From 663cd4ac223cfdc12d784acae35c599f04c80132 Mon Sep 17 00:00:00 2001 From: nbenedek Date: Wed, 7 Sep 2022 18:33:15 +0200 Subject: [PATCH] wordpress: Add fail2ban filter and jail - I tested the changes with the VirtualBox image with a bridged network adapter. After ten failed authentication attempts, my IP got blocked as expected. - This setup uses apache's logs to filter the attempts. A wordpress [plugin](https://wordpress.org/plugins/wp-fail2ban/) exists for redirecting the logs to syslog, but that needs to be packaged. Signed-off-by: nbenedek [sunil: Drop logpath as logs are expected to go to journald] [sunil: Update regex to match only failures and not successful logins] Signed-off-by: Sunil Mohan Adapa Reviewed-by: Sunil Mohan Adapa --- .../data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf | 2 ++ .../data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf | 3 +++ 2 files changed, 5 insertions(+) create mode 100644 plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf create mode 100644 plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf diff --git a/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf new file mode 100644 index 000000000..6942f7502 --- /dev/null +++ b/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf @@ -0,0 +1,2 @@ +[Definition] +failregex = .* .* "POST /wordpress/wp-login.php HTTP/\S+" 200 diff --git a/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf new file mode 100644 index 000000000..6323016c5 --- /dev/null +++ b/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf @@ -0,0 +1,3 @@ +[wordpress-auth-freedombox] +enabled = true +filter = wordpress-auth-freedombox