adding #17

app/Commands/Fail2banCommand.php

@@ -1,51 +0,0 @@
-<?php
-
-namespace App\Commands;
-
-use Illuminate\Console\Scheduling\Schedule;
-use LaravelZero\Framework\Commands\Command;
-use Illuminate\Support\Facades\File;
-
-use App\Facades\Install;
-
-use Log;
-
-/**
- *
- *
- *
- */
-class Fail2banCommand extends Command
-{
-    /**
-     * The signature of the command.
-     *
-     * @var string
-     */
-    protected $signature = 'fail2ban {--add} {--remove} {configuration}';
-
-    /**
-     * The description of the command.
-     *
-     * @var string
-     */
-    protected $description = 'add and remove configuration';
-
-    /**
-     * Execute the console command.
-     *
-     * @return mixed
-     */
-    public function handle()
-    {
-        $this->line('kk');
-
-        if ($configuration) {
-            $this->error('Configuration...not found!');
-        } else {
-
-            
-            exec('service fail2ban restart');
-        }
-    }
-}

app/Commands/Fail2banDisableCommand.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Commands;
+
+use Illuminate\Console\Scheduling\Schedule;
+use LaravelZero\Framework\Commands\Command;
+
+/**
+ *
+ *
+ *
+ */
+class Fail2banDisableCommand extends Command
+{
+    const FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d';
+    const RESOURCES_JAIL_DIRECTORY = '/resources/fail2ban/jail.d';
+    
+    /**
+     * The signature of the command.
+     *
+     * @var string
+     */
+    protected $signature = 'fail2ban:disable {configuration}';
+
+    /**
+     * The description of the command.
+     *
+     * @var string
+     */
+    protected $description = 'disable fail2ban configuration';
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        // getting configuration
+        $configuration = $this->argument('configuration');
+
+        $source = base_path().self::RESOURCES_JAIL_DIRECTORY.'/'.$configuration.'.conf';
+
+        // configuration not found
+        if (!file_exists($source)) {
+            $this->error('fail2ban...configuration not found');
+            exit();
+        }
+
+        unlink(self::FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf');
+
+        exec('service fail2ban restart');
+        $this->info('fail2ban...'.$configuration.' disabled');
+    }
+}

app/Commands/Fail2banEnableCommand.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace App\Commands;
+
+use Illuminate\Console\Scheduling\Schedule;
+use LaravelZero\Framework\Commands\Command;
+
+use Log;
+
+/**
+ *
+ *
+ *
+ */
+class Fail2banEnableCommand extends Command
+{
+    const FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d';
+    const RESOURCES_JAIL_DIRECTORY = '/resources/fail2ban/jail.d';
+
+    /**
+     * The signature of the command.
+     *
+     * @var string
+     */
+    protected $signature = 'fail2ban:enable {configuration}';
+
+    /**
+     * The description of the command.
+     *
+     * @var string
+     */
+    protected $description = 'enable fail2ban configuration';
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        // getting configuration
+        $configuration = $this->argument('configuration');
+
+        $source = base_path().self::RESOURCES_JAIL_DIRECTORY.'/'.$configuration.'.conf';
+
+        // configuration not found
+        if (!file_exists($source)) {
+            $this->error('fail2ban...configuration not found');
+            exit();
+        }
+
+        $destination = self::FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf';
+
+        copy($source, $destination);
+        $this->info('fail2ban...'.$configuration.' enabled');
+
+        exec('service fail2ban restart');
+    }
+}

install.sh

@@ -50,6 +50,8 @@ filter   = sshd
 logpath  = /var/log/auth-fail2ban.log
 EOF
 
+cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
+touch /var/log/fail2ban.log
 service fail2ban start
 
 echo -e "MCP installed"

resources/fail2ban/filter.d/gitea-auth.conf

@@ -0,0 +1,3 @@
+[Definition]
+failregex =  .*Failed authentication attempt for .* from <HOST>
+ignoreregex =

resources/fail2ban/filter.d/woocommerce-auth.conf

@@ -0,0 +1,8 @@
+# woocommerce auth failed 
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = <HOST>.*POST.*(/account/).* 200
+ignoreregex =

resources/fail2ban/filter.d/wordpress-auth.conf

@@ -0,0 +1,8 @@
+# wordpress login failed 
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 200
+ignoreregex =

resources/fail2ban/jail.d/gitea.conf

@@ -0,0 +1,9 @@
+#
+
+[gitea]
+
+enabled  = true
+filter   = gitea
+port     = http,https
+logpath  = /var/lib/gitea/log/gitea.log
+maxretry = 3

resources/fail2ban/jail.d/nginx-badbots.conf

@@ -0,0 +1,9 @@
+# stop some known malicious bot request patterns
+
+[nginx-badbots]
+
+enabled  = true
+port     = http,https
+filter   = apache-badbots
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-botsearch.conf

@@ -0,0 +1,7 @@
+[nginx-botsearch]
+
+enabled  = true
+port     = http,https
+filter   = nginx-botsearch
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-http-auth.conf

@@ -0,0 +1,9 @@
+# ban clients that are searching for scripts on the website to execute and exploit,
+# only using if php not in use
+
+[nginx-http-auth]
+
+enabled  = true
+filter   = nginx-http-auth
+port     = http,https
+logpath  = /var/log/nginx/*error.log

resources/fail2ban/jail.d/nginx-nohome.conf

@@ -0,0 +1,7 @@
+[nginx-nohome]
+
+enabled  = true
+port     = http,https
+filter   = apache-nohome
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-noscript.conf

@@ -0,0 +1,7 @@
+[nginx-noscript]
+
+enabled  = true
+port     = http,https
+filter   = apache-noscript
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-req-limit.conf

@@ -0,0 +1,10 @@
+# dos 
+
+[nginx-req-limit]
+
+enabled  = true
+filter   = nginx-req-limit
+logpath  = /var/log/nginx/*error.log
+findtime = 600
+bantime  = 7200
+maxretry = 10

resources/fail2ban/jail.d/woocommerce.conf

@@ -0,0 +1,9 @@
+# 
+
+[woocommerce]
+
+enabled  = true
+port     = http,https
+filter   = woocommerce-auth
+logpath  = /var/log/nginx/*access.log
+maxretry = 3

resources/fail2ban/jail.d/wordpress.conf

@@ -0,0 +1,7 @@
+[wordpress]
+
+enabled  = true
+port     = http,https
+filter   = wordpress-auth
+logpath  = /var/log/nginx/*access.log
+maxretry = 3