Fail2Ban new file mode 100644 index 0000000..b9ec967 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Fail2Ban @@ -0,0 +1,6 @@ + # A blacklist chain for fail2ban + /sbin/iptables --new-chain Fail2Ban + /sbin/iptables --new-chain Fail2Ban_1 + /sbin/iptables --append Fail2Ban -j Fail2Ban_1 + /sbin/iptables --insert INPUT 1 \ + -j Fail2Ban diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban new file mode 100644 index 0000000..4a202d5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban @@ -0,0 +1,33 @@ +{ + my $f2bdb = esmith::ConfigDB->open_ro('fail2ban') || + esmith::ConfigDB->create('fail2ban'); + # Find the current Fail2Ban_$$ chain, and create a new one. + $OUT .=<<'EOF'; + OLD_Fail2Ban=$(get_safe_id Fail2Ban filter find) + NEW_Fail2Ban=$(get_safe_id Fail2Ban filter new) + /sbin/iptables --new-chain $NEW_Fail2Ban +EOF + + if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ){ + foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){ + my $ip = $ban->prop('Host'); + my $proto = $ban->prop('Protocol') || ''; + my $port = $ban->prop('Port') || ''; + $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip"; + $OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/); + $OUT .= " -m multiport --dports $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+(,\d+)*$/); + $OUT .= " -j denylog\n"; + } + $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . + " -j RETURN\n"; + } + + # Having created a new Fail2Ban chain, activate it and destroy the old. + $OUT .=<<'EOF'; + /sbin/iptables --replace Fail2Ban 1 \ + --jump $NEW_Fail2Ban + /sbin/iptables --flush $OLD_Fail2Ban + /sbin/iptables --delete-chain $OLD_Fail2Ban +EOF + +} diff --git a/root/etc/e-smith/web/functions/fail2ban b/root/etc/e-smith/web/functions/fail2ban new file mode 100644 index 0000000..8bc3262 --- /dev/null +++ b/root/etc/e-smith/web/functions/fail2ban @@ -0,0 +1,154 @@ +#!/usr/bin/perl -wT +# vim: ft=xml ts=8 sw=4 noet: +#---------------------------------------------------------------------- +# heading : Security +# description : Fail2Ban +# navigation : 5000 5250 +#---------------------------------------------------------------------- + +use strict; +use esmith::FormMagick::Panel::fail2ban; +my $f = esmith::FormMagick::Panel::fail2ban->new(); +$f->display(); + +__DATA__ +

