From 2bc280bb3f228cd0c2544ae2a6e0c6e76923b0a5 Mon Sep 17 00:00:00 2001 From: Dario B Date: Sat, 15 Feb 2020 19:11:03 +0100 Subject: [PATCH 01/14] Update Dockerfile --- Dockerfile | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index a22e0b5..87fab59 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ FROM neomediatech/ubuntu-base:latest -ENV VERSION=0.10.2-2 \ - SERVICE=fail2ban +ENV VERSION=0.10.5 \ + SERVICE=fail2ban \ + FAIL2BAN_VERSION=0.10.5 LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.version=$VERSION \ @@ -10,10 +11,21 @@ LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.maintainer=Neomediatech RUN apt update && apt-get -y dist-upgrade && \ - apt-get install -y --no-install-recommends fail2ban ipset iptables ssmtp redis-tools curl whois && \ + apt-get install -y --no-install-recommends ca-certificates python3 python-setuptools \ + python3-pycurl wget ipset iptables ssmtp redis-tools curl whois && \ rm -rf /var/lib/apt/lists* && \ rm -rf /etc/fail2ban/jail.d && \ - mkdir -p /var/run/fail2ban + mkdir -p /var/run/fail2ban && \ + cd /tmp && \ + wget https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz -O fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ + tar xvzf fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ + cd fail2ban-${FAIL2BAN_VERSION} && \ + python setup.py install && \ + cd / && \ + mkdir -p /usr/local/etc/fail2ban && \ + cp -rp /etc/fail2ban /usr/local/etc && \ + rm -rfv /tmp/* + COPY entrypoint.sh /entrypoint.sh From d204434214062ea07f16f9ed9ebe55a6ceb10bcc Mon Sep 17 00:00:00 2001 From: Dario B Date: Sat, 15 Feb 2020 19:13:13 +0100 Subject: [PATCH 02/14] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 87fab59..9680a61 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.vcs-url=https://github.com/Neomediatech/${SERVICE} \ org.label-schema.maintainer=Neomediatech -RUN apt update && apt-get -y dist-upgrade && \ +RUN apt-get update && apt-get -y dist-upgrade && \ apt-get install -y --no-install-recommends ca-certificates python3 python-setuptools \ python3-pycurl wget ipset iptables ssmtp redis-tools curl whois && \ rm -rf /var/lib/apt/lists* && \ From e837ae8d3864c7358662c4a87c6ed1a5b706d2c9 Mon Sep 17 00:00:00 2001 From: Dario B Date: Sat, 15 Feb 2020 19:24:14 +0100 Subject: [PATCH 03/14] Update entrypoint.sh --- entrypoint.sh | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 1eddf3c..7419b6f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,14 +41,7 @@ echo "Initializing files and folders..." mkdir -p /data/db /data/action.d /data/filter.d /data/jail.d /var/log /dnsbl-log touch /var/log/{mainlog,dovecot.log,opencanary.log,auth.log} /dnsbl-log/dnsbl-for-fail2ban.log chmod 666 /var/log/* /dnsbl-log/dnsbl-for-fail2ban.log -ln -sf /data/jail.d /etc/fail2ban/ - -# Set some settings in jail.d/10-defaults.conf -DEFAULTS_FILE="/data/jail.d/10-defaults.conf" -if [ -f "${DEFAULTS_FILE}" ]; then - [ -n "${NODE_NAME}" ] && sed -i "s/^nodename.*/nodename = ${NODE_NAME}/g" "${DEFAULTS_FILE}" - [ -n "${IGNORE_IP}" ] && sed -i "s/^ignoreip.*/ignoreip = ${IGNORE_IP}/g" "${DEFAULTS_FILE}" -fi +#ln -sf /data/jail.d /etc/fail2ban/ # Fail2ban conf echo "Setting Fail2ban configuration..." @@ -101,6 +94,25 @@ for filter in ${filters}; do ln -sf "/data/filter.d/${filter}" "/etc/fail2ban/filter.d/" done +# Set some settings in jail.d/10-defaults.conf +DEFAULTS_FILE="/data/jail.d/10-defaults.conf" +if [ -f "${DEFAULTS_FILE}" ]; then + [ -n "${NODE_NAME}" ] && sed -i "s/^nodename.*/nodename = ${NODE_NAME}/g" "${DEFAULTS_FILE}" + [ -n "${IGNORE_IP}" ] && sed -i "s/^ignoreip.