From e42486d012f992f087fe1c193829b3b94df6ed51 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 25 Feb 2016 14:46:12 +0000 Subject: [PATCH] Current state --- aliases | 49 + aliases.db | Bin 0 -> 12288 bytes alternatives/Mail | 1 + alternatives/Mail.1.gz | 1 + alternatives/figlet | 1 + alternatives/figlet.6.gz | 1 + alternatives/mail | 1 + alternatives/mail.1.gz | 1 + alternatives/mailx | 1 + alternatives/mailx.1.gz | 1 + apm/event.d/01chrony | 17 + apt/SALTSTACK-GPG-KEY.pub | 31 + apt/apt.conf.d/01autoremove-kernels | 11 + apt/sources.list.d/salt.list | 1 + apt/trusted.gpg | Bin 0 -> 1209 bytes apticron/apticron.conf | 100 ++ bash_completion.d/fail2ban | 149 +++ bash_completion.d/isoquery | 45 + chrony/chrony.conf | 95 ++ chrony/chrony.keys | 1 + colordiffrc | 29 + cron.d/apticron | 3 + default/fail2ban | 39 + default/haveged | 5 + default/rsync | 41 + dhcp/dhclient-enter-hooks.d/nodnsupdate | 6 + fail2ban/action.d/apf.conf | 25 + fail2ban/action.d/badips.conf | 19 + fail2ban/action.d/blocklist_de.conf | 86 ++ fail2ban/action.d/bsd-ipfw.conf | 83 ++ fail2ban/action.d/complain.conf | 94 ++ fail2ban/action.d/dshield.conf | 204 ++++ fail2ban/action.d/dummy.conf | 47 + fail2ban/action.d/firewallcmd-ipset.conf | 67 ++ fail2ban/action.d/firewallcmd-new.conf | 72 ++ fail2ban/action.d/hostsdeny.conf | 57 ++ fail2ban/action.d/ipfilter.conf | 58 ++ fail2ban/action.d/ipfw.conf | 68 ++ fail2ban/action.d/iptables-allports.conf | 70 ++ fail2ban/action.d/iptables-blocktype.conf | 22 + fail2ban/action.d/iptables-ipset-proto4.conf | 73 ++ .../iptables-ipset-proto6-allports.conf | 64 ++ fail2ban/action.d/iptables-ipset-proto6.conf | 76 ++ fail2ban/action.d/iptables-multiport-log.conf | 83 ++ fail2ban/action.d/iptables-multiport.conf | 73 ++ fail2ban/action.d/iptables-new.conf | 76 ++ .../action.d/iptables-xt_recent-echo.conf | 77 ++ fail2ban/action.d/iptables.conf | 73 ++ fail2ban/action.d/mail-buffered.conf | 83 ++ fail2ban/action.d/mail-whois-lines.conf | 69 ++ fail2ban/action.d/mail-whois.conf | 64 ++ fail2ban/action.d/mail.conf | 62 ++ fail2ban/action.d/mynetwatchman.conf | 139 +++ fail2ban/action.d/osx-afctl.conf | 16 + fail2ban/action.d/osx-ipfw.conf | 87 ++ fail2ban/action.d/pf.conf | 62 ++ fail2ban/action.d/route.conf | 26 + fail2ban/action.d/sendmail-buffered.conf | 96 ++ fail2ban/action.d/sendmail-common.conf | 25 + fail2ban/action.d/sendmail-whois-lines.conf | 82 ++ fail2ban/action.d/sendmail-whois.conf | 78 ++ fail2ban/action.d/sendmail.conf | 76 ++ fail2ban/action.d/shorewall.conf | 57 ++ fail2ban/action.d/ufw.conf | 40 + fail2ban/fail2ban.conf | 50 + fail2ban/filter.d/3proxy.conf | 18 + fail2ban/filter.d/apache-auth.conf | 56 ++ fail2ban/filter.d/apache-badbots.conf | 21 + fail2ban/filter.d/apache-common.conf | 21 + fail2ban/filter.d/apache-modsecurity.conf | 18 + fail2ban/filter.d/apache-nohome.conf | 20 + fail2ban/filter.d/apache-noscript.conf | 24 + fail2ban/filter.d/apache-overflows.conf | 36 + fail2ban/filter.d/assp.conf | 24 + fail2ban/filter.d/asterisk.conf | 39 + fail2ban/filter.d/common.conf | 56 ++ fail2ban/filter.d/courierlogin.conf | 19 + fail2ban/filter.d/couriersmtp.conf | 19 + fail2ban/filter.d/cyrus-imap.conf | 20 + fail2ban/filter.d/dovecot.conf | 25 + fail2ban/filter.d/dropbear.conf | 48 + fail2ban/filter.d/ejabberd-auth.conf | 19 + fail2ban/filter.d/exim-common.conf | 18 + fail2ban/filter.d/exim-spam.conf | 24 + fail2ban/filter.d/exim.conf | 32 + fail2ban/filter.d/freeswitch.conf | 23 + fail2ban/filter.d/groupoffice.conf | 14 + fail2ban/filter.d/gssftpd.conf | 18 + fail2ban/filter.d/horde.conf | 16 + fail2ban/filter.d/lighttpd-auth.conf | 10 + fail2ban/filter.d/mysqld-auth.conf | 32 + fail2ban/filter.d/nagios.conf | 17 + fail2ban/filter.d/named-refused.conf | 48 + fail2ban/filter.d/nginx-http-auth.conf | 15 + fail2ban/filter.d/nsd.conf | 26 + fail2ban/filter.d/openwebmail.conf | 15 + fail2ban/filter.d/pam-generic.conf | 29 + fail2ban/filter.d/perdition.conf | 18 + fail2ban/filter.d/php-url-fopen.conf | 20 + fail2ban/filter.d/postfix-sasl.conf | 14 + fail2ban/filter.d/postfix.conf | 22 + fail2ban/filter.d/proftpd.conf | 24 + fail2ban/filter.d/pure-ftpd.conf | 30 + fail2ban/filter.d/qmail.conf | 31 + fail2ban/filter.d/recidive.conf | 32 + fail2ban/filter.d/roundcube-auth.conf | 29 + fail2ban/filter.d/selinux-common.conf | 21 + fail2ban/filter.d/selinux-ssh.conf | 25 + fail2ban/filter.d/sendmail-auth.conf | 18 + fail2ban/filter.d/sendmail-reject.conf | 34 + fail2ban/filter.d/sieve.conf | 18 + fail2ban/filter.d/sogo-auth.conf | 17 + fail2ban/filter.d/solid-pop3d.conf | 32 + fail2ban/filter.d/squid.conf | 13 + fail2ban/filter.d/sshd-ddos.conf | 25 + fail2ban/filter.d/sshd.conf | 37 + fail2ban/filter.d/suhosin.conf | 28 + fail2ban/filter.d/uwimap-auth.conf | 17 + fail2ban/filter.d/vsftpd.conf | 22 + fail2ban/filter.d/webmin-auth.conf | 22 + fail2ban/filter.d/wuftpd.conf | 22 + fail2ban/filter.d/xinetd-fail.conf | 27 + fail2ban/jail.conf | 556 +++++++++++ group | 3 + group- | 2 + gshadow | 3 + gshadow- | 2 + hosts | 2 +- init.d/chrony | 103 +++ init.d/fail2ban | 244 +++++ init.d/haveged | 100 ++ init.d/postfix | 269 ++++++ init.d/rsync | 152 +++ insserv.conf.d/postfix | 1 + logcheck/ignore.d.server/libsasl2-modules | 1 + logrotate.conf | 11 +- logrotate.d/chrony | 17 + logrotate.d/fail2ban | 17 + logrotate.d/rsyslog | 30 +- mailname | 1 + motd.tail | 6 + nail.rc | 66 ++ network/if-down.d/postfix | 34 + network/if-up.d/postfix | 43 + passwd | 1 + passwd- | 1 + pkgs-ns2.txt | 241 +++++ postfix/dynamicmaps.cf | 7 + postfix/main.cf | 57 ++ postfix/master.cf | 124 +++ postfix/mkpostfixcert | 40 + postfix/post-install | 869 ++++++++++++++++++ postfix/postfix-cert.cnf | 23 + postfix/postfix-files | 442 +++++++++ postfix/postfix-script | 380 ++++++++ postfix/postfix.pem | 38 + postfix/smtp_auth | 2 + postfix/smtp_auth.db | Bin 0 -> 12288 bytes