From c4024a7e6a2484ede53326297abc10757b008a4b Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 21 Oct 2014 15:32:32 +0300 Subject: [PATCH] firewall configs --- install/debian/fail2ban.action.conf | 10 ++++++++ install/debian/fail2ban.filter.conf | 10 ++++++++ install/debian/fail2ban.jail.conf | 39 +++++++++++++++++++++++++++++ install/debian/firewall/ports.conf | 13 ++++++++++ install/debian/firewall/rules.conf | 10 ++++++++ install/rhel/fail2ban.jail.conf | 2 +- install/ubuntu/fail2ban.action.conf | 10 ++++++++ install/ubuntu/fail2ban.filter.conf | 10 ++++++++ install/ubuntu/fail2ban.jail.conf | 39 +++++++++++++++++++++++++++++ install/ubuntu/firewall/ports.conf | 13 ++++++++++ install/ubuntu/firewall/rules.conf | 10 ++++++++ 11 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 install/debian/fail2ban.action.conf create mode 100644 install/debian/fail2ban.filter.conf create mode 100644 install/debian/fail2ban.jail.conf create mode 100644 install/debian/firewall/ports.conf create mode 100644 install/debian/firewall/rules.conf create mode 100644 install/ubuntu/fail2ban.action.conf create mode 100644 install/ubuntu/fail2ban.filter.conf create mode 100644 install/ubuntu/fail2ban.jail.conf create mode 100644 install/ubuntu/firewall/ports.conf create mode 100644 install/ubuntu/firewall/rules.conf diff --git a/install/debian/fail2ban.action.conf b/install/debian/fail2ban.action.conf new file mode 100644 index 000000000..2779d9f0c --- /dev/null +++ b/install/debian/fail2ban.action.conf @@ -0,0 +1,10 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban + diff --git a/install/debian/fail2ban.filter.conf b/install/debian/fail2ban.filter.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/debian/fail2ban.filter.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/fail2ban.jail.conf b/install/debian/fail2ban.jail.conf new file mode 100644 index 000000000..9844da0b6 --- /dev/null +++ b/install/debian/fail2ban.jail.conf @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/secure +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim/main.log + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysqld.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/firewall/ports.conf b/install/debian/firewall/ports.conf new file mode 100644 index 000000000..8a11d622b --- /dev/null +++ b/install/debian/firewall/ports.conf @@ -0,0 +1,13 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8083' diff --git a/install/debian/firewall/rules.conf b/install/debian/firewall/rules.conf new file mode 100644 index 000000000..cfa7d8680 --- /dev/null +++ b/install/debian/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/rhel/fail2ban.jail.conf b/install/rhel/fail2ban.jail.conf index c5c6c94bd..9844da0b6 100644 --- a/install/rhel/fail2ban.jail.conf +++ b/install/rhel/fail2ban.jail.conf @@ -25,7 +25,7 @@ action = vesta[name=MAIL] logpath = /var/log/dovecot.log [mysqld-iptables] -enabled = true +enabled = false filter = mysqld-auth action = vesta[name=DB] logpath = /var/log/mysqld.log diff --git a/install/ubuntu/fail2ban.action.conf b/install/ubuntu/fail2ban.action.conf new file mode 100644 index 000000000..2779d9f0c --- /dev/null +++ b/install/ubuntu/fail2ban.action.conf @@ -0,0 +1,10 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban + diff --git a/install/ubuntu/fail2ban.filter.conf b/install/ubuntu/fail2ban.filter.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/fail2ban.filter.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/fail2ban.jail.conf b/install/ubuntu/fail2ban.jail.conf new file mode 100644 index 000000000..9844da0b6 --- /dev/null +++ b/install/ubuntu/fail2ban.jail.conf @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/secure +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim/main.log + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysqld.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/firewall/ports.conf b/install/ubuntu/firewall/ports.conf new file mode 100644 index 000000000..8a11d622b --- /dev/null +++ b/install/ubuntu/firewall/ports.conf @@ -0,0 +1,13 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8083' diff --git a/install/ubuntu/firewall/rules.conf b/install/ubuntu/firewall/rules.conf new file mode 100644 index 000000000..cfa7d8680 --- /dev/null +++ b/install/ubuntu/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'