*/ignoreip = ${IGNORE_IP}/g" "${DEFAULTS_FILE}" +fi + +# Check custom jails +echo "Checking for custom jails in /data/jail.d..." +jails=$(ls -l /data/jail.d | egrep '^-' | awk '{print $9}') +for jail in ${jails}; do + if [ -f "/etc/fail2ban/jail.d/${jail}" ]; then + echo " WARNING: ${jail} already exists and will be overriden" + rm -f "/etc/fail2ban/jail.d/${jail}" + fi + echo " Add custom jail ${jail}..." + ln -sf "/data/jail.d/${jail}" "/etc/fail2ban/jail.d/" +done + [ ! -d "${F2B_LOGDIR}" ] && mkdir -p "${F2B_LOGDIR}" LOGFILE="${F2B_LOGDIR}/fail2ban.log" if [ ! -f $LOGFILE ]; then From 8ec9e681a70647437712b6ebe22b55a18d05cfb2 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 23 Nov 2020 17:08:31 +0100 Subject: [PATCH 04/14] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9680a61..8e25b3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM neomediatech/ubuntu-base:latest -ENV VERSION=0.10.5 \ +ENV VERSION=0.11.1 \ SERVICE=fail2ban \ - FAIL2BAN_VERSION=0.10.5 + FAIL2BAN_VERSION=0.11.1 LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.version=$VERSION \ From c3a282619aa64f02c8469517028a848c6cc292b8 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 23 Nov 2020 17:15:55 +0100 Subject: [PATCH 05/14] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8e25b3d..a60edda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM neomediatech/ubuntu-base:latest +FROM neomediatech/ubuntu-base:20.04 ENV VERSION=0.11.1 \ SERVICE=fail2ban \ @@ -20,7 +20,7 @@ RUN apt-get update && apt-get -y dist-upgrade && \ wget https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz -O fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ tar xvzf fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ cd fail2ban-${FAIL2BAN_VERSION} && \ - python setup.py install && \ + python2.7 setup.py install && \ cd / && \ mkdir -p /usr/local/etc/fail2ban && \ cp -rp /etc/fail2ban /usr/local/etc && \ From e7aa198e2a5e28ed46ac13877d1c1af70d3458d9 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 23 Nov 2020 17:19:57 +0100 Subject: [PATCH 06/14] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a60edda..4205290 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.maintainer=Neomediatech RUN apt-get update && apt-get -y dist-upgrade && \ - apt-get install -y --no-install-recommends ca-certificates python3 python-setuptools \ + apt-get install -y --no-install-recommends ca-certificates python3 python3-setuptools \ python3-pycurl wget ipset iptables ssmtp redis-tools curl whois && \ rm -rf /var/lib/apt/lists* && \ rm -rf /etc/fail2ban/jail.d && \ @@ -20,7 +20,7 @@ RUN apt-get update && apt-get -y dist-upgrade && \ wget https://github.com/fail2ban/fail2ban/archive/${FAIL2BAN_VERSION}.tar.gz -O fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ tar xvzf fail2ban-${FAIL2BAN_VERSION}.tar.gz && \ cd fail2ban-${FAIL2BAN_VERSION} && \ - python2.7 setup.py install && \ + python3 setup.py install && \ cd / && \ mkdir -p /usr/local/etc/fail2ban && \ cp -rp /etc/fail2ban /usr/local/etc && \ From fe02a0f0d446d139eb30834d30116843d0580f7a Mon Sep 17 00:00:00 2001 From: Dario B Date: Tue, 18 May 2021 17:57:09 +0200 Subject: [PATCH 07/14] Update entrypoint.sh --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 7419b6f..611fe10 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -40,7 +40,7 @@ unset SSMTP_PASSWORD echo "Initializing files and folders..." mkdir -p /data/db /data/action.d /data/filter.d /data/jail.d /var/log /dnsbl-log touch /var/log/{mainlog,dovecot.log,opencanary.log,auth.log} /dnsbl-log/dnsbl-for-fail2ban.log -chmod 666 /var/log/* /dnsbl-log/dnsbl-for-fail2ban.log +chmod 666 $(find /var/log/ -type f) /dnsbl-log/dnsbl-for-fail2ban.log #ln -sf /data/jail.d /etc/fail2ban/ # Fail2ban conf From d8a278839ce383901d7545f9f884b3a21044d5d9 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 6 Dec 2021 17:54:42 +0100 Subject: [PATCH 08/14] Delete neo.conf --- confs/jail.d/neo.conf | 151 ------------------------------------------ 1 file changed, 151 deletions(-) delete mode 100644 confs/jail.d/neo.conf diff --git a/confs/jail.d/neo.conf b/confs/jail.d/neo.conf deleted file mode 100644 index 3a8b46f..0000000 --- a/confs/jail.d/neo.conf +++ /dev/null @@ -1,151 +0,0 @@ -[exim-auth] -enabled = true -port = 25,465,587,143,993,110,995 -filter = exim-auth -logpath = /var/log/mainlog -findtime = 7200 -bantime = 86400 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SMTP auth)", key="bad:deny:%(__name__)s:%(nodename)s:0"] - -[exim-bad-sender] -enabled = true -port = smtp,ssmtp,587 -filter = exim-bad-sender-neo -logpath = /var/log/mainlog -findtime = 3600 -bantime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s", key="bad:deny:%(__name__)s:%(nodename)s:0"] - -[exim-defer] -enabled = true -port = smtp,ssmtp,587 -filter = exim-defer-neo -logpath = /var/log/mainlog -findtime = 3600 -bantime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - -[exim-redis-neo] -enabled = yes -port = 25,465,587,110,143,993,995 -bantime = 3600 -findtime = 3600 -maxretry = 3 -filter = exim-redis-neo -logpath = /var/log/mainlog -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - -[mail-cbl] -enabled = true -port = 25,465,587 -filter = exim-cbl -logpath = /var/log/mainlog -bantime = 7200 -findtime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="REJECTED - see https://www.abuseat.org/lookup.cgi for details ", key="bad:deny:cbl:%(nodename)s:1"] - -[dovecot] -enabled = true -port = 110,143,993,995 -filter = dovecot -logpath = /var/log/dovecot.log -bantime = 3600 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (IMAP/POP auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="pop,imap,pops,imaps",msg=" POP/IMAP %(abusemsg)s server (%(nodename)s)"] - -[mysqld] -enabled = true -port = 3306 -#filter = mysql-auth-neo -#logpath = /var/log/mysql.log -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -findtime = 3600 -bantime = 14400 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SQL auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" SQL %(abusemsg)s MySQL/MariaDB server (%(nodename)s)"] - -[ssh] -enabled = true -port = 22 -#filter = sshd -#logpath = /var/log/messages -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s",find=".*PASSWORD"] -bantime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SSH auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18,22",port="ssh",msg=" SSH %(abusemsg)s server (%(nodename)s)"] - -[telnet] -enabled = true -port = 23 -#logpath = /var/log/telnet.log -logpath = /var/log/opencanary.log -#filter = telnet-neo -filter = opencanary-neo[port="%(port)s"] -bantime = 28800 -findtime = 3600 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (TELNET auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="telnet",msg=" Telnet %(abusemsg)s server (%(nodename)s)"] - -[mssql] -enabled = true -port = 1433 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (MSSQL auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" MSSQL %(abusemsg)s server (%(nodename)s)"] - -[vnc] -enabled = true -port = 5900 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (VNC auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" VNC %(abusemsg)s server (%(nodename)s)"] - -[redis] -enabled = true -port = 6379 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (REDIS auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" REDIS %(abusemsg)s server (%(nodename)s)"] - -[dnsbl] -enabled = yes -maxretry = 1 -findtime = 1200 -bantime = 3600 -filter = dnsbl-neo -logpath = /dnsbl-log/dnsbl-for-fail2ban.log -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s", key="bad:deny:%(__name__)s:%(nodename)s:0"] - - From 176c5b734a255cd3c695a4a3b4731acd995853f0 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 6 Dec 2021 18:09:38 +0100 Subject: [PATCH 09/14] change logfile creation --- Dockerfile | 4 +- confs/jail.d/neo.conf | 151 ------------------------------------------ entrypoint.sh | 48 ++++++++++---- 3 files changed, 36 insertions(+), 167 deletions(-) delete mode 100644 confs/jail.d/neo.conf diff --git a/Dockerfile b/Dockerfile index 4205290..c8e311c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM neomediatech/ubuntu-base:20.04 -ENV VERSION=0.11.1 \ +ENV VERSION=0.11.2 \ SERVICE=fail2ban \ FAIL2BAN_VERSION=0.11.1 @@ -11,7 +11,7 @@ LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.maintainer=Neomediatech RUN apt-get update && apt-get -y dist-upgrade && \ - apt-get install -y --no-install-recommends ca-certificates python3 python3-setuptools \ + apt-get install -y --no-install-recommends --no-install-suggests ca-certificates python3 python3-setuptools \ python3-pycurl wget ipset iptables ssmtp redis-tools curl whois && \ rm -rf /var/lib/apt/lists* && \ rm -rf /etc/fail2ban/jail.d && \ diff --git a/confs/jail.d/neo.conf b/confs/jail.d/neo.conf deleted file mode 100644 index 3a8b46f..0000000 --- a/confs/jail.d/neo.conf +++ /dev/null @@ -1,151 +0,0 @@ -[exim-auth] -enabled = true -port = 25,465,587,143,993,110,995 -filter = exim-auth -logpath = /var/log/mainlog -findtime = 7200 -bantime = 86400 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SMTP auth)", key="bad:deny:%(__name__)s:%(nodename)s:0"] - -[exim-bad-sender] -enabled = true -port = smtp,ssmtp,587 -filter = exim-bad-sender-neo -logpath = /var/log/mainlog -findtime = 3600 -bantime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s", key="bad:deny:%(__name__)s:%(nodename)s:0"] - -[exim-defer] -enabled = true -port = smtp,ssmtp,587 -filter = exim-defer-neo -logpath = /var/log/mainlog -findtime = 3600 -bantime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - -[exim-redis-neo] -enabled = yes -port = 25,465,587,110,143,993,995 -bantime = 3600 -findtime = 3600 -maxretry = 3 -filter = exim-redis-neo -logpath = /var/log/mainlog -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - -[mail-cbl] -enabled = true -port = 25,465,587 -filter = exim-cbl -logpath = /var/log/mainlog -bantime = 7200 -findtime = 3600 -maxretry = 1 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="REJECTED - see https://www.abuseat.org/lookup.cgi for details ", key="bad:deny:cbl:%(nodename)s:1"] - -[dovecot] -enabled = true -port = 110,143,993,995 -filter = dovecot -logpath = /var/log/dovecot.log -bantime = 3600 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (IMAP/POP auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="pop,imap,pops,imaps",msg=" POP/IMAP %(abusemsg)s server (%(nodename)s)"] - -[mysqld] -enabled = true -port = 3306 -#filter = mysql-auth-neo -#logpath = /var/log/mysql.log -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -findtime = 3600 -bantime = 14400 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SQL auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" SQL %(abusemsg)s MySQL/MariaDB server (%(nodename)s)"] - -[ssh] -enabled = true -port = 22 -#filter = sshd -#logpath = /var/log/messages -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s",find=".*PASSWORD"] -bantime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (SSH auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18,22",port="ssh",msg=" SSH %(abusemsg)s server (%(nodename)s)"] - -[telnet] -enabled = true -port = 23 -#logpath = /var/log/telnet.log -logpath = /var/log/opencanary.log -#filter = telnet-neo -filter = opencanary-neo[port="%(port)s"] -bantime = 28800 -findtime = 3600 -maxretry = 2 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (TELNET auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="telnet",msg=" Telnet %(abusemsg)s server (%(nodename)s)"] - -[mssql] -enabled = true -port = 1433 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (MSSQL auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" MSSQL %(abusemsg)s server (%(nodename)s)"] - -[vnc] -enabled = true -port = 5900 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (VNC auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" VNC %(abusemsg)s server (%(nodename)s)"] - -[redis] -enabled = true -port = 6379 -logpath = /var/log/opencanary.log -filter = opencanary-neo[port="%(port)s"] -bantime = 360000 -findtime = 3600 -maxretry = 3 -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s (REDIS auth)", key="bad:deny:%(__name__)s-auth:%(nodename)s:0"] - abuseipdb[category="18",port="%(port)s",msg=" REDIS %(abusemsg)s server (%(nodename)s)"] - -[dnsbl] -enabled = yes -maxretry = 1 -findtime = 1200 -bantime = 3600 -filter = dnsbl-neo -logpath = /dnsbl-log/dnsbl-for-fail2ban.log -action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] - redis[ttl="%(bantime)s", msg="From:%(nodename)s-%(__name__)s", key="bad:deny:%(__name__)s:%(nodename)s:0"] - - diff --git a/entrypoint.sh b/entrypoint.sh index 611fe10..752bfd9 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -39,10 +39,15 @@ unset SSMTP_PASSWORD # Init echo "Initializing files and folders..." mkdir -p /data/db /data/action.d /data/filter.d /data/jail.d /var/log /dnsbl-log -touch /var/log/{mainlog,dovecot.log,opencanary.log,auth.log} /dnsbl-log/dnsbl-for-fail2ban.log -chmod 666 $(find /var/log/ -type f) /dnsbl-log/dnsbl-for-fail2ban.log #ln -sf /data/jail.d /etc/fail2ban/ +# Set some settings in jail.d/10-defaults.conf +DEFAULTS_FILE="/data/jail.d/10-defaults.conf" +if [ -f "${DEFAULTS_FILE}" ]; then + [ -n "${NODE_NAME}" ] && sed -i "s/^nodename.