From fa06218c1263ec0a22d0a6332f65d68478a84e25 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 15 Jun 2015 22:25:44 +0200 Subject: [PATCH] Current state --- .etckeeper | 20 ++- bash/bashrc | 18 ++- bash/bashrc.d/.keep_app-shells_bash-0 | 0 config-archive/etc/bash/bashrc | 2 +- config-archive/etc/bash/bashrc.1 | 6 +- config-archive/etc/bash/bashrc.2 | 21 ++- config-archive/etc/bash/bashrc.3 | 152 ++++++++++++++++++ config-archive/etc/bash/bashrc.dist.new | 102 ++++++++++++ config-archive/etc/fail2ban/fail2ban.conf | 29 +++- config-archive/etc/fail2ban/fail2ban.conf.1 | 50 ++++++ .../etc/fail2ban/fail2ban.conf.dist | 6 + courier/authlib/authdaemonrc | 2 +- courier/authlib/authdaemonrc.dist | 2 +- courier/authlib/authldaprc | 11 +- courier/authlib/authldaprc.dist | 11 +- eselect/postgresql/slots/9.4/base | 2 +- fail2ban/action.d/badips.py | 10 +- fail2ban/action.d/bsd-ipfw.conf | 4 +- fail2ban/action.d/firewallcmd-allports.conf | 53 ++++++ fail2ban/action.d/firewallcmd-multiport.conf | 63 ++++++++ fail2ban/action.d/firewallcmd-new.conf | 6 +- fail2ban/action.d/mail-whois-lines.conf | 2 +- fail2ban/action.d/nsupdate.conf | 114 +++++++++++++ fail2ban/action.d/sendmail-common.conf | 4 +- fail2ban/action.d/sendmail-geoip-lines.conf | 49 ++++++ .../sendmail-whois-ipjailmatches.conf | 4 +- .../action.d/sendmail-whois-ipmatches.conf | 4 +- fail2ban/action.d/sendmail-whois-lines.conf | 4 +- fail2ban/action.d/sendmail-whois-matches.conf | 4 +- fail2ban/action.d/sendmail-whois.conf | 2 +- fail2ban/action.d/sendmail.conf | 2 +- fail2ban/action.d/ufw.conf | 6 +- fail2ban/action.d/xarf-login-attack.conf | 2 +- fail2ban/fail2ban.conf | 6 + fail2ban/filter.d/apache-botsearch.conf | 14 +- fail2ban/filter.d/apache-fakegooglebot.conf | 14 ++ fail2ban/filter.d/asterisk.conf | 2 +- fail2ban/filter.d/botsearch-common.conf | 19 +++ fail2ban/filter.d/common.conf | 4 + fail2ban/filter.d/counter-strike.conf | 1 + fail2ban/filter.d/dovecot.conf | 5 +- fail2ban/filter.d/drupal-auth.conf | 26 +++ fail2ban/filter.d/exim.conf | 4 +- fail2ban/filter.d/groupoffice.conf | 2 +- .../ignorecommands/apache-fakegooglebot | 32 ++++ fail2ban/filter.d/kerio.conf | 3 + fail2ban/filter.d/monit.conf | 1 + fail2ban/filter.d/named-refused.conf | 2 + fail2ban/filter.d/nginx-botsearch.conf | 20 +++ fail2ban/filter.d/nsd.conf | 2 + fail2ban/filter.d/pam-generic.conf | 2 +- fail2ban/filter.d/portsentry.conf | 2 + fail2ban/filter.d/postfix-rbl.conf | 19 +++ fail2ban/filter.d/postfix-sasl.conf | 4 +- fail2ban/filter.d/postfix.conf | 1 + fail2ban/filter.d/recidive.conf | 2 + fail2ban/filter.d/squid.conf | 2 +- fail2ban/filter.d/squirrelmail.conf | 1 + fail2ban/filter.d/sshd.conf | 1 + fail2ban/filter.d/stunnel.conf | 2 + fail2ban/filter.d/vsftpd.conf | 2 +- fail2ban/filter.d/wuftpd.conf | 2 +- fail2ban/jail.conf | 52 ++++-- fail2ban/paths-common.conf | 3 + init.d/courier-imapd | 4 +- init.d/courier-imapd-ssl | 4 +- init.d/courier-pop3d | 4 +- init.d/courier-pop3d-ssl | 4 +- pam.d/login | 1 - pam.d/system-auth | 3 - pam.d/system-login | 4 - portage/make.conf | 1 + portage/package.use | 13 +- xml/catalog | 2 +- 74 files changed, 960 insertions(+), 99 deletions(-) create mode 100644 bash/bashrc.d/.keep_app-shells_bash-0 create mode 100644 config-archive/etc/bash/bashrc.3 create mode 100644 config-archive/etc/bash/bashrc.dist.new create mode 100644 config-archive/etc/fail2ban/fail2ban.conf.1 create mode 100644 fail2ban/action.d/firewallcmd-allports.conf create mode 100644 fail2ban/action.d/firewallcmd-multiport.conf create mode 100644 fail2ban/action.d/nsupdate.conf create mode 100644 fail2ban/action.d/sendmail-geoip-lines.conf create mode 100644 fail2ban/filter.d/apache-fakegooglebot.conf create mode 100644 fail2ban/filter.d/botsearch-common.conf create mode 100644 fail2ban/filter.d/drupal-auth.conf create mode 100755 fail2ban/filter.d/ignorecommands/apache-fakegooglebot create mode 100644 fail2ban/filter.d/nginx-botsearch.conf create mode 100644 fail2ban/filter.d/postfix-rbl.conf diff --git a/.etckeeper b/.etckeeper index d746477..d875009 100755 --- a/.etckeeper +++ b/.etckeeper @@ -121,6 +121,8 @@ maybe chmod 0600 'autofs/autofs_ldap_auth.conf' maybe chmod 0755 'bash' maybe chmod 0644 'bash/bash_logout' maybe chmod 0644 'bash/bashrc' +maybe chmod 0755 'bash/bashrc.d' +maybe chmod 0644 'bash/bashrc.d/.keep_app-shells_bash-0' maybe