From 9cc91441ff02e0f2242b4da2395dfab3220df26b Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 28 Sep 2022 15:05:10 -0700 Subject: [PATCH] wordpress: Update fail2ban filter - Name of the jail has to be less than 29 characters for an iptables/nft chain to be created. - Make the regular expressions more specific to avoid matching incorrect fields for . - Added journalmatch to improve performance by matching the regular expressions against only specific journal entries. Tests: - Run setup.py, remove the old jail and filter files. Restart fail2ban and make 10 incorrect login attempts. The IP address gets banned for 10 minutes. - Not run: Build new freedombox package and upgrade from older version to see that old configuration files have been removed. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- debian/freedombox.maintscript | 2 ++ .../etc/fail2ban/filter.d/wordpress-auth-freedombox.conf | 2 -- .../data/etc/fail2ban/filter.d/wordpress-freedombox.conf | 7 +++++++ .../etc/fail2ban/jail.d/wordpress-auth-freedombox.conf | 3 --- .../data/etc/fail2ban/jail.d/wordpress-freedombox.conf | 4 ++++ 5 files changed, 13 insertions(+), 5 deletions(-) delete mode 100644 plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf create mode 100644 plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-freedombox.conf delete mode 100644 plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf create mode 100644 plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-freedombox.conf diff --git a/debian/freedombox.maintscript b/debian/freedombox.maintscript index 49e3fb9ac..8f0d298fc 100644 --- a/debian/freedombox.maintscript +++ b/debian/freedombox.maintscript @@ -21,3 +21,5 @@ rm_conffile /etc/plinth/modules-enabled/mldonkey 22.4~ rm_conffile /etc/apache2/conf-available/mldonkey-freedombox.conf 22.4~ rm_conffile /etc/apache2/sites-available/plinth.conf 22.16~ rm_conffile /etc/apache2/sites-available/plinth-ssl.conf 22.16~ +rm_conffile /etc/fail2ban/jail.d/wordpress-auth-freedombox.conf 22.22~ +rm_conffile /etc/fail2ban/filter.d/wordpress-auth-freedombox.conf 22.22~ diff --git a/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf deleted file mode 100644 index 6942f7502..000000000 --- a/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-auth-freedombox.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Definition] -failregex = .* .* "POST /wordpress/wp-login.php HTTP/\S+" 200 diff --git a/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-freedombox.conf new file mode 100644 index 000000000..44403b5eb --- /dev/null +++ b/plinth/modules/wordpress/data/etc/fail2ban/filter.d/wordpress-freedombox.conf @@ -0,0 +1,7 @@ +[INCLUDES] +before = common.conf + +[Definition] +_daemon = apache-access +prefregex = %(__prefix_line)s +failregex = \S+ - \S+ \[[^\]]*\] "POST /wordpress/wp-login.php HTTP/\S+" 200 diff --git a/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf deleted file mode 100644 index 6323016c5..000000000 --- a/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-auth-freedombox.conf +++ /dev/null @@ -1,3 +0,0 @@ -[wordpress-auth-freedombox] -enabled = true -filter = wordpress-auth-freedombox diff --git a/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-freedombox.conf b/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-freedombox.conf new file mode 100644 index 000000000..d68d99506 --- /dev/null +++ b/plinth/modules/wordpress/data/etc/fail2ban/jail.d/wordpress-freedombox.conf @@ -0,0 +1,4 @@ +[wordpress-freedombox] +enabled = true +filter = wordpress-freedombox +journalmatch = SYSLOG_IDENTIFIER=apache-access