ppp/ip-down.d/chrony | 18 + ppp/ip-down.d/postfix | 34 + ppp/ip-up.d/chrony | 17 + ppp/ip-up.d/postfix | 43 + rc0.d/K01chrony | 1 + rc0.d/K01fail2ban | 1 + rc0.d/K01haveged | 1 + rc0.d/K01postfix | 1 + rc0.d/{K01sendsigs => K02sendsigs} | 0 rc0.d/{K02rsyslog => K03rsyslog} | 0 rc0.d/{K03hwclock.sh => K04hwclock.sh} | 0 rc0.d/{K03umountnfs.sh => K04umountnfs.sh} | 0 rc0.d/{K04networking => K05networking} | 0 rc0.d/{K05umountfs => K06umountfs} | 0 rc0.d/{K06umountroot => K07umountroot} | 0 rc0.d/{K07halt => K08halt} | 0 rc1.d/K01chrony | 1 + rc1.d/K01fail2ban | 1 + rc1.d/K01haveged | 1 + rc1.d/K01postfix | 1 + rc1.d/{K02rsyslog => K03rsyslog} | 0 rc2.d/S02chrony | 1 + rc2.d/S02fail2ban | 1 + rc2.d/S02haveged | 1 + rc2.d/S02postfix | 1 + rc2.d/S02rsync | 1 + rc3.d/S02chrony | 1 + rc3.d/S02fail2ban | 1 + rc3.d/S02haveged | 1 + rc3.d/S02postfix | 1 + rc3.d/S02rsync | 1 + rc4.d/S02chrony | 1 + rc4.d/S02fail2ban | 1 + rc4.d/S02haveged | 1 + rc4.d/S02postfix | 1 + rc4.d/S02rsync | 1 + rc5.d/S02chrony | 1 + rc5.d/S02fail2ban | 1 + rc5.d/S02haveged | 1 + rc5.d/S02postfix | 1 + rc5.d/S02rsync | 1 + rc6.d/K01chrony | 1 + rc6.d/K01fail2ban | 1 + rc6.d/K01haveged | 1 + rc6.d/K01postfix | 1 + rc6.d/{K01sendsigs => K02sendsigs} | 0 rc6.d/{K02rsyslog => K03rsyslog} | 0 rc6.d/{K03hwclock.sh => K04hwclock.sh} | 0 rc6.d/{K03umountnfs.sh => K04umountnfs.sh} | 0 rc6.d/{K04networking => K05networking} | 0 rc6.d/{K05umountfs => K06umountfs} | 0 rc6.d/{K06umountroot => K07umountroot} | 0 rc6.d/{K07reboot => K08reboot} | 0 resolv.conf | 2 + resolvconf/update-libc.d/postfix | 13 + rsyslog.conf | 63 +- rsyslog.d/60-default.conf | 36 + rsyslog.d/70-pb.conf | 31 + rsyslog.d/postfix.conf | 4 + shadow | 1 + shadow- | 3 +- ssl/certs/ce4d7a3d | 1 + ssl/certs/ssl-cert-snakeoil.pem | 17 + ssl/private/ssl-cert-snakeoil.key | 28 + subgid | 1 + subgid- | 1 + subuid | 1 + subuid- | 1 + .../default.target.wants/haveged.service | 1 + ufw/applications.d/postfix | 14 + 228 files changed, 8946 insertions(+), 31 deletions(-) create mode 100644 aliases create mode 100644 aliases.db create mode 120000 alternatives/Mail create mode 120000 alternatives/Mail.1.gz create mode 120000 alternatives/figlet create mode 120000 alternatives/figlet.6.gz create mode 120000 alternatives/mail create mode 120000 alternatives/mail.1.gz create mode 120000 alternatives/mailx create mode 120000 alternatives/mailx.1.gz create mode 100755 apm/event.d/01chrony create mode 100644 apt/SALTSTACK-GPG-KEY.pub create mode 100644 apt/sources.list.d/salt.list create mode 100644 apt/trusted.gpg create mode 100644 apticron/apticron.conf create mode 100644 bash_completion.d/fail2ban create mode 100644 bash_completion.d/isoquery create mode 100644 chrony/chrony.conf create mode 100644 chrony/chrony.keys create mode 100644 colordiffrc create mode 100644 cron.d/apticron create mode 100644 default/fail2ban create mode 100644 default/haveged create mode 100644 