chmod 0755 'bash_completion.d' maybe chown 'named' 'bind' maybe chmod 0755 'bind' @@ -252,7 +254,9 @@ maybe chmod 0755 'config-archive/etc/bash' maybe chmod 0644 'config-archive/etc/bash/bashrc' maybe chmod 0644 'config-archive/etc/bash/bashrc.1' maybe chmod 0644 'config-archive/etc/bash/bashrc.2' +maybe chmod 0644 'config-archive/etc/bash/bashrc.3' maybe chmod 0644 'config-archive/etc/bash/bashrc.dist' +maybe chmod 0644 'config-archive/etc/bash/bashrc.dist.new' maybe chmod 0755 'config-archive/etc/bind' maybe chmod 0640 'config-archive/etc/bind/bind.keys' maybe chmod 0640 'config-archive/etc/bind/bind.keys.dist' @@ -322,6 +326,7 @@ maybe chmod 0644 'config-archive/etc/eselect/postgresql/slots/9.1/server.2' maybe chmod 0644 'config-archive/etc/eselect/postgresql/slots/9.1/server.dist' maybe chmod 0755 'config-archive/etc/fail2ban' maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf' +maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.1' maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.dist' maybe chmod 0644 'config-archive/etc/hosts' maybe chmod 0644 'config-archive/etc/hosts.dist.new' @@ -705,7 +710,9 @@ maybe chmod 0660 'courier/authlib/authpgsqlrc' maybe chown 'mail' 'courier/authlib/authpgsqlrc.dist' maybe chgrp 'mail' 'courier/authlib/authpgsqlrc.dist' maybe chmod 0660 'courier/authlib/authpgsqlrc.dist' -maybe chmod 0640 'courier/authlib/authsqliterc' +maybe chown 'mail' 'courier/authlib/authsqliterc' +maybe chgrp 'mail' 'courier/authlib/authsqliterc' +maybe chmod 0660 'courier/authlib/authsqliterc' maybe chown 'mail' 'courier/authlib/authsqliterc.dist' maybe chgrp 'mail' 'courier/authlib/authsqliterc.dist' maybe chmod 0660 'courier/authlib/authsqliterc.dist' @@ -903,7 +910,9 @@ maybe chmod 0644 'fail2ban/action.d/cloudflare.conf' maybe chmod 0644 'fail2ban/action.d/complain.conf' maybe chmod 0644 'fail2ban/action.d/dshield.conf' maybe chmod 0644 'fail2ban/action.d/dummy.conf' +maybe chmod 0644 'fail2ban/action.d/firewallcmd-allports.conf' maybe chmod 0644 'fail2ban/action.d/firewallcmd-ipset.conf' +maybe chmod 0644 'fail2ban/action.d/firewallcmd-multiport.conf' maybe chmod 0644 'fail2ban/action.d/firewallcmd-new.conf' maybe chmod 0644 'fail2ban/action.d/hostsdeny.conf' maybe chmod 0644 'fail2ban/action.d/ipfilter.conf' @@ -923,12 +932,14 @@ maybe chmod 0644 'fail2ban/action.d/mail-whois-lines.conf' maybe chmod 0644 'fail2ban/action.d/mail-whois.conf' maybe chmod 0644 'fail2ban/action.d/mail.conf' maybe chmod 0644 'fail2ban/action.d/mynetwatchman.conf' +maybe chmod 0644 'fail2ban/action.d/nsupdate.conf' maybe chmod 0644 'fail2ban/action.d/osx-afctl.conf' maybe chmod 0644 'fail2ban/action.d/osx-ipfw.conf' maybe chmod 0644 'fail2ban/action.d/pf.conf' maybe chmod 0644 'fail2ban/action.d/route.conf' maybe chmod 0644 'fail2ban/action.d/sendmail-buffered.conf' maybe chmod 0644 'fail2ban/action.d/sendmail-common.conf' +maybe chmod 0644 'fail2ban/action.d/sendmail-geoip-lines.conf' maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipjailmatches.conf' maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipmatches.conf' maybe chmod 0644 'fail2ban/action.d/sendmail-whois-lines.conf' @@ -948,6 +959,7 @@ maybe chmod 0644 'fail2ban/filter.d/apache-auth.conf' maybe chmod 0644 'fail2ban/filter.d/apache-badbots.conf' maybe chmod 0644 'fail2ban/filter.d/apache-botsearch.conf' maybe chmod 0644 'fail2ban/filter.d/apache-common.conf' +maybe chmod 0644 'fail2ban/filter.d/apache-fakegooglebot.conf' maybe chmod 0644 'fail2ban/filter.d/apache-modsecurity.conf' maybe chmod 0644 'fail2ban/filter.d/apache-nohome.conf' maybe chmod 0644 'fail2ban/filter.d/apache-noscript.conf' @@ -955,6 +967,7 @@ maybe chmod 0644 'fail2ban/filter.d/apache-overflows.conf' maybe chmod 0644 'fail2ban/filter.d/apache-shellshock.conf' maybe chmod 0644 'fail2ban/filter.d/assp.conf' maybe chmod 0644 'fail2ban/filter.d/asterisk.conf' +maybe chmod 0644 'fail2ban/filter.d/botsearch-common.conf' maybe chmod 0644 'fail2ban/filter.d/common.conf' maybe chmod 0644 'fail2ban/filter.d/counter-strike.conf' maybe chmod 0644 'fail2ban/filter.d/courier-auth.conf' @@ -963,6 +976,7 @@ maybe chmod 0644 'fail2ban/filter.d/cyrus-imap.conf' maybe chmod 0644 'fail2ban/filter.d/directadmin.conf' maybe chmod 0644 'fail2ban/filter.d/dovecot.conf' maybe chmod 0644 'fail2ban/filter.d/dropbear.conf' +maybe