add filter and jail fail2ban

99a395b6 · Elian Loraux · b41eea68 · 99a395b6 · 99a395b6
Commit 99a395b6 authored 3 months ago by Elian Loraux
--- a/fail2ban/dolibarr_filter.conf
+++ b/fail2ban/dolibarr_filter.conf
+# Fail2Ban configuration file
+#
+# Regexp to detect try to check a couple login/password so we can add mitigation
+# on IP making too much tries.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
+#
+# then
+# fail2ban-client status web-dolibarr-rulesbruteforce
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched
+
+#failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
+failregex = ^.*NOTICE\s+<HOST>\s+\d+\s+\d+\s+functions_[^\s]+::check_user_[^\s]+ Authentication KO
+ignoreregex =
--- a/fail2ban/dolibarr_jail.conf
+++ b/fail2ban/dolibarr_jail.conf
+[dolibarr]
+enabled = true
+filter = dolibarr
+logpath = LOG_PATH
+chain = DOCKER-USER
+port = http,https
+findtime = 130m
+banaction = docker-page
+maxretry = 5