+ + + + + + + + DESC_ADD_IP + + + + DESC_ADD_BITS + + + + + + + + + + + + + + + + + + + + + SERVICE_STATUS + + + + FilterLocalNetworks_STATUS + + + + FilterValidRemoteHosts_STATUS + + + + + SEND_MAIL_STATUS + + + + BANTIME + + + + + FINDTIME + + + + MAXRETRY + + + + + + SSHD_STATUS + + + + QPSMTPD_STATUS + + + + IMAP_STATUS + + + + HTTPD_STATUS + + + + FTP_STATUS + + + + LEMONLDAP_STATUS + + + + EJABBERD_STATUS + + + + SOGOD_STATUS + + + + WORDPRESS_STATUS + + + + + +
+ diff --git a/root/etc/fail2ban/action.d/smeserver-iptables.conf b/root/etc/fail2ban/action.d/smeserver-iptables.conf new file mode 100644 index 0000000..d09a2d5 --- /dev/null +++ b/root/etc/fail2ban/action.d/smeserver-iptables.conf @@ -0,0 +1,13 @@ + +[Definition] + +actionstart = +actionstop = +actioncheck = +actionban = /sbin/e-smith/smeserver-fail2ban --host= --proto= --port= --bantime= +actionunban = /sbin/e-smith/smeserver-fail2ban --host= --unban --proto= --port= + +[Init] +protocol = undef +port = undef +bantime = undef diff --git a/root/etc/fail2ban/action.d/smeserver-sendmail.conf b/root/etc/fail2ban/action.d/smeserver-sendmail.conf new file mode 100644 index 0000000..887069b --- /dev/null +++ b/root/etc/fail2ban/action.d/smeserver-sendmail.conf @@ -0,0 +1,21 @@ + +[Definition] + +actionstart = +actionstop = +actioncheck = +actionban = printf %%b "Subject: [Fail2Ban] : banned + From: Fail2Ban <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f +actionunban = + +[Init] +name = default +dest = root +sender = fail2ban + diff --git a/root/etc/fail2ban/filter.d/apache-auth.local b/root/etc/fail2ban/filter.d/apache-auth.local new file mode 100644 index 0000000..e2a2242 --- /dev/null +++ b/root/etc/fail2ban/filter.d/apache-auth.local @@ -0,0 +1,2 @@ +[Definition] +ignoreregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: /etc/httpd/conf/proxy/proxy\.pac\s*$ diff --git a/root/etc/fail2ban/filter.d/apache-scan.conf b/root/etc/fail2ban/filter.d/apache-scan.conf new file mode 100644 index 0000000..470f864 --- /dev/null +++ b/root/etc/fail2ban/filter.d/apache-scan.conf @@ -0,0 +1,11 @@ +[Definition] +re_pma = (admin|administrator|database|db|sql|typo3|xampp\/)?(pma|PMA|phpmyadmin|phpMyAdmin(\-?[\d\.\-]+((rc|pl|beta)\d+)?)?|myadmin|mysql|mysqladmin|sqladmin|mypma|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2|php\-my\-admin|sqlmanager|websql|sqlweb|MyAdmin|phpadmin|sql|pma2005|databaseadmin|phpmanager)(\/main\.php|setup\.php|read_dump\.php|read_dump\.phpmain\.php)? +re_admin = administrator(\/index\.php)?|manager(\/(status|html))?|webadmin|ecrire|admin((\.php)|(\/(config|login)\.php))?|mailadmin|setup\.php|admin\/modules\/backup\/page\.backup\.php +re_proxy = freenode-proxy-checker\.txt|proxychecker|proxyheader\.php +re_various = vtigercrm|typo3|scripts|wp\-admin|wp\-login\.php|wordpress|horde(\d+(\/+README)?)?|w00tw00t\.*|\/?plmplmplm\/plm\.php + +failregex = \[client \] File does not exist: .*\/(%(re_pma)s|%(re_admin)s|%(re_proxy)s|%(re_various)s)$ + \[client \] client denied by server configuration: .*\/(%(re_admin)s|%(re_proxy)s)$ + \[client \] client sent HTTP/1.1 request without hostname \(see RFC2616 section 14.23\): + +ignoreregex = diff --git a/root/etc/fail2ban/filter.d/apache-xmlrpc.conf b/root/etc/fail2ban/filter.d/apache-xmlrpc.conf new file mode 100644 index 0000000..884d73c --- /dev/null +++ b/root/etc/fail2ban/filter.d/apache-xmlrpc.conf @@ -0,0 +1,5 @@ +[Definition] +failregex = ^ .*POST .*xmlrpc\.php.* +ignoreregex = + +# source http://xplus3.net/2013/05/09/securing-xmlrpc-wordpress/ diff --git a/root/etc/fail2ban/filter.d/lemonldap-ng.conf b/root/etc/fail2ban/filter.d/lemonldap-ng.conf new file mode 100644 index 0000000..f7a52e2 --- /dev/null +++ b/root/etc/fail2ban/filter.d/lemonldap-ng.conf @@ -0,0 +1,11 @@ +[INCLUDES] +before = common.conf + +[Definition] + +_daemon = lemonldap\-ng + +failregex = ^\s*%(__prefix_line)s\s*Lemonldap::NG : .* was not found in LDAP directory \(\)\s*$ + ^\s*%(__prefix_line)s\s*Lemonldap::NG : Bad password for .* \(\)\s*$ + +ignoreregex = diff --git a/root/etc/fail2ban/filter.d/qpsmtpd.conf b/root/etc/fail2ban/filter.d/qpsmtpd.conf new file mode 100644 index 0000000..c19eb18 --- /dev/null +++ b/root/etc/fail2ban/filter.d/qpsmtpd.conf @@ -0,0 +1,11 @@ +[INCLUDES] +before = common.conf + +[Definition] + +_daemon = qpsmtpd + +failregex = ^\s*\d+\s*logging::logterse plugin \(deny\): ` \s*.*90\d.*msg denied before queued$ + ^\s*\d+\s*\(deny\) logging::logterse: ` \s*.*90\d.*msg denied before queued$ + +ignoreregex = logters.*greylisting.*90.*temporarily denied diff --git a/root/etc/fail2ban/filter.d/smanager.conf b/root/etc/fail2ban/filter.d/smanager.conf new file mode 100644 index 0000000..dae71b6 --- /dev/null +++ b/root/etc/fail2ban/filter.d/smanager.conf @@ -0,0 +1,12 @@ +# Fail2Ban filter for Smanager attempted bypasses + +[Definition] +#[Mon Nov 9 20:33:34 2020] [info] Login FAILED: mab 192.168.0.11 + +failregex = ^\[.*\] \[info\] Login FAILED: .*\t$ + +ignoreregex = ^\[.*\] \[debug\] .*$ +ignoreregex = ^\[.*\] \[info\] Login succeeded: .*$ + +datepattern = {^LN-BEG} + diff --git a/root/etc/fail2ban/filter.d/sshd-ddos.conf b/root/etc/fail2ban/filter.d/sshd-ddos.conf new file mode 100644 index 0000000..2b1259a --- /dev/null +++ b/root/etc/fail2ban/filter.d/sshd-ddos.conf @@ -0,0 +1,28 @@ +# Fail2Ban ssh filter for at attempted exploit +# +# The regex here also relates to a exploit: +# +# http://www.securityfocus.com/bid/17958/exploit +# The example code here shows the pushing of the exploit straight after +# reading the server version. This is where the client version string normally +# pushed. As such the server will read this unparsible information as +# "Did not receive identification string". +# Author: Yaroslav Halchenko + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + +[Definition] + +_daemon = sshd + +failregex = ^%(__prefix_line)sDid not receive identification string from \s*$ + +ignoreregex =. + +[Init] + +journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd diff --git a/root/etc/fail2ban/filter.d/wordpress-hard.conf b/root/etc/fail2ban/filter.d/wordpress-hard.conf new file mode 100644 index 0000000..7822c3c --- /dev/null +++ b/root/etc/fail2ban/filter.d/wordpress-hard.conf @@ -0,0 +1,28 @@ +# Fail2Ban filter for WordPress hard failures +# + +[INCLUDES] + +before = common.conf + +[Definition] + +_daemon = (?:wordpress|wp) + +failregex = ^%(__prefix_line)sSpam comment \d+ from $ + ^%(__prefix_line)sAuthentication attempt for unknown user .* from $ + ^%(__prefix_line)sXML-RPC multicall authentication failure from $ + ^%(__prefix_line)sBlocked user enumeration attempt from $ + ^%(__prefix_line)sBlocked authentication attempt for .* from $ + ^%(__prefix_line)sAuthentication attempt for unknown user .* from $ + ^%(__prefix_line)sREST authentication attempt for unknown user .* from $ + ^%(__prefix_line)sPingback error .* generated from $ + ^%(__prefix_line)sXML-RPC authentication attempt for unknown user .* from $ + +ignoreregex = + +# DEV Notes: +# Requires the 'WP fail2ban' plugin: +# https://wordpress.org/plugins/wp-fail2ban/ +# +# Author: Charles Lecklider diff --git a/root/etc/fail2ban/filter.d/wordpress-soft.conf b/root/etc/fail2ban/filter.d/wordpress-soft.conf new file mode 100644 index 0000000..072bb3a --- /dev/null +++ b/root/etc/fail2ban/filter.d/wordpress-soft.conf @@ -0,0 +1,34 @@ +# Fail2Ban configuration file +# +# Author: Charles Lecklider +# + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + + +[Definition] + +_daemon = (?:wordpress|wp) + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = ^%(__prefix_line)sEmpty username from $ + ^%(__prefix_line)sAuthentication failure for .* from $ + ^%(__prefix_line)sXML-RPC authentication failure from $ + ^%(__prefix_line)sREST authentication failure for .* from $ + ^%(__prefix_line)sXML-RPC authentication failure for .* from $ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/root/sbin/e-smith/smeserver-fail2ban b/root/sbin/e-smith/smeserver-fail2ban new file mode 100644 index 0000000..a357227 --- /dev/null +++ b/root/sbin/e-smith/smeserver-fail2ban @@ -0,0 +1,132 @@ +#!