chmod 0644 'fail2ban/filter.d/drupal-auth.conf' maybe chmod 0644 'fail2ban/filter.d/ejabberd-auth.conf' maybe chmod 0644 'fail2ban/filter.d/exim-common.conf' maybe chmod 0644 'fail2ban/filter.d/exim-spam.conf' @@ -972,12 +986,15 @@ maybe chmod 0644 'fail2ban/filter.d/groupoffice.conf' maybe chmod 0644 'fail2ban/filter.d/gssftpd.conf' maybe chmod 0644 'fail2ban/filter.d/guacamole.conf' maybe chmod 0644 'fail2ban/filter.d/horde.conf' +maybe chmod 0755 'fail2ban/filter.d/ignorecommands' +maybe chmod 0755 'fail2ban/filter.d/ignorecommands/apache-fakegooglebot' maybe chmod 0644 'fail2ban/filter.d/kerio.conf' maybe chmod 0644 'fail2ban/filter.d/lighttpd-auth.conf' maybe chmod 0644 'fail2ban/filter.d/monit.conf' maybe chmod 0644 'fail2ban/filter.d/mysqld-auth.conf' maybe chmod 0644 'fail2ban/filter.d/nagios.conf' maybe chmod 0644 'fail2ban/filter.d/named-refused.conf' +maybe chmod 0644 'fail2ban/filter.d/nginx-botsearch.conf' maybe chmod 0644 'fail2ban/filter.d/nginx-http-auth.conf' maybe chmod 0644 'fail2ban/filter.d/nsd.conf' maybe chmod 0644 'fail2ban/filter.d/openwebmail.conf' @@ -986,6 +1003,7 @@ maybe chmod 0644 'fail2ban/filter.d/pam-generic.conf' maybe chmod 0644 'fail2ban/filter.d/perdition.conf' maybe chmod 0644 'fail2ban/filter.d/php-url-fopen.conf' maybe chmod 0644 'fail2ban/filter.d/portsentry.conf' +maybe chmod 0644 'fail2ban/filter.d/postfix-rbl.conf' maybe chmod 0644 'fail2ban/filter.d/postfix-sasl.conf' maybe chmod 0644 'fail2ban/filter.d/postfix.conf' maybe chmod 0644 'fail2ban/filter.d/proftpd.conf' diff --git a/bash/bashrc b/bash/bashrc index 71fa4c5..d2dc7b7 100644 --- a/bash/bashrc +++ b/bash/bashrc @@ -21,15 +21,23 @@ fi shopt -s checkwinsize # Enable history appending instead of overwriting. #139609 +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 shopt -s histappend # Change the window title of X terminals case ${TERM} in xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + PROMPT_COMMAND='history -a; echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + PROMPT_COMMAND='history -a; echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; + *) + PROMPT_COMMAND='history -a' ;; esac @@ -80,8 +88,12 @@ else fi fi +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + # Try to keep environment pollution down, EPA loves us. -unset use_color safe_term match_lhs +unset use_color safe_term match_lhs sh if [ -d /usr/scripts ] ; then PATH=/usr/scripts:$PATH diff --git a/bash/bashrc.d/.keep_app-shells_bash-0 b/bash/bashrc.d/.keep_app-shells_bash-0 new file mode 100644 index 0000000..e69de29 diff --git a/config-archive/etc/bash/bashrc b/config-archive/etc/bash/bashrc index c5f19a6..71fa4c5 100644 --- a/config-archive/etc/bash/bashrc +++ b/config-archive/etc/bash/bashrc @@ -25,7 +25,7 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) diff --git a/config-archive/etc/bash/bashrc.1 b/config-archive/etc/bash/bashrc.1 index b0904ff..c5f19a6 100644 --- a/config-archive/etc/bash/bashrc.1 +++ b/config-archive/etc/bash/bashrc.1 @@ -25,10 +25,10 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; - screen) + screen*) PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' ;; esac @@ -69,6 +69,8 @@ if ${use_color} ; then alias ls='ls --color=auto' alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' else if [[ ${EUID} == 0 ]] ; then # show root@ when we don't have colors diff --git a/config-archive/etc/bash/bashrc.2 b/config-archive/etc/bash/bashrc.2 index cb99ed9..b0904ff 100644 --- a/config-archive/etc/bash/bashrc.2 +++ b/config-archive/etc/bash/bashrc.2 @@ -91,9 +91,21 @@ if [ -d $HOME/bin ] ; then export PATH fi -if [ -d $HOME/lib ] ; then - PERL5LIB=$HOME/lib - export PERL5LIB +if [ -d "$HOME/lib" ] ; then + if [ -d "$HOME/lib/perl" ] ; then + if [ -z "${PERL5LIB}" ] ; then + export PERL5LIB="$HOME/lib/perl" + else + export PERL5LIB="$HOME/lib/perl:${PERL5LIB}" + fi + fi + if [ -d "$HOME/lib/python" ] ; then + if [ -z "${PYTHONPATH}" ] ; then + export PYTHONPATH="$HOME/lib/python" + else + export PYTHONPATH="$HOME/lib/python:${PYTHONPATH}" + fi + fi fi #if [[ ${EUID} == 0 ]] ; then @@ -139,8 +151,7 @@ if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -if [ -f /etc/profile.d/bash-completion ]; then - . /etc/profile.d/bash-completion +if [ -e /etc/bash_completion.d/git ] ; then if [[ ${EUID} == 0 ]] ; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' else diff --git a/config-archive/etc/bash/bashrc.3 b/config-archive/etc/bash/bashrc.3 new file mode 100644 index 0000000..cb99ed9 --- /dev/null +++ b/config-archive/etc/bash/bashrc.3 @@ -0,0 +1,152 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Enable history appending instead of overwriting. #139609 +shopt -s histappend + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]' + else + #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]' + fi + + alias ls='ls --color=auto' + alias grep='grep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1='\u@\h \W \$ ' + else + PS1='\u@\h \w \$ ' + fi +fi + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs + +if [ -d /usr/scripts ] ; then + PATH=/usr/scripts:$PATH + export PATH +fi + +if [ -d $HOME/bin ] ; then + PATH=$PATH:$HOME/bin + export PATH +fi + +if [ -d $HOME/lib ] ; then + PERL5LIB=$HOME/lib + export PERL5LIB +fi + +#if [[ ${EUID} == 0 ]] ; then +# alias ll="ls -lA" +#else +# alias ll="ls -l" +#fi +alias l="ls -l" +alias ll="ls -lA" +alias la="ls -la" +alias md=mkdir +alias rd=rmdir +alias ..='cd ..' +alias ...='cd ../..' +alias cd..='cd ..' +alias cd...='cd ../..' +alias pl="ps -fu $(whoami)" + +lcd() { + cd $( perl -e ' +use strict; +use Cwd; +my $new = shift; +my $cwd = Cwd::abs_path(getcwd()); +my $newa = $cwd; +if ($new){ + $newa = Cwd::abs_path($new); + $newa = $cwd unless $newa; +}; +printf("%s\n", $newa); +' $1 ) +} + +export LESS="-R -M -I --shift 5" +export LESSCHARSET="utf-8" + +HISTCONTROL=ignoreboth +HISTSIZE=50000 +HISTFILESIZE=50000 +HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' + +if [ -f /usr/share/mc/mc.gentoo ]; then + . /usr/share/mc/mc.gentoo +fi + +if [ -f /etc/profile.d/bash-completion ]; then + . /etc/profile.d/bash-completion + if [[ ${EUID} == 0 ]] ; then + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' + else + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]' + fi +fi + + +# vim: ts=4 expandtab diff --git a/config-archive/etc/bash/bashrc.dist.new b/config-archive/etc/bash/bashrc.dist.new new file mode 100644 index 0000000..7006bf9 --- /dev/null +++ b/config-archive/etc/bash/bashrc.dist.new @@ -0,0 +1,102 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 +shopt -s histappend + +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +#PROMPT_COMMAND='history -a' + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + PS1='\[\033]0;\u@\h:\w\007\]' + ;; + screen*) + PS1='\[\033k\u@\h:\w\033\\\]' + ;; + *) + unset PS1 + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + else + PS1+='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + fi + + alias ls='ls --color=auto' + alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1+='\u@\h \W \$ ' + else + PS1+='\u@\h \w \$ ' + fi +fi + +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs sh diff --git a/config-archive/etc/fail2ban/fail2ban.conf b/config-archive/etc/fail2ban/fail2ban.conf index f43afad..550b404 100644 --- a/config-archive/etc/fail2ban/fail2ban.conf +++ b/config-archive/etc/fail2ban/fail2ban.conf @@ -6,20 +6,22 @@ # file, but provide customizations in fail2ban.local file, e.g.: # # [Definition] -# loglevel = 4 +# loglevel = DEBUG # [Definition] # Option: loglevel # Notes.: Set the log level output. -# 1 = ERROR -# 2 = WARN -# 3 = INFO -# 4 = DEBUG -# Values: [ NUM ] Default: 1 +# CRITICAL +# ERROR +# WARNING +# NOTICE +# INFO +# DEBUG +# Values: [ LEVEL ] Default: ERROR # -loglevel = 3 +loglevel = INFO # Option: logtarget # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. @@ -47,4 +49,17 @@ socket = /run/fail2ban/fail2ban.sock # pidfile = /run/fail2ban/fail2ban.pid +# Options: dbfile +# Notes.: Set the file for the fail2ban persistent data to be stored. +# A value of ":memory:" means database is only stored in memory +# and data is lost when fail2ban is stopped. +# A value of "None" disables the database. +# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3 +dbfile = /var/lib/fail2ban/fail2ban.sqlite3 + +# Options: dbpurgeage +# Notes.: Sets age at which bans should be purged from the database +# Values: [ SECONDS ] Default: 86400 (24hours) +dbpurgeage = 86400 + # vim: filetype=dosini diff --git a/config-archive/etc/fail2ban/fail2ban.conf.1 b/config-archive/etc/fail2ban/fail2ban.conf.1 new file mode 100644 index 0000000..f43afad --- /dev/null +++ b/config-archive/etc/fail2ban/fail2ban.conf.1 @@ -0,0 +1,50 @@ +# Fail2Ban main configuration file +# +# Comments: use '#' for comment lines and ';' (following a space) for inline comments +# +# Changes: in most of the cases you should not modify this +# file, but provide customizations in fail2ban.local file, e.g.: +# +# [Definition] +# loglevel = 4 +# + +[Definition] + +# Option: loglevel +# Notes.: Set the log level output. +# 1 = ERROR +# 2 = WARN +# 3 = INFO +# 4 = DEBUG +# Values: [ NUM ] Default: 1 +# +loglevel = 3 + +# Option: logtarget +# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. +# Only one log target can be specified. +# If you change logtarget from the default value and you are +# using logrotate -- also adjust or disable rotation in the +# corresponding configuration file +# (e.g. /etc/logrotate.d/fail2ban on Debian systems) +# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR +# +logtarget = /var/log/fail2ban.log + +# Option: socket +# Notes.: Set the socket file. This is used to communicate with the daemon. Do +# not remove this file when Fail2ban runs. It will not be possible to +# communicate with the server afterwards. +# Values: [ FILE ] Default: /run/fail2ban/fail2ban.sock +# +socket = /run/fail2ban/fail2ban.sock + +# Option: pidfile +# Notes.: Set the PID file. This is used to store the process ID of the +# fail2ban server. +# Values: [ FILE ] Default: /run/fail2ban/fail2ban.pid +# +pidfile = /run/fail2ban/fail2ban.pid + +# vim: filetype=dosini diff --git a/config-archive/etc/fail2ban/fail2ban.conf.dist b/config-archive/etc/fail2ban/fail2ban.conf.dist index 2ad9fe7..b721a72 100644 --- a/config-archive/etc/fail2ban/fail2ban.conf.dist +++ b/config-archive/etc/fail2ban/fail2ban.conf.dist @@ -34,6 +34,12 @@ loglevel = INFO # logtarget = /var/log/fail2ban.log +# Option: syslogsocket +# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG +# auto uses platform.system() to determine predefined paths +# Values: [ auto | FILE ] Default: auto +syslogsocket = auto + # Option: socket # Notes.: Set the socket file. This is used to communicate with the daemon. Do # not remove this file when Fail2ban runs. It will not be possible to diff --git a/courier/authlib/authdaemonrc b/courier/authlib/authdaemonrc index 4b758be..5bd2a35 100644 --- a/courier/authlib/authdaemonrc +++ b/courier/authlib/authdaemonrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ +##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authdaemonrc.dist b/courier/authlib/authdaemonrc.dist index 4645640..abdebbd 100644 --- a/courier/authlib/authdaemonrc.dist +++ b/courier/authlib/authdaemonrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ +##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authldaprc b/courier/authlib/authldaprc index 6ff1d1b..812c6f9 100644 --- a/courier/authlib/authldaprc +++ b/courier/authlib/authldaprc @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ +##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. @@ -67,6 +67,15 @@ LDAP_TIMEOUT 5 # # LDAP_AUTHBIND 1 +##NAME: LDAP_INITBIND:1 +# +# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. +# If your LDAP server allows access without a bind, or you want to authenticate +# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and +# need not write the LDAP-Admin passwort into this file. +# +LDAP_INITBIND 1 + ##NAME: LDAP_MAIL:0 # # Here's the field on which we query diff --git a/courier/authlib/authldaprc.dist b/courier/authlib/authldaprc.dist index 6ff1d1b..812c6f9 100644 --- a/courier/authlib/authldaprc.dist +++ b/courier/authlib/authldaprc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ +##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. @@ -67,6 +67,15 @@ LDAP_TIMEOUT 5 # # LDAP_AUTHBIND 1 +##NAME: LDAP_INITBIND:1 +# +# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. +# If your LDAP server allows access without a bind, or you want to authenticate +# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and +# need not write the LDAP-Admin passwort into this file. +# +LDAP_INITBIND 1 + ##NAME: LDAP_MAIL:0 # # Here's the field on which we query diff --git a/eselect/postgresql/slots/9.4/base b/eselect/postgresql/slots/9.4/base index 50337b4..ae9c580 100644 --- a/eselect/postgresql/slots/9.4/base +++ b/eselect/postgresql/slots/9.4/base @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.1" +postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.2" diff --git a/fail2ban/action.d/badips.py b/fail2ban/action.d/badips.py index 250b1dc..c2a239f 100644 --- a/fail2ban/action.d/badips.py +++ b/fail2ban/action.d/badips.py @@ -111,6 +111,8 @@ class BadIPsAction(ActionBase): ------ HTTPError Any issues with badips.com request. + ValueError + If badips.com response didn't contain necessary information """ try: response = urlopen( @@ -122,7 +124,13 @@ class BadIPsAction(ActionBase): messages['err']) raise else: - categories = json.loads(response.read().decode('utf-8'))['categories'] + response_json = json.loads(response.read().decode('utf-8')) + if not 'categories' in response_json: + err = "badips.com response lacked categories specification. Response was: %s" \ + % (response_json,) + self._logSys.error(err) + raise ValueError(err) + categories = response_json['categories'] categories_names = set( value['Name'] for value in categories) if incParents: diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf index 475d247..d7e5e1b 100644 --- a/fail2ban/action.d/bsd-ipfw.conf +++ b/fail2ban/action.d/bsd-ipfw.conf @@ -38,7 +38,7 @@ actioncheck = # Values: CMD # # requires an ipfw rule like "deny ip from table(1) to me" -actionban = ipfw table add +actionban = e=`ipfw table
add 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || { echo "$e" 1>&2; exit $x; } # Option: actionunban @@ -47,7 +47,7 @@ actionban = ipfw table
add # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = ipfw table
delete +actionunban = e=`ipfw table
delete 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || { echo "$e" 1>&2; exit $x; } [Init] # Option: table diff --git a/fail2ban/action.d/firewallcmd-allports.conf b/fail2ban/action.d/firewallcmd-allports.conf new file mode 100644 index 0000000..ec52bab --- /dev/null +++ b/fail2ban/action.d/firewallcmd-allports.conf @@ -0,0 +1,53 @@ +# Fail2Ban configuration file +# +# Author: Donald Yandt +# Because of the --remove-rules in stop this action requires firewalld-0.3.8+ + + +[INCLUDES] + +before = iptables-blocktype.conf + +[Definition] + +actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- + firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN + firewall-cmd --direct --add-rule ipv4 filter 0 -j f2b- + +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -j f2b- + firewall-cmd --direct --remove-rules ipv4 filter f2b- + firewall-cmd --direct --remove-chain ipv4 filter f2b- + + +# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$' + +actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' + +actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j + +actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j + +[Init] + +# Default name of the chain +# +name = default + +chain = INPUT_direct + +# DEV NOTES: +# +# Author: Donald Yandt +# Uses "FirewallD" instead of the "iptables daemon". +# +# +# Output: + +# actionstart: +# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive +# success +# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN +# success +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive +# success + diff --git a/fail2ban/action.d/firewallcmd-multiport.conf b/fail2ban/action.d/firewallcmd-multiport.conf new file mode 100644 index 0000000..4d806e6 --- /dev/null +++ b/fail2ban/action.d/firewallcmd-multiport.conf @@ -0,0 +1,63 @@ +# Fail2Ban configuration file +# +# Author: Donald Yandt +# Because of the --remove-rules in stop this action requires firewalld-0.3.8+ + +[INCLUDES] + +before = iptables-blocktype.conf + +[Definition] + +actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- + firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN + firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- + +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- + firewall-cmd --direct --remove-rules ipv4 filter f2b- + firewall-cmd --direct --remove-chain ipv4 filter f2b- + +# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' + +actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' + +actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j + +actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j + +[Init] + +# Default name of the chain +name = default + +chain = INPUT_direct + +# Could also use port numbers separated by a comma. +port = 1:65535 + + +# Option: protocol +# Values: [ tcp | udp | icmp | all ] + +protocol = tcp + + + +# DEV NOTES: +# +# Author: Donald Yandt +# Uses "FirewallD" instead of the "iptables daemon". +# +# +# Output: +# actionstart: +# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity +# success +# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN +# success +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity +# success +# actioncheck: +# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' +# f2b-apache-modsecurity + diff --git a/fail2ban/action.d/firewallcmd-new.conf b/fail2ban/action.d/firewallcmd-new.conf index 9754e3f..ac72a68 100644 --- a/fail2ban/action.d/firewallcmd-new.conf +++ b/fail2ban/action.d/firewallcmd-new.conf @@ -10,9 +10,9 @@ before = iptables-common.conf actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN - firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- + firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- -actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- firewall-cmd --direct --remove-rules ipv4 filter f2b- firewall-cmd --direct --remove-chain ipv4 filter f2b- @@ -43,7 +43,7 @@ chain = INPUT_direct # success # $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN # success -# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name # success # $ firewall-cmd --direct --get-chains ipv4 filter # fail2ban-name diff --git a/fail2ban/action.d/mail-whois-lines.conf b/fail2ban/action.d/mail-whois-lines.conf index aa7d095..5f760ac 100644 --- a/fail2ban/action.d/mail-whois-lines.conf +++ b/fail2ban/action.d/mail-whois-lines.conf @@ -42,7 +42,7 @@ actionban = printf %%b "Hi,\n Here is more information about :\n `whois || echo missing whois program`\n\n Lines containing IP: in \n - `grep '[^0-9][^0-9]' `\n\n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] : banned from `uname -n`" diff --git a/fail2ban/action.d/nsupdate.conf b/fail2ban/action.d/nsupdate.conf new file mode 100644 index 0000000..7886825 --- /dev/null +++ b/fail2ban/action.d/nsupdate.conf @@ -0,0 +1,114 @@ +# Fail2Ban configuration file +# +# Author: Andrew St. Jean +# +# Use nsupdate to perform dynamic DNS updates on a BIND zone file. +# One may want to do this to update a local RBL with banned IP addresses. +# +# Options +# +# domain DNS domain that will appear in nsupdate add and delete +# commands. +# +# ttl The time to live (TTL) in seconds of the TXT resource +# record. +# +# rdata Data portion of the TXT resource record. +# +# nsupdatecmd Full path to the nsupdate command. +# +# keyfile Full path to TSIG key file used for authentication between +# nsupdate and BIND. +# +# Create an nsupdate.local to set at least the and +# options as they don't have default values. +# +# The ban and unban commands assume nsupdate will authenticate to the BIND +# server using a TSIG key. The full path to the key file must be specified +# in the parameter. Use this command to generate your TSIG key. +# +# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST +# +# Replace with some meaningful name. +# +# This command will generate two files. Specify the .private file in the +# option. Note that the .key file must also be present in the same +# directory for nsupdate to use the key. +# +# Don't forget to add the key and appropriate allow-update or update-policy +# option to your named.conf file. +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = echo | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". IN TXT \"\""; print "send"}' | -k + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = echo | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | -k + +[Init] + +# Option: domain +# Notes.: DNS domain that nsupdate will update. +# Values: STRING +# +domain = + +# Option: ttl +# Notes.: time to live (TTL) in seconds of TXT resource record +# added by nsupdate. +# Values: NUM +# +ttl = 60 + +# Option: rdata +# Notes.: data portion of the TXT resource record added by nsupdate. +# Values: STRING +# +rdata = Your IP has been banned + +# Option: nsupdatecmd +# Notes.: specifies the full path to the nsupdate program that dynamically +# updates BIND zone files. +# Values: CMD +# +nsupdatecmd = /usr/bin/nsupdate + +# Option: keyfile +# Notes.: specifies the full path to the file containing the +# TSIG key for communicating with BIND. +# Values: STRING +# +keyfile = + diff --git a/fail2ban/action.d/sendmail-common.conf b/fail2ban/action.d/sendmail-common.conf index 26dcb4c..af0212b 100644 --- a/fail2ban/action.d/sendmail-common.conf +++ b/fail2ban/action.d/sendmail-common.conf @@ -15,7 +15,7 @@ after = sendmail-common.local # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] : started on `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n @@ -28,7 +28,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on `uname -n` # Values: CMD # actionstop = printf %%b "Subject: [Fail2Ban] : stopped on `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/sendmail-geoip-lines.conf b/fail2ban/action.d/sendmail-geoip-lines.conf new file mode 100644 index 0000000..4225a3e --- /dev/null +++ b/fail2ban/action.d/sendmail-geoip-lines.conf @@ -0,0 +1,49 @@ +# Fail2Ban configuration file +# +# Author: Viktor Szépe +# +# + +[INCLUDES] + +before = sendmail-common.conf + +[Definition] + +# Option: actionban +# Notes.: Command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# You need to install geoiplookup and the GeoLite or GeoIP databases. +# (geoip-bin and geoip-database in Debian) +# The host command comes from bind9-host package. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n\n + Here is more information about :\n + http://bgp.he.net/ip/ + http://www.projecthoneypot.org/ip_ + http://whois.domaintools.com/\n\n + Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "" | cut -d':' -f2-` + AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d':' -f2-` + hostname: `host -t A 2>&1`\n\n + Lines containing IP: in \n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +[Init] + +# Default name of the chain +# +name = default + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null diff --git a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf index 45b1f31..9c32f41 100644 --- a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf +++ b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches for with failures IP:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois-ipmatches.conf b/fail2ban/action.d/sendmail-whois-ipmatches.conf index 8193fb0..8c07454 100644 --- a/fail2ban/action.d/sendmail-whois-ipmatches.conf +++ b/fail2ban/action.d/sendmail-whois-ipmatches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches with failures IP:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois-lines.conf b/fail2ban/action.d/sendmail-whois-lines.conf index 270373e..135632c 100644 --- a/fail2ban/action.d/sendmail-whois-lines.conf +++ b/fail2ban/action.d/sendmail-whois-lines.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n @@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Here is more information about :\n `/usr/bin/whois || echo missing whois program`\n\n Lines containing IP: in \n - `grep '[^0-9][^0-9]' `\n\n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f diff --git a/fail2ban/action.d/sendmail-whois-matches.conf b/fail2ban/action.d/sendmail-whois-matches.conf index ed66476..64bac3e 100644 --- a/fail2ban/action.d/sendmail-whois-matches.conf +++ b/fail2ban/action.d/sendmail-whois-matches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois.conf b/fail2ban/action.d/sendmail-whois.conf index fc60127..9403a38 100644 --- a/fail2ban/action.d/sendmail-whois.conf +++ b/fail2ban/action.d/sendmail-whois.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/sendmail.conf b/fail2ban/action.d/sendmail.conf index 46050e1..4b088dc 100644 --- a/fail2ban/action.d/sendmail.conf +++ b/fail2ban/action.d/sendmail.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/ufw.conf b/fail2ban/action.d/ufw.conf index 04b8b32..d2f731f 100644 --- a/fail2ban/action.d/ufw.conf +++ b/fail2ban/action.d/ufw.conf @@ -13,9 +13,11 @@ actionstop = actioncheck = -actionban = [ -n "" ] && app="app " ; ufw insert from to $app +actionban = [ -n "" ] && app="app " + ufw insert from to $app -actionunban = [ -n "" ] && app="app " ; ufw delete from to $app +actionunban = [ -n "" ] && app="app " + ufw delete from to $app [Init] # Option: insertpos diff --git a/fail2ban/action.d/xarf-login-attack.conf b/fail2ban/action.d/xarf-login-attack.conf index 6d6a74f..19b3167 100644 --- a/fail2ban/action.d/xarf-login-attack.conf +++ b/fail2ban/action.d/xarf-login-attack.conf @@ -46,7 +46,7 @@ actionban = oifs=${IFS}; IFS=.;SEP_IP=( ); set -- ${SEP_IP}; ADDRESSES=$(di REPORTID=