*/nodename = ${NODE_NAME}/g" "${DEFAULTS_FILE}" + [ -n "${IGNORE_IP}" ] && sed -i "s/^ignoreip.*/ignoreip = ${IGNORE_IP}/g" "${DEFAULTS_FILE}" +fi + # Fail2ban conf echo "Setting Fail2ban configuration..." # sed -i "s/logtarget =.*/logtarget = STDOUT/g" /etc/fail2ban/fail2ban.conf @@ -94,23 +99,38 @@ for filter in ${filters}; do ln -sf "/data/filter.d/${filter}" "/etc/fail2ban/filter.d/" done -# Set some settings in jail.d/10-defaults.conf -DEFAULTS_FILE="/data/jail.d/10-defaults.conf" -if [ -f "${DEFAULTS_FILE}" ]; then - [ -n "${NODE_NAME}" ] && sed -i "s/^nodename.*/nodename = ${NODE_NAME}/g" "${DEFAULTS_FILE}" - [ -n "${IGNORE_IP}" ] && sed -i "s/^ignoreip.*/ignoreip = ${IGNORE_IP}/g" "${DEFAULTS_FILE}" +# Set some settings in jail.d/10-defaults.conf +DEFAULTS_FILE="/data/jail.d/10-defaults.conf" +if [ -f "${DEFAULTS_FILE}" ]; then + [ -n "${NODE_NAME}" ] && sed -i "s/^nodename.*/nodename = ${NODE_NAME}/g" "${DEFAULTS_FILE}" + [ -n "${IGNORE_IP}" ] && sed -i "s/^ignoreip.*/ignoreip = ${IGNORE_IP}/g" "${DEFAULTS_FILE}" fi # Check custom jails echo "Checking for custom jails in /data/jail.d..." jails=$(ls -l /data/jail.d | egrep '^-' | awk '{print $9}') -for jail in ${jails}; do - if [ -f "/etc/fail2ban/jail.d/${jail}" ]; then - echo " WARNING: ${jail} already exists and will be overriden" - rm -f "/etc/fail2ban/jail.d/${jail}" - fi - echo " Add custom jail ${jail}..." - ln -sf "/data/jail.d/${jail}" "/etc/fail2ban/jail.d/" +if [ -n "$jails" ]; then + for jail in ${jails}; do + if [ -f "/etc/fail2ban/jail.d/${jail}" ]; then + echo " WARNING: ${jail} already exists and will be overriden" + rm -f "/etc/fail2ban/jail.d/${jail}" + fi + echo " Add custom jail ${jail}..." + ln -sf "/data/jail.d/${jail}" "/etc/fail2ban/jail.d/" + done +fi + +for file in $(ls /etc/fail2ban/jail.d); do + LOGPATHS="$(grep logpath /etc/fail2ban/jail.d/$file | awk -F= '{print $2}')" + for LOGPATH in $LOGPATHS; do + if [ ! -e "$LOGPATH" ]; then + mkdir -p "$(dirname "$LOGPATH")" + touch "$LOGPATH" + chmod 666 "$LOGPATH" + fi + done + touch /dnsbl-log/dnsbl-for-fail2ban.log + chmod 666 /dnsbl-log/dnsbl-for-fail2ban.log done [ ! -d "${F2B_LOGDIR}" ] && mkdir -p "${F2B_LOGDIR}" From 07aacf71234f1942ecc81d847595f636da59c5bd Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 6 Dec 2021 18:24:24 +0100 Subject: [PATCH 10/14] change version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c8e311c..4638f30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM neomediatech/ubuntu-base:20.04 ENV VERSION=0.11.2 \ SERVICE=fail2ban \ - FAIL2BAN_VERSION=0.11.1 + FAIL2BAN_VERSION=0.11.2 LABEL maintainer="docker-dario@neomediatech.it" \ org.label-schema.version=$VERSION \ From 8a7796bb2a5b440d7501ddb9753f7d8e056412ae Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 6 Dec 2021 18:29:08 +0100 Subject: [PATCH 11/14] change fail2ban log path --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 752bfd9..01deed1 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,7 +7,7 @@ F2B_DEST_EMAIL=${F2B_DEST_EMAIL:-root@localhost} F2B_SENDER=${F2B_SENDER:-root@$(hostname -f)} F2B_ACTION=${F2B_ACTION:-%(action_)s} F2B_IPTABLES_CHAIN=${F2B_IPTABLES_CHAIN:-DOCKER-USER} -F2B_LOGDIR=${F2B_LOGDIR:-/data/log} +F2B_LOGDIR=${F2B_LOGDIR:-/var/log} SSMTP_PORT=${SSMTP_PORT:-25} SSMTP_HOSTNAME=${SSMTP_HOSTNAME:-$(hostname -f)} From 9669902b58c975f6763c35461e106ac5d8f82dcb Mon Sep 17 00:00:00 2001 From: Dario B Date: Thu, 9 Dec 2021 19:02:13 +0100 Subject: [PATCH 12/14] Added manual blacklist logic See [confs/jail.d](confs/jail.d). --- .gitignore | 4 +++ README.md | 