Hannes Van de Vel hannesbe

## csf.conf
# fail2ban action config for csf deny / unblock IP
# /etc/fail2ban/action.d/csf.conf

[Definition]
actionstart =
actionstop =
actioncheck =

# to deny an IP and add to /etc/csf/csf.deny
actionban = csf -d <ip> added by fail2ban for <name>

## apache-wp-login.conf
# fail2ban Apache log filter for WordPress failed logins / brute force attacks
# Location in CentOS/EL7 : /etc/fail2ban/filter.d/apache-wp-login.conf

[INCLUDES]
before = common.conf

[Definition]
_daemon = wordpress
failregex = ^<HOST>.*].*POST.*/wp-login\.php HTTP.*
ignoreregex =

## jail.local
# fail2ban local jail config
# /etc/fail2ban/jail.local
# jail.conf should not be modified, put overrides to jail.conf in jail.local

# enable sshd jail
[sshd]
enabled = true

# enable recidive jail to permanently ban recidives
[recidive]

## fail2ban-firewalld-install.sh
#!/bin/sh
#
# Shell script to install & configure fail2ban with firewalld actions
# Just one command to install & configure in a few seconds.
# CentOS/EL7+ required.
#
# Run this command to execute the script in one go
# curl -sSL https://gist.github.com/hannesbe/719c03d85134f8e9df5c/raw/fail2ban-firewalld-install.sh | bash -s
#
set -e

## fail2ban-apache-wp-jail-install.sh
#!/bin/sh
#
# Shell script to configure fail2ban to ban
# brute force attacks on all Wordpress sites server-wide
# If fail2ban is not yet installed, it will be installed and configured first.
# Apache logfiles are monitored for attacks. If you're on Plesk all vhosts' logs
# are monitored as well. Plesk's integration with fail2ban is only available on Plesk 12+.
# This configuration should work for any Apache or Plesk setup, as long as access logs are available.
# CentOS/EL7+ required.
#

## apache-wp.conf
# fail2ban Apache jail for WordPress failed logins / brute force attacks
# Location in CentOS/EL7 : /etc/fail2ban/jail.d/apache-wp.conf
# 86400 = 24h, 21600 = 6h, 3600 = 1h

[apache-wp-xmlrpc]
enabled  = false
filter   = apache-wp-xmlrpc
port     = http,https
logpath  = /var/www/vhosts/*/logs/*access*log
           /var/log/httpd/*access*_log

## fail2ban-csf-install.sh
#!/bin/sh
#
# Shell script to install & configure fail2ban with firewalld actions
# Just one command to install & configure in a few seconds.
# CentOS/EL7+ required.
#
# Run this command to execute the script in one go
# curl -sSL https://gist.github.com/hannesbe/893476e23e637701fd88/raw/fail2ban-csf-install.sh | bash -s
#
set -e

## fail2ban-allstatus.sh
#!/bin/bash

JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
  fail2ban-client status $JAIL
done

## csf-install.sh
#!/bin/bash

#
# <c> Copyright 2012 SolidShellSecurity, LLC
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#

## mage-centos-fix-TLS-error.sh
#!/bin/bash
sed -i '377s#.*#// $this->curlOption(CURLOPT_SSL_CIPHER_LIST, ''TLSv1'');#' downloader/lib/Mage/HTTP/Client/Curl.php
	# fail2ban action config for csf deny / unblock IP
	# /etc/fail2ban/action.d/csf.conf

	[Definition]
	actionstart =
	actionstop =
	actioncheck =

	# to deny an IP and add to /etc/csf/csf.deny
	actionban = csf -d <ip> added by fail2ban for <name>
	# fail2ban Apache log filter for WordPress failed logins / brute force attacks
	# Location in CentOS/EL7 : /etc/fail2ban/filter.d/apache-wp-login.conf

	[INCLUDES]
	before = common.conf

	[Definition]
	_daemon = wordpress
	failregex = ^<HOST>.].POST./wp-login\.php HTTP.
	ignoreregex =
	# fail2ban local jail config
	# /etc/fail2ban/jail.local
	# jail.conf should not be modified, put overrides to jail.conf in jail.local

	# enable sshd jail
	[sshd]
	enabled = true

	# enable recidive jail to permanently ban recidives
	[recidive]
	#!/bin/sh
	#
	# Shell script to install & configure fail2ban with firewalld actions
	# Just one command to install & configure in a few seconds.
	# CentOS/EL7+ required.
	#
	# Run this command to execute the script in one go
	# curl -sSL https://gist.github.com/hannesbe/719c03d85134f8e9df5c/raw/fail2ban-firewalld-install.sh \| bash -s
	#
	set -e
	#!/bin/sh
	#
	# Shell script to configure fail2ban to ban
	# brute force attacks on all Wordpress sites server-wide
	# If fail2ban is not yet installed, it will be installed and configured first.
	# Apache logfiles are monitored for attacks. If you're on Plesk all vhosts' logs
	# are monitored as well. Plesk's integration with fail2ban is only available on Plesk 12+.
	# This configuration should work for any Apache or Plesk setup, as long as access logs are available.
	# CentOS/EL7+ required.
	#
	# fail2ban Apache jail for WordPress failed logins / brute force attacks
	# Location in CentOS/EL7 : /etc/fail2ban/jail.d/apache-wp.conf
	# 86400 = 24h, 21600 = 6h, 3600 = 1h

	[apache-wp-xmlrpc]
	enabled = false
	filter = apache-wp-xmlrpc
	port = http,https
	logpath = /var/www/vhosts//logs/access*log
	/var/log/httpd/access_log
	#!/bin/bash

	JAILS=`fail2ban-client status \| grep "Jail list" \| sed -E 's/^[^:]+:[ \t]+//' \| sed 's/,//g'`
	for JAIL in $JAILS
	do
	fail2ban-client status $JAIL
	done
	#!/bin/bash

	#
	# <c> Copyright 2012 SolidShellSecurity, LLC
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	#!/bin/bash
	sed -i '377s#.*#// $this->curlOption(CURLOPT_SSL_CIPHER_LIST, ''TLSv1'');#' downloader/lib/Mage/HTTP/Client/Curl.php