Merge branch 'fail2ban' into 'master'

Fail2ban See merge request !3

Merge branch 'fail2ban' into 'master'
9a65746f · David Beniamine · b41eea68 · 225cd69a · 9a65746f · 9a65746f
Commit 9a65746f authored 2 months ago by David Beniamine
--- a/Readme.md
+++ b/Readme.md
@@ -35,6 +35,16 @@ Setup following fields :
 12. Go to Configuration > Email and configure the mail server
 13. Go to Configuration > Societe / Organisation and configure the organisation

+## Config Fail2Ban
+
+1. [ ] login in administrator "config" > "moduls/application"
+4. [ ] Activate log modules
+5. [ ] Set log level on "LOG_NOTICE (6)"
+6. [ ] Switch in root user
+7. [ ] `./doli fail2ban`
+8. [ ] Enter name of instance interactivly
+9. [ ] `systemctl restart fail2ban`
+
 ## Databases (For developpement)

 There is a `dumps/` directory in this repository holding a very old dump from a dev instance of Dolibarr 9.x

--- a/doli
+++ b/doli
@@ -33,7 +33,7 @@ usage() {
 	echo "logs"
 	echo -e "\t Follow all usefull logs"
    echo "mysql"
-    echo -e "\topen a mysql prompt in LNB database"
+    echo -e "\t pen a mysql prompt in LNB database"
    echo "mysql_dump"
    echo -e "\t creates a database dump"
    echo "mysql_init"
@@ -50,6 +50,8 @@ usage() {
    echo -e "\t starts the docker stack"
 	echo "tags"
 	echo -e "\t generate ctags"
+	echo "fail2ban"
+	echo -e "\t root only - put fail2ban jail and filter in good directory with good log path"
 }

 if [ "$(is_docker)" -eq 1 ]; then
@@ -161,6 +163,23 @@ case $action in
 		cd $DIR/dolibarr_src
 		ctags -R --fields=+aimlS --languages=php
 		;;
+	"fail2ban")
+		if [ "$EUID" -ne 0 ]
+		  then echo "Please run as root"
+		  exit
+		fi
+		workdir=$PWD
+		echo $workdir
+		read -p "Give name of instance: " name
+		echo $name
+		if [ -f "/etc/fail2ban/jail.d/dolibarr_${name}.conf" ]; then
+		  echo "The jail 'etc/fail2ban/jail.d/dolibarr_${name}.conf' alredy exist."
+		  exit
+		fi
+		cp $workdir/fail2ban/dolibarr_filter.conf /etc/fail2ban/filter.d/dolibarr.conf
+		cp $workdir/fail2ban/dolibarr_jail.conf /etc/fail2ban/jail.d/dolibarr_${name}.conf
+		sed -i "s|LOG_PATH|$workdir/dolibarr_src/documents/dolibarr.log|g" /etc/fail2ban/jail.d/dolibarr_${name}.conf
+		;;
    *)
        echo "ERROR: No command given"
        usage

--- a/fail2ban/dolibarr_filter.conf
+++ b/fail2ban/dolibarr_filter.conf
+# Fail2Ban configuration file
+#
+# Regexp to detect try to check a couple login/password so we can add mitigation
+# on IP making too much tries.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
+#
+# then
+# fail2ban-client status web-dolibarr-rulesbruteforce
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched
+
+#failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
+failregex = ^.*NOTICE\s+<HOST>\s+\d+\s+\d+\s+functions_[^\s]+::check_user_[^\s]+ Authentication KO
+ignoreregex =
--- a/fail2ban/dolibarr_jail.conf
+++ b/fail2ban/dolibarr_jail.conf
+[dolibarr]
+enabled = true
+filter = dolibarr
+logpath = LOG_PATH
+chain = DOCKER-USER
+port = http,https
+findtime = 130m
+banaction = docker-page
+maxretry = 5