4 +-- confs/action.d/manual-blacklist.local | 49 +++++++++++++++++++++++++++ confs/filter.d/manual-blacklist.conf | 21 ++++++++++++ confs/jail.d/10-defaults.conf | 2 +- confs/jail.d/manual-blacklist.conf | 9 +++++ 6 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 confs/action.d/manual-blacklist.local create mode 100644 confs/filter.d/manual-blacklist.conf create mode 100644 confs/jail.d/manual-blacklist.conf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..479f07a --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +trigger-build.sh +run.sh +vars +tests/ diff --git a/README.md b/README.md index 2aee227..ceecf8e 100644 --- a/README.md +++ b/README.md @@ -25,10 +25,10 @@ Clone this repo if you want to use configs already set by me. ``` BASE_DIR="/srv/data/docker/containers/fail2ban/" NAME="fail2ban" -docker run -d --privileged --net=host --name $NAME --hostname $NAME -v $BASED_DIR/confs:/data neomediatech/$NAME +docker run -d --privileged --net=host --name $NAME --hostname $NAME -v $BASE_DIR/confs:/data neomediatech/$NAME ``` Add a bind mount where to point your logs that f2b need to monitor for ex: -`-v $BASED_DIR/logs:/var/log` +`-v $BASE_DIR/logs:/var/log` ## Warning Portainer doesn't understand `env_file` parameter (at least for now, 27 feb 2019). diff --git a/confs/action.d/manual-blacklist.local b/confs/action.d/manual-blacklist.local new file mode 100644 index 0000000..99aa55c --- /dev/null +++ b/confs/action.d/manual-blacklist.local @@ -0,0 +1,49 @@ +# Fail2Ban configuration file +# + +[INCLUDES] + +before = iptables-common.conf + +[Definition] + +actionstart = ipset create hash:ip timeout maxelem 4294967295 + -I -m set --match-set src -j +# [ -f /data/manual-blacklist-ip.list ] && (cat /data/manual-blacklist-ip.list | grep ^[[:digit:]] 2021-12-09 17:36:22 + +actionflush = ipset flush + +actionstop = -D -m set --match-set src -j + + ipset destroy + +actionban = ipset add timeout -exist + +# actionprolong = %(actionban)s + +actionunban = ipset del -exist + +[Init] + +# Option: default-ipsettime +# Notes: specifies default timeout in seconds (handled default ipset timeout only) +# Values: [ NUM ] Default: 0 (no timeout, managed by fail2ban by unban) +default-ipsettime = 0 + +# Option: ipsettime +# Notes: specifies ticket timeout (handled ipset timeout only) +# Values: [ NUM ] Default: 0 (managed by fail2ban by unban) +ipsettime = 0 + +# expresion to caclulate timeout from bantime, example: +# banaction = %(known/banaction)s[ipsettime=''] +timeout-bantime = $([ "" -le 2147483 ] && echo "" || echo 0) + +ipmset = f2b- +familyopt = + + +[Init?family=inet6] + +ipmset = f2b-6 +familyopt = family inet6 diff --git a/confs/filter.d/manual-blacklist.conf b/confs/filter.d/manual-blacklist.conf new file mode 100644 index 0000000..61f63ed --- /dev/null +++ b/confs/filter.d/manual-blacklist.conf @@ -0,0 +1,21 @@ +# Fail2Ban filter for manual blacklisting IP addresses +# +# Write every IP addresses or networks in CIDR format you want in a file, +# one per line, then point this filter to that file. +# + +[INCLUDES] + +before = + +[Definition] + +failregex = \/(.*) + $ + +ignoreregex = + +[Init] + +# var = val + diff --git a/confs/jail.d/10-defaults.conf b/confs/jail.d/10-defaults.conf index e233f8c..851a65b 100644 --- a/confs/jail.d/10-defaults.conf +++ b/confs/jail.d/10-defaults.conf @@ -4,7 +4,7 @@ nodename = honey-node abusemsg = brute force auth on honeypot # -ignoreip = 127.0.0.1/8 +ignoreip = 127.0.0.0/8 bantime = 7200 findtime = 3600 diff --git a/confs/jail.d/manual-blacklist.conf b/confs/jail.d/manual-blacklist.conf new file mode 100644 index 0000000..5196117 --- /dev/null +++ b/confs/jail.d/manual-blacklist.conf @@ -0,0 +1,9 @@ +[manual-blacklisted] +enabled = true +maxretry = 1 +action = manual-blacklist +filter = manual-blacklist +logpath = /var/log/honeypot/manual-blacklisted-ip.log +bantime = -1 +findtime = 86400 + From cf2fd680d3ce76b58e5c3a2389607acf1b9a98d5 Mon Sep 17 00:00:00 2001 From: Dario B Date: Mon, 13 Dec 2021 11:16:32 +0100 Subject: [PATCH 13/14] - added honeypot.conf jail - modified