/usr/bin/perl -w + +use strict; +use warnings; +use esmith::ConfigDB; +use Getopt::Long; + +our $f2bdb = esmith::ConfigDB->open('fail2ban') || esmith::ConfigDB->create('fail2ban'); +our $c = esmith::ConfigDB->open_ro; +our %opts; + + +sub usage(){ + print<<"EOF"; + +Usage: $0 --host= [--unban] [--protocol=tcp|udp|icmp|all] [--port=] [--bantime] + + * --host must specify a valid IPv4 adress in the form 10.11.12.13 or an IPv4 subnet in the form 10.11.12.0/24 + * --protocol can be used to specify the protocol to block. Only tcp, udp, icmp and all are valid (default is all) + * --port can be used to specify the port(s) to block. Only valid for tcp and udp. You can also specify a range + of port like 10000:20000. You can also specify several ports or range of port separated by a comma + * if --unban is specified, the given host will be removed from the blacklist + default is to add to the blacklist instead + * --bantime can be used to specify how long the ban should be (in seconds) + +EOF +} + +# Check if port is valid +sub is_valid_port($){ + my $ports = shift; + my $ret = 0; + foreach my $port (split /,/, $ports){ + if ($port =~ m/^(\d+):(\d+)$/){ + $ret = 1 if ($1 >= 0 && + $1 < 65636 && + $2 >= 0 && + $2 < 65636); + } + else{ + $ret = 1 if ($port > 0 && + $port < 65636); + } + } + return $ret; +} + +# Generate a random uniq ID +sub generate_uniq_id(){ + my @chars = ('a'..'z','0'..'9'); + my $id = ''; + my $round = 0; + foreach (1..10){ + foreach (1..15){ + $id .= $chars[rand @chars]; + } + my $eid = $f2bdb->get($id); + last unless ($eid); + } + die "Couldn't generate a valid uniq ID\n" + if ($id eq ''); + return $id; +} + +my $f2b = $c->get('fail2ban') || + die "fail2ban service not found in the configuration database\n"; + +# default is to ban a host +$opts{unban} = '0'; +$opts{bantime} = $f2b->prop('BanTime') || '1800'; + +GetOptions( + "host=s" => \$opts{host}, + "unban" => \$opts{unban}, + "protocol=s" => \$opts{proto}, + "port=s" => \$opts{port}, + "bantime=s" => \$opts{bantime} +); + +# special "undef" value for port and proto +undef $opts{proto} if ($opts{proto} eq 'undef'); +undef $opts{port} if ($opts{port} eq 'undef'); +$opts{bantime} = ($f2b->prop('BanTime') || '1800') + if ($opts{bantime} eq 'undef'); + +# Check options are valid + +# host is required +my @req = qw(host); +foreach (@req){ + usage() && die unless (defined $opts{$_}); +} + +# host must look like an IP address or IP with subnet +usage() && die + unless ($opts{host} =~ m'^([01]?\d\d?|2[0-4]\d|25[0-5])(?:\.[01]?\d\d?|\.2[0-4]\d|\.25[0-5]){3}(?:/[0-2]\d|/3[0-2])?$'); + +# protocol must can only be undefined, tcp, udp or icmp +usage() && die + if ($opts{proto} && $opts{proto} !~ m/^tcp|udp|icmp|all$/); + +# port must be a valid port number, and is only valid for tcp and udp +usage && die + if ($opts{port} && (($opts{proto} && $opts{proto} !~ m/^tcp|udp$/) || !is_valid_port($opts{port}))); + +if ($opts{unban}){ + foreach ($f2bdb->get_all_by_prop(Host => $opts{host})){ + my $proto = $_->prop('Protocol') || ''; + my $port = $_->prop('Port') || ''; + next if ($opts{proto} && $proto ne $opts{proto}); + next if ($opts{port} && $port ne $opts{port} && $proto =~ m/^tcp|udp$/); + $_->delete(); + } +} +else{ + my $id = generate_uniq_id(); + my %props; + $props{'type'} = 'ban'; + $props{'Host'} = $opts{host}; + $props{'Protocol'} = $opts{proto} + if ($opts{proto}); + $props{'Port'} = $opts{port} + if ($opts{port}); + $props{'BanTimestamp'} = time(); + $props{'UnbanTimestamp'} = time()+$opts{bantime}; + $f2bdb->new_record($id, \%props); +} + +die "An error occured while updating the firewall rules" + unless (system("/sbin/e-smith/signal-event fail2ban-update") == 0); + +exit(0); diff --git a/root/usr/bin/sfail2ban b/root/usr/bin/sfail2ban new file mode 100644 index 0000000..62362ac --- /dev/null +++ b/root/usr/bin/sfail2ban @@ -0,0 +1,6 @@ +#!/bin/bash +for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') +do +fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4 +done + diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm new file mode 100644 index 0000000..0436030 --- /dev/null +++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm @@ -0,0 +1,461 @@ +#!/usr/bin/perl -w + +package esmith::FormMagick::Panel::fail2ban; + +use strict; +use esmith::ConfigDB; +use esmith::FormMagick; +use esmith::util; +use esmith::cgi; +use File::Basename; +use Exporter; +use Carp; +use Data::Validate::IP; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw(get_value get_prop change_settings RemoveIP add_new_valid_from); + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.1 $ =~ /: (\d+).(\d+)/; +our $db = esmith::ConfigDB->open + || warn "Couldn't open configuration database (permissions problems?)"; +my $scriptname = basename($0); + +#TODO +#- translation +#- userpanel without settings + +my %defaultval=('FilterLocalNetworks'=> "enabled", + 'FilterValidRemoteHosts'=> "enabled", + "Mail" => "enabled", + "BanTime" => '1800', + "FindTime" => '900', + "MaxRetry" => '3', + "sshd" => 'enabled', + "qpsmtpd" => 'enabled', + "dovecot" => 'enabled', + "httpd-e-smith" => 'enabled', + "ftp" => 'enabled', + "lemonldap" => 'enabled', + "ejabberd" => 'enabled', + "sogod" => 'disabled', + "wordpress" => 'disabled', + + ) ; + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + +sub get_prop +{ + my $fm = shift; + my $item = shift; + my $prop = shift; + my $value = $db->get_prop($item, $prop) || ''; + if ( $value eq "" && exists($defaultval{$prop}) && $item eq "fail2ban") + { + $value=$defaultval{$prop}; + } + elsif ( $value eq "" && exists($defaultval{$item}) && $prop eq "Fail2Ban" && $item ne "fail2ban" ) + { + $value=$defaultval{$item}; + } + return $value; +} + +sub get_value { + my $fm = shift; + my $item = shift; + return ($db->get($item)->value()); +} + +sub ip_number_or_blank +{ + my $self = shift; + my $ip = shift; + + if (!defined($ip) || $ip eq "") + { + return 'OK'; + } + return CGI::FormMagick::Validator::ip_number($self, $ip); +} + +sub subnet_mask_bit +{ + my ($self, $mask) = @_; + my @allowed = (8,9,12,14,16,17,20,22,24,25,28,30,32); +# if ($self->ip_number_or_blank($mask) eq 'OK') + if ( !defined($mask) || $mask eq "" || grep( /^$mask$/, @allowed ) ) + { + return "OK"; + } + return "INVALID_SUBNET_MASK"; +} + +sub validate_network_and_mask +{ + my $self = shift; + my $mask = shift || ""; + + my $net = $self->cgi->param('ip') || ""; + if ($net xor $mask) + { + return $self->localise('ERR_INVALID_PARAMS'); + } + return 'OK'; +} + + + +sub _get_valid_from +{ + my $self = shift; + + my $rec = $db->get('fail2ban'); + return undef unless($rec); + my @vals = (split ',', ($rec->prop('IgnoreIP') || '')); + return @vals; +} + +sub ip_sort(@) +{ + return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b); +} + +sub show_config_link +{ + my $self = shift; + my $q = $self->{cgi}; + + print '',"", + $q->p($self->localise('CONFIG')),''; + return ''; +} + +sub show_valid_from_list +{ + my $self = shift; + my $q = $self->{cgi}; + + print '',$q->p($self->localise('VALIDFROM_DESC')),''; + + my @vals = $self->_get_valid_from(); + if (@vals) + { + print '', + $q->start_table({class => "sme-border"}),"\n"; + print $q->Tr( + esmith::cgi::genSmallCell($q, $self->localise('NETWORK'),"header"), + esmith::cgi::genSmallCell($q, $self->localise('REMOVE'),"header")); + my @vals_sorted= sort ip_sort @vals; + my @cbGroup = $q->checkbox_group(-name => 'validFromRemove', + -values => [@vals_sorted], -labels => { map {$_ => ''} @vals_sorted }); + foreach my $val (@vals_sorted) + { + print $q->Tr( + esmith::cgi::genSmallCell($q, $val, "normal"), + esmith::cgi::genSmallCell($q, shift(@cbGroup), + "normal")); + } + print ''; + } + else + { + print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET')))); + } + return ''; +} + +sub show_current_deny +{ + my $self = shift; + my $q = $self->{cgi}; + + print '',$q->p($self->localise('CURRENT_DENY_DESC')),''; + + my @strvals = `/usr/bin/sfail2ban`; + + if (@strvals) + { + print '', + $q->start_table({class => "sme-border"}),"\n"; + print $q->Tr( + esmith::cgi::genSmallCell($q, $self->localise('IP_ADDRESS'),"header"), + esmith::cgi::genSmallCell($q, $self->localise('JAIL'),"header"), + esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header")); + foreach my $sval (@strvals) + { + my @ssval= split(':',$sval); + my $curjail=$ssval[0]; + my @ssvalip = split(' ',$ssval[1]); + foreach my $sssval (@ssvalip) + { + my $ip=$sssval; + my $action3 ="".