default/rsync create mode 100644 dhcp/dhclient-enter-hooks.d/nodnsupdate create mode 100644 fail2ban/action.d/apf.conf create mode 100644 fail2ban/action.d/badips.conf create mode 100644 fail2ban/action.d/blocklist_de.conf create mode 100644 fail2ban/action.d/bsd-ipfw.conf create mode 100644 fail2ban/action.d/complain.conf create mode 100644 fail2ban/action.d/dshield.conf create mode 100644 fail2ban/action.d/dummy.conf create mode 100644 fail2ban/action.d/firewallcmd-ipset.conf create mode 100644 fail2ban/action.d/firewallcmd-new.conf create mode 100644 fail2ban/action.d/hostsdeny.conf create mode 100644 fail2ban/action.d/ipfilter.conf create mode 100644 fail2ban/action.d/ipfw.conf create mode 100644 fail2ban/action.d/iptables-allports.conf create mode 100644 fail2ban/action.d/iptables-blocktype.conf create mode 100644 fail2ban/action.d/iptables-ipset-proto4.conf create mode 100644 fail2ban/action.d/iptables-ipset-proto6-allports.conf create mode 100644 fail2ban/action.d/iptables-ipset-proto6.conf create mode 100644 fail2ban/action.d/iptables-multiport-log.conf create mode 100644 fail2ban/action.d/iptables-multiport.conf create mode 100644 fail2ban/action.d/iptables-new.conf create mode 100644 fail2ban/action.d/iptables-xt_recent-echo.conf create mode 100644 fail2ban/action.d/iptables.conf create mode 100644 fail2ban/action.d/mail-buffered.conf create mode 100644 fail2ban/action.d/mail-whois-lines.conf create mode 100644 fail2ban/action.d/mail-whois.conf create mode 100644 fail2ban/action.d/mail.conf create mode 100644 fail2ban/action.d/mynetwatchman.conf create mode 100644 fail2ban/action.d/osx-afctl.conf create mode 100644 fail2ban/action.d/osx-ipfw.conf create mode 100644 fail2ban/action.d/pf.conf create mode 100644 fail2ban/action.d/route.conf create mode 100644 fail2ban/action.d/sendmail-buffered.conf create mode 100644 fail2ban/action.d/sendmail-common.conf create mode 100644 fail2ban/action.d/sendmail-whois-lines.conf create mode 100644 fail2ban/action.d/sendmail-whois.conf create mode 100644 fail2ban/action.d/sendmail.conf create mode 100644 fail2ban/action.d/shorewall.conf create mode 100644 fail2ban/action.d/ufw.conf create mode 100644 fail2ban/fail2ban.conf create mode 100644 fail2ban/filter.d/3proxy.conf create mode 100644 fail2ban/filter.d/apache-auth.conf create mode 100644 fail2ban/filter.d/apache-badbots.conf create mode 100644 fail2ban/filter.d/apache-common.conf create mode 100644 fail2ban/filter.d/apache-modsecurity.conf create mode 100644 fail2ban/filter.d/apache-nohome.conf create mode 100644 fail2ban/filter.d/apache-noscript.conf create mode 100644 fail2ban/filter.d/apache-overflows.conf create mode 100644 fail2ban/filter.d/assp.conf create mode 100644 fail2ban/filter.d/asterisk.conf create mode 100644 fail2ban/filter.d/common.conf create mode 100644 fail2ban/filter.d/courierlogin.conf create mode 100644 fail2ban/filter.d/couriersmtp.conf create mode 100644 