entrypoint.sh to allow sourcing of config parameters from /data/config.ini --- confs/action.d/manual-blacklist.local | 1 - confs/jail.d/honeypot.conf | 165 ++++++++++++++++++++++++++ entrypoint.sh | 2 + 3 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 confs/jail.d/honeypot.conf diff --git a/confs/action.d/manual-blacklist.local b/confs/action.d/manual-blacklist.local index 99aa55c..0cc8a3a 100644 --- a/confs/action.d/manual-blacklist.local +++ b/confs/action.d/manual-blacklist.local @@ -9,7 +9,6 @@ before = iptables-common.conf actionstart = ipset create hash:ip timeout maxelem 4294967295 -I -m set --match-set src -j -# [ -f /data/manual-blacklist-ip.list ] && (cat /data/manual-blacklist-ip.list | grep ^[[:digit:]] 2021-12-09 17:36:22 actionflush = ipset flush diff --git a/confs/jail.d/honeypot.conf b/confs/jail.d/honeypot.conf new file mode 100644 index 0000000..9f8adb1 --- /dev/null +++ b/confs/jail.d/honeypot.conf @@ -0,0 +1,165 @@ +[exim-auth] +enabled = true +port = 25,465,587,143,993,110,995 +filter = exim-auth +logpath = /var/log/honeypot/exim4/mainlog +findtime = 7200 +bantime = 86400 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + ipblock[port="%(port)s",msg="Trying SMTP Auth on honeypot (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[exim-bad-sender] +enabled = true +port = smtp,ssmtp,587 +filter = exim-bad-sender-neo +logpath = /var/log/honeypot/exim4/mainlog +findtime = 3600 +bantime = 3600 +maxretry = 1 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + ipblock[category="smtp-bad-sender",port="%(port)s",msg="BAD senders. From (%(nodename)s)",bantime="%(bantime)s",db=neo] + +[exim-defer] +enabled = true +port = smtp,ssmtp,587 +filter = exim-defer-neo +logpath = /var/log/honeypot/exim4/mainlog +findtime = 3600 +bantime = 3600 +maxretry = 1 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + +[exim-redis-neo] +enabled = yes +port = 25,465,587,110,143,993,995 +bantime = 3600 +findtime = 3600 +maxretry = 3 +filter = exim-redis-neo +logpath = /var/log/honeypot/exim4/mainlog +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + +[mail-cbl] +enabled = true +port = 25,465,587 +filter = exim-cbl +logpath = /var/log/honeypot/exim4/mainlog +bantime = 7200 +findtime = 3600 +maxretry = 1 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + ipblock[category="cbl",port="%(port)s",msg=" Access on SMTP ports, found on CBL.abuseat (%(nodename)s)", bantime=%(bantime)s, db=cbl] + +[dovecot] +enabled = true +port = 110,143,993,995 +filter = dovecot +logpath = /var/log/honeypot/dovecot.log +bantime = 3600 +maxretry = 1 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="pop,imap,pops,imaps",msg=" POP/IMAP %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg=" POP/IMAP %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[mysqld] +enabled = true +port = 7200 +#filter = mysql-auth-neo +#logpath = /var/log/mysql.log +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s"] +findtime = 3600 +bantime = 14400 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="%(port)s",msg=" SQL %(abusemsg)s MySQL/MariaDB server (%(nodename)s)"] + ipblock[port="%(port)s",msg=" SQL %(abusemsg)s MySQL/MariaDB server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[ssh] +enabled = true +port = 22 +#filter = sshd +#logpath = /var/log/messages +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s",find=".*PASSWORD"] +bantime = 7200 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18,22",port="ssh",msg=" SSH %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg=" SSH %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[telnet] +enabled = true +port = 23 +#logpath = /var/log/telnet.log +logpath = /var/log/honeypot/opencanary.log +#filter = telnet-neo +filter = opencanary-neo[port="%(port)s"] +bantime = 28800 +findtime = 3600 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="telnet",msg=" Telnet %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg="Telnet %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[mssql] +enabled = true +port = 1433 +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s"] +bantime = 360000 +findtime = 3600 +maxretry = 3 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="%(port)s",msg=" MSSQL %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg="MSSQL %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[vnc] +enabled = true +port = 5900 +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s"] +bantime = 360000 +findtime = 14400 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="%(port)s",msg=" VNC %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg="VNC %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=auth] + +[redis] +enabled = true +port = 6379 +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s"] +bantime = 360000 +findtime = 3600 +maxretry = 3 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + abuseipdb[category="18",port="%(port)s",msg=" REDIS %(abusemsg)s server (%(nodename)s)"] + ipblock[port="%(port)s",msg="REDIS %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=neo] + +################# +# il filtro "find" non sta funzionando, non so come mai +################## +[rdp-mstshash] +enabled = true +port = random +logpath = /var/log/honeypot/opencanary.log +filter = opencanary-neo[port="%(port)s",find=".*mstshash.*FUNCTION.*DATA_RECEIVED.*"] +bantime = 7200 +maxretry = 2 +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + ipblock[port="%(port)s",msg="RDP abuse with mstshash pattern %(abusemsg)s server (%(nodename)s)", bantime=%(bantime)s, db=neo] + +[dnsbl] +enabled = yes +maxretry = 1 +findtime = 1200 +bantime = 3600 +filter = dnsbl-neo +logpath = /var/log/honeypot/dnsbl-ipset/dnsbl-for-fail2ban.log +action = iptables-ipset-proto6-allports[name=%(__name__)s, port="%(port)s", protocol="tcp", chain="%(chain)s", bantime=%(bantime)s] + ipblock[category="dnsbl_ipset",port="to be done",msg=" From (%(nodename)s) with dnsbl_ipset",bantime="%(bantime)s",db=dnsbl_ipset] + dnsbl-ipset + diff --git a/entrypoint.sh b/entrypoint.sh index 01deed1..9d1317e 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -13,6 +13,8 @@ SSMTP_PORT=${SSMTP_PORT:-25} SSMTP_HOSTNAME=${SSMTP_HOSTNAME:-$(hostname -f)} SSMTP_TLS=${SSMTP_TLS:-NO} +[ -f /data/config.ini ] && source /data/config.ini + # SSMTP echo "Setting SSMTP configuration..." if [ -z "$SSMTP_HOST" ] ; then From bc68a53a5cbc85089fdcc96351668c8fa45c6a4a Mon Sep 17 00:00:00 2001 From: Dario B Date: Wed, 9 Nov 2022 16:11:10 +0100 Subject: [PATCH 14/14] add fail2ban 1.0.1 version on Ubunru 22.04 --- Dockerfile.22.04 | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 Dockerfile.22.04 diff --git a/Dockerfile.22.04 b/Dockerfile.22.04 new file mode 100644 index 0000000..e03c9c0 --- /dev/null +++ b/Dockerfile.22.04 @@ -0,0 +1,38 @@ +FROM neomediatech/ubuntu-base:22.04 + +ENV SERVICE=fail2ban \ + APP_VERSION=1.0.1 + +LABEL maintainer="docker-dario@neomediatech.it" \ + org.label-schema.version=$APP_VERSION \ + org.label-schema.vcs-type=Git \ + org.label-schema.vcs-url=https://github.com/Neomediatech/${SERVICE} \ + org.label-schema.maintainer=Neomediatech + +RUN apt-get update && apt-get -y dist-upgrade && \ + apt-get install -y --no-install-recommends --no-install-suggests \ + libexpat1 libmpdec3 libpython3-stdlib libpython3.10-minimal libpython3.10-stdlib \ + libreadline8 libsqlite3-0 media-types python3 python3-minimal python3.10 python3.10-minimal \ + readline-common wget ipset iptables ssmtp redis-tools curl whois ca-certificates && \ + rm -rf /var/lib/apt/lists* && \ + rm -rf /etc/fail2ban/jail.d && \ + mkdir -p /var/run/fail2ban && \ + cd /tmp && \ + wget https://github.com/fail2ban/fail2ban/releases/download/1.0.1/fail2ban_${APP_VERSION}-1.upstream1_all.deb && \ + dpkg -i fail2ban_${APP_VERSION}-1.upstream1_all.deb && \ + cd / && \ + #mkdir -p /usr/local/etc/fail2ban && \ + #cp -rp /etc/fail2ban /usr/local/etc && \ + rm -rfv /tmp/* + + +COPY entrypoint.sh /entrypoint.sh + +RUN chmod a+x /entrypoint.sh + +VOLUME [ "/data" ] + +ENTRYPOINT [ "/tini", "--", "/entrypoint.sh" ] +CMD [ "fail2ban-server", "-f", "-x", "-v", "start" ] + +HEALTHCHECK --interval=30s --timeout=5s CMD fail2ban-client ping