$self->localise('REMOVE')."" . + " ".$self->localise('WHITELIST')."" ; + + print $q->Tr( + esmith::cgi::genSmallCell($q, $ip, "normal"), + esmith::cgi::genSmallCell($q, $curjail, "normal"), + esmith::cgi::genSmallCell($q, $action3, "normal")); + } + + + } + print ''; + } + else + { + print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET')))); + } + return ''; +} + +sub add_new_valid_from +{ + my $self = shift; + my $q = $self->{cgi}; + + my $ip = $q->param('ip'); + my $bits = $q->param('bits'); + # do nothing if no ip was added + return 1 unless ($ip); + + my $rec = $db->get('fail2ban'); + unless ($rec) + { + return $self->error('ERR_NO_RECORD'); + } + + my $prop = $rec->prop('IgnoreIP') || ''; + + my @vals = split /,/, $prop; + return $self->error('ERR_EXISTS') if (grep /^$ip\/$bits$/, @vals); # already have this entry + + if ($prop ne '') + { + $prop .= ",$ip/$bits"; + } + else + { + $prop = "$ip/$bits"; + } + $rec->set_prop('IgnoreIP', $prop); + $q->delete('ip'); + $q->delete('bits'); + return 1 +} + +sub remove_valid_from +{ + my $self = shift; + my $q = $self->{cgi}; + + my @remove = $q->param('validFromRemove'); + my @vals = $self->_get_valid_from(); + + foreach my $entry (@remove) + { + return undef unless $entry; + + unless (@vals) + { + print STDERR "ERROR: unable to load IgnoreIP property from conf db\n"; + return undef; + } + + @vals = (grep { $entry ne $_ } @vals); + } + + my $prop; + if (@vals) + { + $prop = join ',',@vals; + } + else + { + $prop = ''; + } + $db->get('fail2ban')->set_prop('IgnoreIP', $prop); + $q->delete('validFromRemove'); + + return 1; +} + +sub change_whitelist { + my ($fm) = @_; + my $q = $fm->{'cgi'}; + + my %conf; + + # Don't process the form unless we clicked the Save button. The event is + # called even if we chose the Remove link or the Add link. + return unless($q->param('Next') eq $fm->localise('SAVE')); + my $ip = ($q->param ('ip') || ''); + return '' unless $fm->add_new_valid_from; + return '' unless $fm->remove_valid_from; + + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-conf" ) == 0 ) + { + $fm->error('ERROR_UPDATING'); + return undef; + } + + $fm->success('SUCCESS'); +} + +sub change_settings { + my ($fm) = @_; + my $q = $fm->{'cgi'}; + + my %conf; + + # Don't process the form unless we clicked the Save button. The event is + # called even if we chose the Remove link or the Add link. + return unless($q->param('Next') eq $fm->localise('SAVE')); + + my $ip = ($q->param ('ip') || ''); + my $status = ($q->param ('status') || 'status'); + my $FilterLocalNetworks = ($q->param ('FilterLocalNetworks') || "enabled"); + my $FilterValidRemoteHosts= ($q->param ('FilterValidRemoteHosts') || "enabled"); + my $Mail= ($q->param ("Mail") || "enabled"); + my $BanTime= ($q->param ("BanTime") || '1800'); + my $FindTime= ($q->param ("FindTime") || '900'); + my $MaxRetry= ($q->param ("MaxRetry") || '3'); + # those are stored in a different key dedicated to the service + my %services; + $services{'sshd'}= ($q->param ("sshd") ||'enabled'); + $services{'qpsmtpd'}= ($q->param ("qpsmtpd") ||'enabled'); + $services{'dovecot'}= ($q->param ("dovecot") ||'enabled'); + $services{'httpd-e-smith'}= ($q->param ("httpd-e-smith") ||'enabled'); + $services{'ftp'}= ($q->param ("ftp") ||'enabled'); + $services{'lemonldap'}= ($q->param ("lemonldap") ||'enabled'); + $services{'ejabberd'}= ($q->param ("ejabberd" ) ||'enabled'); + $services{'sogod'}= ($q->param ("sogod" ) ||'enabled'); + $services{'wordpress'}= ($q->param ("wordpress") ||'enabled'); + + + #------------------------------------------------------------ + # Looks good; go ahead and change the access. + #------------------------------------------------------------ + + my $rec = $db->get('fail2ban'); + if ($rec) + { + $rec->set_prop('status', $status); + # unless prop empty and value eq default + $rec->set_prop('FilterLocalNetworks', $FilterLocalNetworks) unless ( ! $db->get_prop('fail2ban','FilterLocalNetworks') && $FilterLocalNetworks eq $defaultval{'FilterLocalNetworks'} ); + $rec->set_prop('FilterValidRemoteHosts', $FilterValidRemoteHosts) unless ( ! $db->get_prop('fail2ban','FilterValidRemoteHosts') && $FilterValidRemoteHosts eq $defaultval{'FilterValidRemoteHosts'} ); + $rec->set_prop('Mail', $Mail) unless ( ! $db->get_prop('fail2ban','Mail') && $Mail eq $defaultval{'Mail'} ); + $rec->set_prop('BanTime', $BanTime) unless ( ! $db->get_prop('fail2ban','BanTime') && $BanTime eq $defaultval{'BanTime'} ); + $rec->set_prop('FindTime', $FindTime) unless ( ! $db->get_prop('fail2ban','FindTime') && $FindTime eq $defaultval{'FindTime'} ); + $rec->set_prop('MaxRetry', $MaxRetry) unless ( ! $db->get_prop('fail2ban','MaxRetry') && $MaxRetry eq $defaultval{'MaxRetry'} ); + } + # for the 9 services update unless key does not exist and property does not exist and value eq default + foreach my $key (keys %services) + { + if ($key eq "wordpress") + { + $rec = $db->get('fail2ban'); + my $getprop = $db->get_prop('fail2ban',$key) || ""; + $rec->set_prop($key, $services{$key} ) unless ( ! $rec || (! $db->get_prop('fail2ban', $key) && $services{$key} eq $defaultval{$key} ) ); + } + else + { + $rec = $db->get($key); + my $getprop = $db->get_prop($key,'Fail2Ban') || ""; + $rec->set_prop('Fail2Ban', $services{$key} ) unless ( ! $rec || (! $db->get_prop($key,'Fail2Ban') && $services{$key} eq $defaultval{$key} ) ); + } + } +# this seems to prevent reload of service if we update something and remove or add an ip... +# return '' unless $fm->add_new_valid_from; +# return '' unless $fm->remove_valid_from; + + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-update" ) == 0 ) + { + $fm->error('ERROR_UPDATING'); + return undef; + } + + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-conf" ) == 0 ) + { + $fm->error('ERROR_UPDATING'); + return undef; + } + + if ( $rec->prop('status') eq 'disabled' ) + { + unless ( `/usr/bin/systemctl stop fail2ban` ) + { + $fm->error('ERROR_STOPPING'); + return undef; + } + } + + $fm->success('SUCCESS'); +} + +# validate subnet + + + +# RemoveIP after validation +sub RemoveIP { + my $fm = shift; + my $q = $fm->{'cgi'}; + my %conf; + my $ip = ($q->param('IP') || ''); + my $whitelist = ($q->param('Whitelist'))? "true" : ''; + #check ip + my $validator=Data::Validate::IP->new; + + unless ($validator->is_ipv4($ip)) + { + $fm->error('ERROR_STOPPING'); + return undef; + } + $ip = $validator->is_ipv4($ip); + # validate and untaint jail + my $jail = ($q->param('jail') || ''); + # could be [a-zA-Z0-9_\-] + $jail = $jail =~ /([a-zA-Z0-9_\-]+)/ ? $1 : undef; + $fm->error('ERROR_UPDATING') unless $jail; + return undef unless $jail; + unless ( system( "/usr/bin/fail2ban-client set $jail unbanip $ip ".' >/dev/null 2>&1' ) == 0 ) + { + $fm->error('ERROR_UPDATING'); + return undef; + } + if ($whitelist ne "" ) { + # add $ip to whitelist for the current $jail + warn "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32"; + unless ( system( "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32 ".' >/dev/null 2>&1' ) == 0 + && system( "/usr/bin/fail2ban-client reload ".' >/dev/null 2>&1' ) == 0 + ) + { + $fm->error('ERROR_UPDATING_WHITE'); + return undef; + } + + $fm->success($fm->localise('SUCCESS_IP_WHITE').": $ip",'First'); + } + else + { + $fm->success($fm->localise('SUCCESS_IP').": $ip",'First'); + } +} + +sub back { + my $fm = shift; + my $q = $fm->{'cgi'}; + print "".