fail2ban/filter.d/cyrus-imap.conf create mode 100644 fail2ban/filter.d/dovecot.conf create mode 100644 fail2ban/filter.d/dropbear.conf create mode 100644 fail2ban/filter.d/ejabberd-auth.conf create mode 100644 fail2ban/filter.d/exim-common.conf create mode 100644 fail2ban/filter.d/exim-spam.conf create mode 100644 fail2ban/filter.d/exim.conf create mode 100644 fail2ban/filter.d/freeswitch.conf create mode 100644 fail2ban/filter.d/groupoffice.conf create mode 100644 fail2ban/filter.d/gssftpd.conf create mode 100644 fail2ban/filter.d/horde.conf create mode 100644 fail2ban/filter.d/lighttpd-auth.conf create mode 100644 fail2ban/filter.d/mysqld-auth.conf create mode 100644 fail2ban/filter.d/nagios.conf create mode 100644 fail2ban/filter.d/named-refused.conf create mode 100644 fail2ban/filter.d/nginx-http-auth.conf create mode 100644 fail2ban/filter.d/nsd.conf create mode 100644 fail2ban/filter.d/openwebmail.conf create mode 100644 fail2ban/filter.d/pam-generic.conf create mode 100644 fail2ban/filter.d/perdition.conf create mode 100644 fail2ban/filter.d/php-url-fopen.conf create mode 100644 fail2ban/filter.d/postfix-sasl.conf create mode 100644 fail2ban/filter.d/postfix.conf create mode 100644 fail2ban/filter.d/proftpd.conf create mode 100644 fail2ban/filter.d/pure-ftpd.conf create mode 100644 fail2ban/filter.d/qmail.conf create mode 100644 fail2ban/filter.d/recidive.conf create mode 100644 fail2ban/filter.d/roundcube-auth.conf create mode 100644 fail2ban/filter.d/selinux-common.conf create mode 100644 fail2ban/filter.d/selinux-ssh.conf create mode 100644 fail2ban/filter.d/sendmail-auth.conf create mode 100644 fail2ban/filter.d/sendmail-reject.conf create mode 100644 fail2ban/filter.d/sieve.conf create mode 100644 fail2ban/filter.d/sogo-auth.conf create mode 100644 fail2ban/filter.d/solid-pop3d.conf create mode 100644 fail2ban/filter.d/squid.conf create mode 100644 fail2ban/filter.d/sshd-ddos.conf create mode 100644 fail2ban/filter.d/sshd.conf create mode 100644 fail2ban/filter.d/suhosin.conf create mode 100644 fail2ban/filter.d/uwimap-auth.conf create mode 100644 fail2ban/filter.d/vsftpd.conf create mode 100644 fail2ban/filter.d/webmin-auth.conf create mode 100644 fail2ban/filter.d/wuftpd.conf create mode 100644 fail2ban/filter.d/xinetd-fail.conf create mode 100644 fail2ban/jail.conf create mode 100755 init.d/chrony create mode 100755 init.d/fail2ban create mode 100755 init.d/haveged create mode 100755 init.d/postfix create mode 100755 init.d/rsync create mode 100644 insserv.conf.d/postfix create mode 100755 logcheck/ignore.d.server/libsasl2-modules create mode 100644 logrotate.d/chrony create mode 100644 logrotate.d/fail2ban create mode 100644 mailname create mode 100644 motd.tail create mode 100644 nail.rc create mode 100755 network/if-down.d/postfix create mode 100755 network/if-up.d/postfix create mode 100644 pkgs-ns2.txt create mode 100644 postfix/dynamicmaps.cf create mode 100644 