wok rev 13258

fail2ban: add apache-noscript & apache-proxy
author Pascal Bellard <pascal.bellard@slitaz.org>
date Fri Aug 17 14:50:02 2012 +0200 (2012-08-17)
parents 585734d0d3e1
children 83db47742d2a
files fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/apache-noscript.conf fail2ban/stuff/etc/fail2ban/filter.d/apache-proxy.conf qemacs-tiny/receipt
line diff
     1.1 --- a/fail2ban/receipt	Fri Aug 17 12:21:42 2012 +0200
     1.2 +++ b/fail2ban/receipt	Fri Aug 17 14:50:02 2012 +0200
     1.3 @@ -30,11 +30,31 @@
     1.4  	sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
     1.5  		-e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
     1.6  	cat >> $fs/etc/fail2ban/jail.conf <<EOT
     1.7 +[apache-noscript]
     1.8 +
     1.9 +enabled  = false
    1.10 +port     = http,https
    1.11 +filter   = apache-noscript
    1.12 +action   = iptables-allports[name=APACHE-NOSCRIPT]
    1.13 +logpath  = /var/log/apache/*errors
    1.14 +maxretry = 2
    1.15 +
    1.16 +[apache-proxy]
    1.17 +
    1.18 +enabled  = false
    1.19 +port     = http,https
    1.20 +filter   = apache-proxy
    1.21 +action   = iptables-allports[name=APACHE-PROXY]
    1.22 +logpath  = /var/log/apache/*access
    1.23 +bantime  = 172800
    1.24 +maxretry = 2
    1.25 +
    1.26  [lighttpd-fastcgi]
    1.27  
    1.28  enabled  = false
    1.29  port     = http,https
    1.30  filter   = lighttpd-fastcgi
    1.31 +action   = iptables-allports[name=LIGHTTPD-FASTCGI]
    1.32  logpath  = /var/log/lighttpd/*error*.log
    1.33  maxretry = 2
    1.34  

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-noscript.conf	Fri Aug 17 14:50:02 2012 +0200
     2.3 @@ -0,0 +1,24 @@
     2.4 +# Fail2Ban configuration file
     2.5 +#
     2.6 +# Author: Cyril Jaquier
     2.7 +#
     2.8 +# $Revision: 658 $
     2.9 +#
    2.10 +
    2.11 +[Definition]
    2.12 +
    2.13 +# Option:  failregex
    2.14 +# Notes.:  regex to match the password failure messages in the logfile. The
    2.15 +#          host must be matched by a group named "host". The tag "<HOST>" can
    2.16 +#          be used for standard IP/hostname matching and is only an alias for
    2.17 +#          (?:::f{4,6}:)?(?P<host>\S+)
    2.18 +# Values:  TEXT
    2.19 +#
    2.20 +failregex = [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl)
    2.21 +            [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): [^.]*$
    2.22 +
    2.23 +# Option:  ignoreregex
    2.24 +# Notes.:  regex to ignore. If this regex matches, the line is ignored.
    2.25 +# Values:  TEXT
    2.26 +#
    2.27 +ignoreregex = 

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-proxy.conf	Fri Aug 17 14:50:02 2012 +0200
     3.3 @@ -0,0 +1,21 @@
     3.4 +# Fail2Ban configuration file
     3.5 +#
     3.6 +# Author: James Roe
     3.7 +#
     3.8 +
     3.9 +[Definition]
    3.10 +
    3.11 +# Option:  failregex
    3.12 +# Notes.:  regex to match the password failure messages in the logfile. The
    3.13 +#          host must be matched by a group named "host". The tag "<HOST>" can
    3.14 +#          be used for standard IP/hostname matching and is only an alias for
    3.15 +#          (?:::f{4,6}:)?(?P<host>\S+)
    3.16 +# Values:  TEXT
    3.17 +#
    3.18 +failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>)
    3.19 +
    3.20 +# Option:  ignoreregex
    3.21 +# Notes.:  regex to ignore. If this regex matches, the line is ignored.
    3.22 +# Values:  TEXT
    3.23 +#
    3.24 +ignoreregex = 

     4.1 --- a/qemacs-tiny/receipt	Fri Aug 17 12:21:42 2012 +0200
     4.2 +++ b/qemacs-tiny/receipt	Fri Aug 17 14:50:02 2012 +0200
     4.3 @@ -18,18 +18,7 @@
     4.4  compile_rules()
     4.5  {
     4.6  	cd $src
     4.7 -
     4.8 -	# quick fix for variable 'XXX' set but not used [-Werror=unused-but-set-variable]
     4.9 -	sed -i	-e 's/int count,/int count=count,/' \
    4.10 -		-e 's/ line_count,/ line_count=line_count,/' \
    4.11 -		-e 's/int len;/int len=len;/' \
    4.12 -		-e 's/EditState \*e;/EditState *e=e;/' \
    4.13 -		-e 's/int err,/int err=err,/' qe.c
    4.14 -	sed -i 's/size_start,/size_start=size_start,/' buffer.c
    4.15 -	sed -i 's/stack_ptr = 0;/&; stack[0] = stack[0];/' clang.c
    4.16 -	sed -i 's/len, offset1/len=len, offset1/' latex-mode.c
    4.17 -	sed -i 's/len1, len2/len1=len1, len2=len2/' dired.c
    4.18 -	
    4.19 +	export CFLAGS="-Wno-error=unused-but-set-variable"
    4.20  	sed -i 's/\(define SAVED_DATA_SIZE \).*/\1 __builtin_offsetof(EditState,end_of_saved_data)/' qe.h
    4.21  	./configure --prefix=/usr --enable-tiny && make qe
    4.22  }