$fm->localise('Back').""; +return; +} + +1; diff --git a/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm b/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm new file mode 100644 index 0000000..75ca22f --- /dev/null +++ b/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm @@ -0,0 +1,455 @@ +package SrvMngr::Controller::Fail2ban; + +#---------------------------------------------------------------------- +# heading : Network +# description : Fail2Ban +# navigation : 6000 800 + +# name : fail2ban, method : get, url : /fail2ban, ctlact : fail2ban#main +# name : fail2banu, method : post, url : /fail2ban, ctlact : fail2ban#do_action +# name : fail2banr, method : get, url : /fail2ban2, ctlact : fail2ban#do_action_get +# +# routes : end +#---------------------------------------------------------------------- + +use strict; +use warnings; +use Mojo::Base 'Mojolicious::Controller'; + +use Locale::gettext; +use SrvMngr::I18N; + +use Data::Validate::IP; + +#use esmith::FormMagick::Panel::fail2ban; +# qw( get_value get_prop change_settings RemoveIP ); + +use SrvMngr qw( theme_list init_session ip_number ); + +our $cdb = esmith::ConfigDB->open() or die "Couldn't open ConfigDB\n"; + +my %defaultval=('FilterLocalNetworks'=> "enabled", + 'FilterValidRemoteHosts'=> "enabled", + "Mail" => "enabled", + "BanTime" => '1800', + "FindTime" => '900', + "MaxRetry" => '3', + "sshd" => 'enabled', + "qpsmtpd" => 'enabled', + "dovecot" => 'enabled', + "httpd-e-smith" => 'enabled', + "ftp" => 'enabled', + "lemonldap" => 'enabled', + "ejabberd" => 'enabled', + "sogod" => 'disabled', + "wordpress" => 'disabled', + "smanager" => 'enabled', +); + + +sub main { + + my $c = shift; + $c->app->log->info($c->log_req); + + my %f2b_datas = (); + my $title = $c->l('f2b_FORM_TITLE'); + + $f2b_datas{'status'} = get_prop('fail2ban', 'status'); + $f2b_datas{'filterlocalnetworks'} = get_prop('fail2ban', 'FilterLocalNetworks'); + $f2b_datas{'filtervalidremotehosts'} = get_prop('fail2ban', 'FilterValidRemoteHosts'); + $f2b_datas{'mail'} = get_prop('fail2ban', 'Mail'); + $f2b_datas{'bantime'} = get_prop('fail2ban', 'BanTime'); + $f2b_datas{'findtime'} = get_prop('fail2ban', 'FindTime'); + $f2b_datas{'maxretry'} = get_prop('fail2ban', 'MaxRetry'); + $f2b_datas{'wordpress'} = get_prop('fail2ban', 'wordpress'); + + $f2b_datas{'sshd'} = get_prop('sshd', 'Fail2Ban'); + $f2b_datas{'qpsmtpd'} = get_prop('qpsmtpd', 'Fail2Ban'); + $f2b_datas{'dovecot'} = get_prop('dovecot', 'Fail2Ban'); + $f2b_datas{'httpd-e-smith'} = get_prop('httpd-e-smith', 'Fail2Ban'); + $f2b_datas{'ftp'} = get_prop('sshd', 'Fail2Ban'); + $f2b_datas{'lemonldap'} = get_prop('lemonldap', 'Fail2Ban'); + $f2b_datas{'ejabberd'} = get_prop('ejabberd', 'Fail2Ban'); + $f2b_datas{'sogod'} = get_prop('sogod', 'Fail2Ban'); + $f2b_datas{'smanager'} = get_prop('smanager', 'Fail2Ban'); + + $c->stash( title => $title, f2b_datas => \%f2b_datas); + $c->render('fail2ban'); +}; + + +sub do_action { + + my $c = shift; + $c->app->log->info($c->log_req); + + my $rt = $c->current_route; + + my %f2b_datas = (); + my $title = $c->l('f2b_FORM_TITLE'); + + my ($res, $result) = ''; + + $f2b_datas{status} = $c->param('Status'); + my $action = ( $c->param('action') || '' ); + $f2b_datas{ip} = $c->param('Ip'); + $f2b_datas{bits} = $c->param('Bits'); + + # controls + $res = ip_number_or_blank( $c, $f2b_datas{ip} ); + $result .= $res . "
" if ( $res ne 'OK' ); + + $res = subnet_mask_bit( $c, $f2b_datas{bit} ); + $result .= $res . "
" if ( $res ne 'OK' ); + + $res = validate_network_and_mask( $c, $f2b_datas{ip}, $f2b_datas{bits} ); + $result .= $res . "
" if ( $res ne 'OK' ); + + #$result .= 'Blocked for testing d_a ! No updates for now '; # if $action; + + $res = ''; + if ( ! $result ) { + $res = $c->do_changes(); + $result .= $res unless $res eq 'OK'; + if ( ! $result ) { + $result = $c->l('f2b_SUCCESS'); + } + } + + $c->stash( title => $title, f2b_datas => \%f2b_datas ); + if ($res ne 'OK') { + $c->stash( error => $result ); + return $c->render('fail2ban'); + } + + my $message = 'fail2ban updates DONE'; + $c->app->log->info($message); + $c->flash( success => $result ); + #$c->flash( error => " No changes applied !!" ); + + #return to 'fail2ban' route !!! + $c->redirect_to('/fail2ban'); + +}; + + +sub do_action_get { + + my $c = shift; + $c->app->log->info($c->log_req); + + my ($res, $result) = ''; + + # controls + + my $action = ($c->param('action') || ''); + $result .= $c->l('f2b_ERROR_UPDATING') . " action: $action
" + unless ($action eq 'RemoveIP'); + + my $ip = ($c->param('IP') || ''); + my $whitelist = ($c->param('Whitelist'))? 'true' : 'false'; + + #check ip + my $validator=Data::Validate::IP->new; + $result .= $c->l('f2b_ERROR_STOPPING') . " IP: $ip
" + unless ($validator->is_ipv4($ip)); + $ip = $validator->is_ipv4($ip); + + # validate and untaint jail + my $jail = ($c->param('Jail') || ''); + # could be [a-zA-Z0-9_\-] + $jail = $jail =~ /([a-zA-Z0-9_\-]+)/ ? $1 : undef; + $result .= $c->l('f2b_ERROR_UPDATING') . " jail: $jail
" + unless $jail; + + #$result .= 'Blocked for testing d_a_g ! No updates for now '; # if $action; + + $res = ''; + if ( ! $result ) { + $res = $c->RemoveIP( $ip, $whitelist, $jail ); + $result .= $res unless $res eq 'OK'; + if ( ! $result ) { + if ($whitelist eq "true" ) { + $result = $c->l('f2b_SUCCESS_IP_WHITE')." : $ip"; + } else { + $result = $c->l('f2b_SUCCESS_IP')." : $ip"; + } + } + } + + if ($res ne 'OK') { + $c->flash( error => $result ); + } else { + my $message = "fail2ban removeip $ip DONE"; + $c->app->log->info($message); + $c->flash( success => $result ); + } + + $c->redirect_to('/fail2ban'); + +}; + + +sub do_changes { + + my $c = shift; + my %conf; + + # Don't process the form unless we clicked the Save button. The event is + # called even if we chose the Remove link or the Add link. + + my $ip = ($c->param ('Ip') || ''); + my $status = ($c->param ('Status') || 'status'); + my $FilterLocalNetworks = ($c->param ('FilterLocalNetworks') || "enabled"); + my $FilterValidRemoteHosts= ($c->param ('FilterValidRemoteHosts') || "enabled"); + my $Mail= ($c->param ("Mail") || "enabled"); + my $BanTime= ($c->param ("BanTime") || '1800'); + my $FindTime= ($c->param ("FindTime") || '900'); + my $MaxRetry= ($c->param ("MaxRetry") || '3'); + + # those are stored in a different key dedicated to the service + my %services; + $services{'sshd'}= ($c->param ("Sshd") ||'enabled'); + $services{'qpsmtpd'}= ($c->param ("Qpsmtpd") ||'enabled'); + $services{'dovecot'}= ($c->param ("Dovecot") ||'enabled'); + $services{'httpd-e-smith'}= ($c->param ("Httpd-e-smith") ||'enabled'); + $services{'ftp'}= ($c->param ("Ftp") ||'enabled'); + $services{'lemonldap'}= ($c->param ("Lemonldap") ||'enabled'); + $services{'ejabberd'}= ($c->param ("Ejabberd" ) ||'enabled'); + $services{'sogod'}= ($c->param ("Sogod" ) ||'enabled'); + $services{'wordpress'}= ($c->param ("Wordpress") ||'enabled'); + $services{'smanager'}= ($c->param ("Smanager") ||'enabled'); + + + #------------------------------------------------------------ + # Looks good; go ahead and change the access. + #------------------------------------------------------------ + + my $rec = $cdb->get('fail2ban'); + if ($rec) { + $rec->set_prop('status', $status); + # unless prop empty and value eq default + $rec->set_prop('FilterLocalNetworks', $FilterLocalNetworks) + unless ( ! $cdb->get_prop('fail2ban','FilterLocalNetworks') + && $FilterLocalNetworks eq $defaultval{'FilterLocalNetworks'} ); + $rec->set_prop('FilterValidRemoteHosts', $FilterValidRemoteHosts) + unless ( ! $cdb->get_prop('fail2ban','FilterValidRemoteHosts') + && $FilterValidRemoteHosts eq $defaultval{'FilterValidRemoteHosts'} ); + $rec->set_prop('Mail', $Mail) + unless ( ! $cdb->get_prop('fail2ban','Mail') && $Mail eq $defaultval{'Mail'} ); + $rec->set_prop('BanTime', $BanTime) + unless ( ! $cdb->get_prop('fail2ban','BanTime') && $BanTime eq $defaultval{'BanTime'} ); + $rec->set_prop('FindTime', $FindTime) + unless ( ! $cdb->get_prop('fail2ban','FindTime') && $FindTime eq $defaultval{'FindTime'} ); + $rec->set_prop('MaxRetry', $MaxRetry) + unless ( ! $cdb->get_prop('fail2ban','MaxRetry') && $MaxRetry eq $defaultval{'MaxRetry'} ); + } + # for the 9 services update unless key does not exist and property does not exist and value eq default + foreach my $key (keys %services) { + if ($key eq "wordpress") { + $rec = $cdb->get('fail2ban'); + my $getprop = $cdb->get_prop('fail2ban',$key) || ""; + $rec->set_prop($key, $services{$key} ) + unless ( ! $rec || (! $cdb->get_prop('fail2ban', $key) && $services{$key} eq $defaultval{$key} ) ); + } else { + $rec = $cdb->get($key); + my $getprop = $cdb->get_prop($key,'Fail2Ban') || ""; + $rec->set_prop('Fail2Ban', $services{$key} ) + unless ( ! $rec || (! $cdb->get_prop($key,'Fail2Ban') && $services{$key} eq $defaultval{$key} ) ); + } + } + +# ?? this seems to prevent reload of service if we update something and remove or add an ip... ?? + $c->add_new_valid_from; + $c->remove_valid_from; + + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-update" ) == 0 ) { + return $c->l('f2b_ERROR_UPDATING'); + } + + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-conf" ) == 0 ) { + return $c->l('f2b_ERROR_UPDATING'); + } + + if ( $rec->prop('status') eq 'disabled' ) { + unless ( `/etc/init.d/fail2ban stop` ) { + return $c->l('f2b_ERROR_STOPPING'); + } + } + + return 'OK'; +} + + +# RemoveIP after validation +sub RemoveIP { + + my ( $c, $ip, $whitelist, $jail ) = @_; + + unless ( system( "/usr/bin/fail2ban-client set $jail unbanip $ip ".' >/dev/null 2>&1' ) == 0 ) { + return $c->l('f2b_ERROR_UPDATING'); + } + + if ($whitelist eq 'true' ) { + # add $ip to whitelist for the current $jail + warn "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32"; + unless ( system( "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32 ".' >/dev/null 2>&1' ) == 0 + && system( "/usr/bin/fail2ban-client reload ".' >/dev/null 2>&1' ) == 0 + ) { + return $c->l('f2b_ERROR_UPDATING_WHITE'); + } + } + + return 'OK'; + +} + + +sub add_new_valid_from { + + my $c = shift; + + my $ip = $c->param('Ip'); + my $bits = $c->param('Bits'); + + # do nothing if no ip was added + return 1 unless ($ip); + + my $rec = $cdb->get('fail2ban'); + return $c->l('f2b_ERR_NO_RECORD') unless $rec; + + my $prop = $rec->prop('IgnoreIP') || ''; + + my @vals = split /,/, $prop; + return '' if (grep /^$ip\/$bits$/, @vals); # already have this entry + + if ($prop ne '') { + $prop .= ",$ip/$bits"; + } else { + $prop = "$ip/$bits"; + } + + $rec->set_prop('IgnoreIP', $prop); + + return 1; +} + + +sub remove_valid_from { + + my $c = shift; + + my @remove = @{$c->every_param('ValidFromRemove')}; + return 1 unless @remove; + + my @vals = @{$c->get_valid_from()}; + unless (@vals) { + print STDERR "ERROR: unable to load IgnoreIP property from conf db\n"; + return undef; + } + + #$c->app->log->debug("remo: " . $c->dumper(\@remove) .' vals: '. $c->dumper(\@vals)); + + foreach my $entry (@remove) { + @vals = (grep { $entry ne $_ } @vals); + } + + my $prop = ''; + $prop = join(',', @vals) if @vals; + + $cdb->get('fail2ban')->set_prop('IgnoreIP', $prop); + + return 1; +} + + +sub ip_number_or_blank { + + my $c = shift; + my $ip = shift; + + if (!defined($ip) || $ip eq "") { + return 'OK'; + } + $c->ip_number( $ip ); +} + + +sub subnet_mask_bit { + + my ($c, $mask) = @_; + + my @allowed = (8,9,12,14,16,17,20,22,24,25,28,30,32); + + if ( !defined($mask) || $mask eq "" || grep( /^$mask$/, @allowed ) ) { + return "OK"; + } + return $c->l('f2b_INVALID_SUBNET_MASK'); +} + + +sub validate_network_and_mask { + + my $c = shift; + my $net = shift || ""; + my $mask = shift || ""; + +# my $net = $c->param('Ip') || ""; + if ($net xor $mask) { + return $c->l('f2b_ERR_INVALID_PARAMS'); + } + + return 'OK'; +} + + +sub get_prop { + +# my $c = shift; + my $item = shift; + my $prop = shift; + my $value = $cdb->get_prop($item, $prop) || ''; + if ( $value eq "" && exists($defaultval{$prop}) && $item eq "fail2ban") { + $value=$defaultval{$prop}; + } elsif ( $value eq "" && exists($defaultval{$item}) && $prop eq "Fail2Ban" && $item ne "fail2ban" ) { + $value=$defaultval{$item}; + } + + return $value; +} + + +sub get_valid_from { + + my $c = shift; + my @vals_sorted = (); + + my $rec = $cdb->get('fail2ban'); + if ( $rec ) { + my @vals = (split ',', $rec->prop('IgnoreIP')); + @vals_sorted = sort ip_sort @vals if @vals; +# @vals_sorted = @vals; + } + + return \@vals_sorted; +} + + +sub get_current_deny { + + my $c = shift; + + my @cdeny = `/usr/bin/sfail2ban`; + + return \@cdeny +} + + +sub ip_sort(@) { + return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b); +} + + +1; + diff --git a/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex b/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex new file mode 100644 index 0000000..9b3da36 --- /dev/null +++ b/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex @@ -0,0 +1,56 @@ +'f2b_FORM_TITLE' => 'Fail2ban service', +'f2b_SERVICE_STATUS' => 'Fail2ban service status.', +'f2b_STATUS' => 'Status', +'f2b_FilterLocalNetworks_STATUS' => 'Whitelist all the local network defined.', +'f2b_FilterLocalNetworks' => 'FilterLocalNetworks status', +'f2b_FilterValidRemoteHosts_STATUS' => 'Whitelist all the authorized remote hosts allowed to acces server-manager.', +'f2b_FilterValidRemoteHosts' => 'FilterValidRemoteHosts status', +'f2b_SEND_MAIL_STATUS' => 'Status of qmail jail', +'f2b_MAIL' => 'Mail', +'f2b_BANTIME' => 'Set the default ban time for jails (Initial default is 1800 seconds).', +'f2b_DEFAULT_BANTIME' => 'Bantime', +'f2b_FINDTIME' => '>Set the default find time for jails (Initial default is 900 seconds).', +'f2b_DEFAULT_FINDTIME' => 'Findtime', +'f2b_MAXRETRY' => 'Set the default max retry allowed before being ban (Initial default is 3).', +'f2b_DEFAULT_MAXRETRY' => 'Maxretry', +'f2b_SSHD_STATUS' => 'Status of sshd jail.', +'f2b_SSHD' => 'sshd', +'f2b_QPSMTPD_STATUS' => 'Status of qpsmtpd (incoming emails) jail.', +'f2b_QPSMTPD' => 'qpsmtpd', +'f2b_IMAP_STATUS' => 'Status of dovecot (imap service to retrieve emails) jail.', +'f2b_IMAP' => 'dovecot', +'f2b_HTTPD_STATUS' => 'Status of httpd jails. Multiple features are enabled at once there.', +'f2b_HTTPD' => 'httpd', +'f2b_FTP_STATUS' => 'Status of proftpd jail.', +'f2b_FTP' => 'proftpd', +'f2b_LEMONLDAP_STATUS' => 'Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled.', +'f2b_LEMONLDAP' => 'LemonLDAP', +'f2b_EJABBERD_STATUS' => 'Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled.', +'f2b_EJABBERD' => 'ejabberd', +'f2b_SOGOD_STATUS' => 'Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled.', +'f2b_SOGOD' => 'Sogo', +'f2b_WORDPRESS_STATUS' => 'Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances.', +'f2b_WORDPRESS' => 'Wordpress', +'f2b_SMANAGER_STATUS' => 'Status of smanager jails. You need to activate it manually if you install it after fail2ban.', +'f2b_SMANAGER' => 'Smanager', +'f2b_VALIDFROM_TITLE' => 'Allowed Hosts', +'f2b_VALIDFROM_DESC' => 'This is a list of hosts that will not be blocked by fail2ban.', +'f2b_NO_ENTRIES_YET' => 'No Entries Yet', +'f2b_DESC_ADD_IP' => 'To add a new allowed network, enter the details below.', +'f2b_ADD_IP' => 'Authorized network', +'f2b_DESC_ADD_BITS' => 'To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32).', +'f2b_ADD_BITS' => 'Authorized network subnet', +'f2b_CURRENT_DENY_TITLE' => 'Blocked Hosts', +'f2b_CURRENT_DENY_DESC' => 'This is a list of hosts that are currently blocked.', +'f2b_JAIL' => 'Jail', +'f2b_FIRST_SEEN' => 'Host first seen', +'f2b_SUCCESS' => 'The new fail2ban settings have been saved.', +'f2b_ERR_NO_RECORD' => 'Unable to locate fail2ban record in configuration db', +'f2b_ERROR_STOPPING' => 'Error while trying to stop service', +'f2b_SUCCESS_IP' => 'The following IP has been unbanned', +'f2b_WHITELIST' => 'Whitelist', +'f2b_SUCCESS_IP_WHITE' => 'The following IP has been unbanned and whitelisted', +'f2b_ERROR_UPDATING' => 'Unable to unban', +'f2b_ERROR_UPDATING_WHITE' => 'Unable to unban and whitelist', +'f2b_ERR_INVALID_PARAMS' => 'Invalid network parameters', +'f2b_INVALID_SUBNET_MASK' => 'Invalid subnet mask', diff --git a/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep b/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep new file mode 100644 index 0000000..d271dac --- /dev/null +++ b/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep @@ -0,0 +1,180 @@ +% layout 'default', title => "Sme server 2 - fail2ban"; + +% content_for 'module' => begin + +
+ + %if ($config->{debug} == 1) { +