postfix/main.cf create mode 100644 postfix/master.cf create mode 100755 postfix/mkpostfixcert create mode 100755 postfix/post-install create mode 100644 postfix/postfix-cert.cnf create mode 100644 postfix/postfix-files create mode 100755 postfix/postfix-script create mode 100644 postfix/postfix.pem create mode 100644 postfix/smtp_auth create mode 100644 postfix/smtp_auth.db create mode 100755 ppp/ip-down.d/chrony create mode 100755 ppp/ip-down.d/postfix create mode 100755 ppp/ip-up.d/chrony create mode 100755 ppp/ip-up.d/postfix create mode 120000 rc0.d/K01chrony create mode 120000 rc0.d/K01fail2ban create mode 120000 rc0.d/K01haveged create mode 120000 rc0.d/K01postfix rename rc0.d/{K01sendsigs => K02sendsigs} (100%) rename rc0.d/{K02rsyslog => K03rsyslog} (100%) rename rc0.d/{K03hwclock.sh => K04hwclock.sh} (100%) rename rc0.d/{K03umountnfs.sh => K04umountnfs.sh} (100%) rename rc0.d/{K04networking => K05networking} (100%) rename rc0.d/{K05umountfs => K06umountfs} (100%) rename rc0.d/{K06umountroot => K07umountroot} (100%) rename rc0.d/{K07halt => K08halt} (100%) create mode 120000 rc1.d/K01chrony create mode 120000 rc1.d/K01fail2ban create mode 120000 rc1.d/K01haveged create mode 120000 rc1.d/K01postfix rename rc1.d/{K02rsyslog => K03rsyslog} (100%) create mode 120000 rc2.d/S02chrony create mode 120000 rc2.d/S02fail2ban create mode 120000 rc2.d/S02haveged create mode 120000 rc2.d/S02postfix create mode 120000 rc2.d/S02rsync create mode 120000 rc3.d/S02chrony create mode 120000 rc3.d/S02fail2ban create mode 120000 rc3.d/S02haveged create mode 120000 rc3.d/S02postfix create mode 120000 rc3.d/S02rsync create mode 120000 rc4.d/S02chrony create mode 120000 rc4.d/S02fail2ban create mode 120000 rc4.d/S02haveged create mode 120000 rc4.d/S02postfix create mode 120000 rc4.d/S02rsync create mode 120000 rc5.d/S02chrony create mode 120000 rc5.d/S02fail2ban create mode 120000 rc5.d/S02haveged create mode 120000 rc5.d/S02postfix create mode 120000 rc5.d/S02rsync create mode 120000 rc6.d/K01chrony create mode 120000 rc6.d/K01fail2ban create mode 120000 rc6.d/K01haveged create mode 120000 rc6.d/K01postfix rename rc6.d/{K01sendsigs => K02sendsigs} (100%) rename rc6.d/{K02rsyslog => K03rsyslog} (100%) rename rc6.d/{K03hwclock.sh => K04hwclock.sh} (100%) rename rc6.d/{K03umountnfs.sh => K04umountnfs.sh} (100%) rename rc6.d/{K04networking => K05networking} (100%) rename rc6.d/{K05umountfs => K06umountfs} (100%) rename rc6.d/{K06umountroot => K07umountroot} (100%) rename rc6.d/{K07reboot => K08reboot} (100%) create mode 100755 resolvconf/update-libc.d/postfix create mode 100644 rsyslog.d/60-default.conf create mode 100644 rsyslog.d/70-pb.conf create mode 100644 rsyslog.d/postfix.conf create mode 120000 ssl/certs/ce4d7a3d create mode 100644 ssl/certs/ssl-cert-snakeoil.pem create mode 100644 ssl/private/ssl-cert-snakeoil.key create mode 120000 systemd/system/default.target.wants/haveged.service create