+ %= dumper $c->current_route + %= dumper $f2b_datas +

+ %} + + % if ( stash 'error' ) { +
+ %= $c->render_to_string(inline => stash 'error') +
+ %} + +

<%= $title %>

+ + %= form_for '/fail2ban' => (method => 'POST') => begin +

+ %=l('f2b_SERVICE_STATUS') +
+ %=l 'f2b_STATUS' + + % param 'Status' => $f2b_datas->{status} unless param 'Status'; + %= select_field 'Status' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_FilterLocalNetworks_STATUS') +
+ %=l 'f2b_FilterLocalNetworks' + + % param 'FilterLocalNetworks' => $f2b_datas->{filterlocalnetworks} unless param 'FilterLocalNetworks'; + %= select_field 'FilterLocalNetworks' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_FilterValidRemoteHosts_STATUS') +
+ %=l 'f2b_FilterValidRemoteHosts' + + % param 'FilterValidRemoteHosts' => $f2b_datas->{filtervalidremotehosts} unless param 'FilterValidRemoteHosts'; + %= select_field 'FilterValidRemoteHosts' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_SEND_MAIL_STATUS') +
+ %=l 'f2b_MAIL' + + % param 'Mail' => $f2b_datas->{mail} unless param 'Mail'; + %= select_field 'Mail' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l 'f2b_DEFAULT_BANTIME' + + % param 'BanTime' => $f2b_datas->{bantime} unless param 'BanTime'; + %= text_field 'BanTime', size => '9', class => 'input' + + %=l 'f2b_DEFAULT_FINDTIME' + + % param 'FindTime' => $f2b_datas->{findtime} unless param 'FindTime'; + %= text_field 'FindTime', size => '6', class => 'input' + + %=l 'f2b_DEFAULT_MAXRETRY' + + % param 'MaxRetry' => $f2b_datas->{maxretry} unless param 'MaxRetry'; + %= text_field 'MaxRetry', size => '2', class => 'input' +

+

+ %=l('f2b_SSHD_STATUS') +
+ %=l 'f2b_SSHD' + + % param 'Sshd' => $f2b_datas->{sshd} unless param 'Sshd'; + %= select_field 'Sshd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+ %=l('f2b_QPSMTPD_STATUS') +
+ %=l 'f2b_QPSMTPD' + + % param 'Qpsmtpd' => $f2b_datas->{qpsmtpd} unless param 'Qpsmtpd'; + %= select_field 'Qpsmtpd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_IMAP_STATUS') +
+ %=l 'f2b_IMAP' + + % param 'Dovecot' => $f2b_datas->{dovecot} unless param 'Dovecot'; + %= select_field 'Dovecot' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_HTTPD_STATUS') +
+ %=l 'f2b_HTTPD' + + % param 'Httpd-e-smith' => $f2b_datas->{'httpd-e-smith'} unless param 'Httpd-e-smith'; + %= select_field 'Httpd-e-smith' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_FTP_STATUS') +
+ %=l 'f2b_FTP' + + % param 'Ftp' => $f2b_datas->{ftp} unless param 'Ftp'; + %= select_field 'Ftp' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_LEMONLDAP_STATUS') +
+ %=l 'f2b_LEMONLDAP' + + % param 'Lemonldap' => $f2b_datas->{lemonldap} unless param 'Lemonldap'; + %= select_field 'Lemonldap' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_EJABBERD_STATUS') +
+ %=l 'f2b_EJABBERD' + + % param 'Ejabberd' => $f2b_datas->{ejabberd} unless param 'Ejabberd'; + %= select_field 'Ejabberd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_SOGOD_STATUS') +
+ %=l 'f2b_SOGOD' + + % param 'Sogod' => $f2b_datas->{sogod} unless param 'Sogod'; + %= select_field 'Sogod' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_WORDPRESS_STATUS') +
+ %=l 'f2b_WORDPRESS' + + % param 'Wordpress' => $f2b_datas->{wordpress} unless param 'Wordpress'; + %= select_field 'Wordpress' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+

+ %=l('f2b_SMANAGER_STATUS') +
+ %=l 'f2b_SMANAGER' + + % param 'Smanager' => $f2b_datas->{smanager} unless param 'Smanager'; + %= select_field 'Smanager' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input' +

+ + %= include 'partials/_f2b_valid' + +

+ %=l('f2b_DESC_ADD_IP') +
+ %=l 'f2b_ADD_IP' + + % param 'Ip' => $f2b_datas->{ip} unless param 'Ip'; + %= text_field 'Ip', class => 'input' +

+

+ %=l('f2b_DESC_ADD_BITS') +
+ %=l 'f2b_ADD_BITS' + + % param 'Bits' => $f2b_datas->{bits} unless param 'Bits'; + %= text_field 'Bits', class => 'input' +

+ +
+ %= submit_button $c->l('SAVE'), class => 'action' +
+ + % end + + %= include 'partials/_f2b_blocked' + +
+ +%end diff --git a/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep b/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep new file mode 100644 index 0000000..ecd98f4 --- /dev/null +++ b/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep @@ -0,0 +1,47 @@ +
+

+ %=l 'f2b_CURRENT_DENY_TITLE' +

+ %=l 'f2b_CURRENT_DENY_DESC' +

+ + % my @denys = @{$c->get_current_deny()}; + % if ($config->{debug} == 1) { +

<%= dumper @denys %>

+ % } + + % if ( @denys ) { +

+ + + % foreach my $sval ( @denys) { + % my @ssval = split(':',$sval); + % my $curjail = $ssval[0]; + % $curjail =~ s/^\s//; + % my @ssvalip = split(' ',$ssval[1]); + % foreach my $sssval (@ssvalip) { + % my $ip=$sssval; + % my $action3 = "".$c->l('REMOVE')."" . + % " ".$c->l('WHITELIST')."" ; + + %= t td => (class => 'sme-border') => "$ip" + %= t td => (class => 'sme-border') => "$curjail" + + + % } + % } +
+ %=l 'IP_ADDRESS' + + %=l 'f2b_JAIL' + + %=l 'ACTION' +
<%= $c->render_to_string(inline => $action3) %>

+ % } else { + + %=l 'f2b_NO_ENTRIES_YET'; + + % } +
diff --git a/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep b/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep new file mode 100644 index 0000000..ba585b6 --- /dev/null +++ b/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep @@ -0,0 +1,35 @@ +
+

+ %=l 'f2b_VALIDFROM_TITLE' +

+ %=l 'f2b_VALIDFROM_DESC' +

+ % my @valids = @{$c->get_valid_from()}; + % if ( @valids ) { +

+ + + % foreach my $v ( @valids) { + % my $checked = ''; + + %= t td => (class => 'sme-border') => "$v" + + + % } +
+ %=l 'NETWORK' + + %=l 'REMOVE' +
+ % if ( $checked eq 'checked' ) { + + %} else { + %= check_box 'ValidFromRemove' => $v + %} +

+ % } else { + + %=l 'f2b_NO_ENTRIES_YET'; + + % } +
diff --git a/smeserver-fail2ban.spec b/smeserver-fail2ban.spec new file mode 100644 index 0000000..efcf7f9 --- /dev/null +++ b/smeserver-fail2ban.spec @@ -0,0 +1,231 @@ +%define version 0.1.18 +%define release 33 +%define name smeserver-fail2ban + +Summary: fail2ban integration on SME Server +Name: %{name} +Version: %{version} +Release: %{release}%{?dist} +Epoch: 9 +License: GPL +Group: Networking/Daemons +Source: %{name}-%{version}.tar.xz +patch25: smeserver-fail2ban-0.1.18-locale-2024-09-05.patch + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +BuildRequires: e-smith-devtools + +Requires: e-smith-base >= 5.2.0 +Requires: fail2ban-server, fail2ban-sendmail +Requires: perl-Data-Validate-IP +Obsoletes: fail2ban-firewalld, firewalld +AutoReqProv: no + +%description +Configure fail2ban on SME Server + +%changelog +* Sat Sep 07 2024 cvs2git.sh aka Brian Read 0.1.18-33.sme +- Roll up patches and move to git repo [SME: 12338] + +* Sat Sep 07 2024 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Thu Sep 05 2024 Terry Fage 0.1.18-32.sme +- add local 2024-09-05.patch + +* Fri Mar 01 2024 Brian Read 0.1.18-31.sme +- Edit SM2 Menu entry to conform to new arrangements [SME: 12493] + +* Fri Jul 29 2022 Jean-Philippe Pialasse 0.1.18-30.sme +- add to core backup [SME: 12008] +- add local 2022-07-30 patch + +* Mon Jul 25 2022 Jean-Philippe Pialasse 0.1.18-28.sme +- revert previous patch, wrong package [SME: 12011] + +* Fri Jul 22 2022 Jean-Philippe Pialasse 0.1.18-27.sme +- add to core backup [SME: 12011] + +* Fri Jul 22 2022 Jean-Philippe Pialasse 0.1.18-26.sme +- apply locale patch 2022-07-22 + +* Fri Jan 07 2022 Brian Read 0.1.18-25.sme +- Add-class-to-div-for-AdminLTE [SME: 11837] + +* Thu Dec 09 2021 Jean-Philippe Pialasse 0.1.18-24.sme +- fix adding removing whitelisted hosts [SME: 10819] + moved config options to dedicated page +- removed apache-badbots.local, lot of false positives [SME: 10857] + +* Wed Dec 08 2021 Jean-Philippe Pialasse 0.1.18-22.sme +- fix apache-badbots logfile definition [SME: 10857] + add updated badbot list. + +* Wed Dec 08 2021 Jean-Philippe Pialasse 0.1.18-21.sme +- update wordpress filters [SME: 11651] + +* Wed Dec 08 2021 Jean-Philippe Pialasse 0.1.18-20.sme +- allow baning subnet [SME: 11650] + +* Wed Oct 27 2021 John Crisp 0.1.18-19.sme +- Fix my versioning + +* Wed Oct 27 2021 John Crisp 0.1.18-18.sme +- Add Requires for perl-Data-Validate-IP [SME: 11720] + +* Sun Sep 12 2021 Terry Fage 0.1.18-17.sme +- redo fix for typo qpsmtpd status [SME: 11636] + +* Wed Sep 08 2021 Terry Fage 0.1.18-16.sme +- Update locale 2021-09-08 patch + +* Sun Aug 22 2021 Terry Fage 0.1.18-15.sme +- Update locale 2021-08-21 patch + +* Thu Jul 08 2021 Michel Begue 0.1.18-14.sme +- Add fail2ban panel in smeserver-manager [SME: 11636] +- add smanager jail and filter +- fix typo for qsmtpd status change +- add AutoReqProv so smeserver-manager is not required + +* Mon May 31 2021 Jean-Philippe Pialasse 0.1.18-13.sme +- fix requirements and avoid firewalld [SME: 10949] + +* Tue May 25 2021 Terry Fage 0.1.18-12.sme +- Server Fails to Start SME10 [SME: 11586] + +* Mon Apr 19 2021 Brian Read 0.1.18-11.sme +- Initial import to SME10 [SME: 10949] +- Add -update event to createlinks. + +* Wed Nov 27 2019 Jean-Philipe Pialasse 0.1.18-10.sme +- fix wordpress template error [SME: 10839] +- rewrite rule for [SME: 9719] +- add configurable values for recidive jail [SME: 10370] + +* Wed Oct 16 2019 Jean-Philipe Pialasse 0.1.18-9.sme +- propagate configuration changes to fail2ban after submiting changes [SME: 10817] + +* Wed Oct 16 2019 Jean-Philipe Pialasse 0.1.18-8.sme +- fix blocked hosts list not displaying unless smeserver-denyhosts also installed [SME: 10814] + +* Fri Jul 19 2019 Jean-Philipe Pialasse 0.1.18-7.sme +- prevent fail2ban failure if sogo not installed while a backup restored db entries [SME: 9669] + +* Mon Jun 03 2019 Jean-Philipe Pialasse 0.1.18-6.sme +- fix incorrect permissions on sfail2ban [SME: 10775] + +* Mon Jun 03 2019 Jean-Philipe Pialasse 0.1.18-5.sme +- fix wordpress fragment error preventing jail.conf to be updated [SME: 10776] + +* Tue May 14 2019 Jean-Philipe Pialasse 0.1.18-4.sme +- fix missing sfail2ban exec [SME: 10775] +- Apply locals + +* Tue Apr 09 2019 Jean-Philipe Pialasse 0.1.18-3.sme +- add admin panel [SME: 10767] +- add wordpress jails and filters [SME: 9709] + +* Fri Oct 27 2017 Daniel Berteaud - 0.1.18-1.sme +- Ignore greylisting, from Michael McCarn [SME: 10447] + +* Thu Nov 17 2016 Daniel Berteaud - 0.1.17-1.sme +- Makes sur log files exist before resuming monitoring after a logrotate + [SME: 9875] + +* Tue Aug 2 2016 Daniel Berteaud - 0.1.16-1.sme +- Add a new prop (FilterValidRemoteHosts) to allow blacklisting of hosts allowed + to access the server-manager +- Ignore 0.0.0.0/0.0.0.0 by default [SME: 9719] + +* Tue Jul 5 2016 Daniel Berteaud - 0.1.15-1.sme +- Fix compat with older qpsmtpd + +* Thu Jun 9 2016 Daniel Berteaud - 0.1.14-1.sme +- Update regex for qpsmtpd 0.96 + +* Mon Feb 29 2016 Daniel Berteaud - 0.1.13-1.sme +- Ignore failure to get proxy.pac + +* Fri Jul 24 2015 Daniel Berteaud - 0.1.12-1.sme +- Updates for fail2ban 0.9.2 +- Add more httpd jails +- Switch to upstream Ejabberd filter + +* Wed Apr 15 2015 Daniel Berteaud - 0.1.11-1.sme +- Start fail2ban a bit later [SME: 8708] + +* Tue Jan 27 2015 Daniel Berteaud - 0.1.10-1.sme +- Suspend log monitoring during logrotate [SME: 8708] + +* Thu Jan 15 2015 Daniel Berteaud - 0.1.9-1.sme +- Fix LL::NG jail name + +* Wed Sep 17 2014 Daniel Berteaud - 0.1.8-1.sme +- Restart fail2ban during logrotate event so it re-open apache log file [SME: 8557] + +* Wed Jun 25 2014 Daniel Berteaud - 0.1.7-1.sme +- Correctly handle single IP in IgnoreIP prop + +* Tue Jun 24 2014 Daniel Berteaud - 0.1.6-1.sme +- Relax proxy regex so requests for proxy.pac aren't matched + +* Mon Jun 23 2014 Daniel Berteaud - 0.1.5-1.sme +- Pre-create the logfile so fail2ban can start the first time +- Remove most warnings on startup + +* Wed Apr 23 2014 Daniel Berteaud - 0.1.4-1.sme +- New branch for SME9 +- Remove sogo-auth.conf which is included in EL6 build of fail2ban + +* Wed Dec 18 2013 Daniel Berteaud - 0.1.3-1.sme +- Fix port, which was incorrectly set to proto + +* Tue Nov 19 2013 Daniel Berteaud - 0.1.2-1.sme +- Create the DB entries in one transaction to reduce the amount of log + for each ban + +* Thu Jul 4 2013 Daniel Berteaud - 0.1.1-1.sme +- Fix service name for LemonLDAP::NG + +* Tue May 14 2013 Daniel Berteaud - 0.1.0-1.sme +- initial release + +%prep +%setup -q -n %{name}-%{version} + +%build +%{__mkdir_p} root/var/log/fail2ban +perl createlinks + +%install +/bin/rm -rf $RPM_BUILD_ROOT +(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) +/bin/rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /var/log/fail2ban 'attr(0750,root,root)' \ + --file /var/log/fail2ban/daemon.log 'config(noreplace) %attr(0600,root,root)' \ + --file /etc/cron.daily/cleanup_fail2ban 'attr(0755,root,root)' \ + --file /etc/fail2ban/filter.d/apache-auth.local 'config(noreplace) %attr(0644,root,root)' \ + --file /usr/bin/sfail2ban 'attr(0755,root,root)' \ + > %{name}-%{version}-filelist +#--file /etc/fail2ban/filter.d/apache-badbots.local 'config(noreplace) %attr(0644,root,root)' \ + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + +%post + +if (systemctl list-unit-files |grep smanager) then + echo "Smanager restart in spec file" + /sbin/e-smith/signal-event smanager-refresh; +fi + + +%preun