mode 100644 ufw/applications.d/postfix diff --git a/aliases b/aliases new file mode 100644 index 0000000..a0f99a5 --- /dev/null +++ b/aliases @@ -0,0 +1,49 @@ +# See man 5 aliases for format +MAILER-DAEMON: postmaster +postmaster: root +root: frank + +# General redirections for pseudo accounts. +adm: root +bin: root +daemon: root +exim: root +lp: root +mail: root +named: root +nobody: root +postfix: root + +# Well-known aliases -- these should be filled in! +# root: +# operator: + +# Standard RFC2142 aliases +abuse: postmaster +ftp: root +hostmaster: root +news: usenet +noc: root +security: root +usenet: root +uucp: root +webmaster: root +www: webmaster + +# trap decode to catch security attacks +# decode: /dev/null + +# Persönliche Aliase + +# Frank Brehm +frank: frank@brehm-online.com +fbr: frank +brehm: frank +fbrehm: frank +f.brehm: frank +f-brehm: frank +frank.brehm: frank +frank-brehm: frank + + + diff --git a/aliases.db b/aliases.db new file mode 100644 index 0000000000000000000000000000000000000000..20cbdfe2edd307047cca31095043f8060c61e8ca GIT binary patch literal 12288 zcmeI2J!lj`7=~vp`~fqs2#SS`orrfNF|n{pAg4q;6@LmXJa_NrxW(Juus>`>8xcg% z6jpZHr4X#r7!Yitg$kmTHX?SZQl;?+oY}oO@6N``Lf+wacJ_O}`PhBB@0}Au2uELL zxO=vW9cHmhU)#+>h%M!9XkM=BJwJrF^ZeD){lleXYS=m^azNL3ztp)h8ZWaslK=^j z011!)36KB@kN^pg011!)3H)mUqdoc|u_DFTPkh5VKI0wUU=7c(f~Q!2 zM1}xuG;jjPa0FEx#D46>ZtTQ1IM|dMa$SCvALR%6TCT}esjG63011!)36KB@kN^pg z011!)36Q|w5^&-uN`;dvFL0Ao#iAF;5)~>flyah)S?s6Rh0~7R@R|*m;zE?9!<)mX zX;ZojcGdYKt(|JISFpHMy;yaEUTmg#s6=7c4^_1p+4%1*gV{Rj>6f?FY^CxITdoSC zu&?&^m73eqg$F;u_4Kz3Crl=tOJ^JP+4C1_=NhMH>osR$YWnEZ_~gX+v{6oJrBOdK zH-CJ-Hs{O;{WHV#|AXiJ`@~6zvG3T#hIRnH;1k~BC0<|^Pw=Sd|L@^8Zs`8MtNZ_} zxQvU?JBH5x&3_1Z{$JqbL;@s00wh2JBtQZrKmsH{0wnNX5g0Ti@;tX5LY6iAeuC-Q z+y0`J!pMtS+Muw;MX2(muepJ04R`s0>vvULvCcs01(;ypB`B-ONCC&x@1Q{|^keOD76sFT#2LTv{Zn+0%Lx{~Vu z%Z1AU6aUg4ceuC^iu_^mWOz{KJo$(1?^)$|g8Wk5d%C|;B_fi;!AoqBJwv)@@|}t2 zW@VEZ&XQvy1zj`AF4^c zviy!foRI2Grg$~*5|;oG0RRECGE-q}bW?O;V{0H#VPk7yXK8L{AXH^xZ6G{wVPk7y zXK8L{KyzVibaQlJV{0yBZ*4w_0XPH`0RjLb1p-s4zL)|V0|pBT2nPcK1{DYb2?`4Y z76JnS0v-VZ7k~f?2@nnlp-J9XzrGnN2mKIRF$-n>9rLw-r#dApZ?mStO19tbd2;nz zQh@A|3x#lXyDQZ>8+^DAMUG)K^LjPNPP)J>n(bd9jM?^QJ8Ft ze)&`EaXd%I3S$gxLkC~qiG8S?u2K@4qu_^#Je5TL;>`mFa(#aT05JMgR zO~54pZZhn8+StJS+%H4dsx|`f^w_Kv(a~Dd_>K?`vdC}MWxmY(?%s^(JLyXvEL0;t z->Dfl@~;r~gHhj7udYOmtX9C>KRvJl00X%J4FprEzL)_B0Lkyzhu1(K0s2z}L@;Zs z^H7b%mfD;3rgX)&Rqk83!zC9Xl{`wRtKDdVwI(2mBA}HSkL${5AkalzI*X% z%Y>{qQu)c6T53U{%ED!Kv$HIrnjj0TBpgq6kYmQ!X{ba!z%Dt0yxl}T!Yn{(@TJA< zMwS%{g}Zxc*5d^q?1=?u-ZD5Tl&htyd15#=2oZ2lxd0IX00D^s9|RZy0ssjG0#m8J zm;xIN0162Z4hW%1-dDfAKQ;&e)5!#M86sJ131vn^%eM+yXCRJrZa8;%toM`p^cy*0 zuInBf#^qo2q~c;n`(`yo+EeHEu@^W&g;@4pWwH3Z)I}fI%(VZjth;*qcRi0oJV=6A zz!LTNBWVyX!MJ$;MX%hNak*sJSb4d->KO;ATn7rt;(ytU-DCNx9BU0_;W8bbVZ-|G!uF={np< XgN4rGM=pVvpH^-}MfFlJumS)Btj90! literal 0 HcmV?d00001 diff --git a/apticron/apticron.conf b/apticron/apticron.conf new file mode 100644 index 0000000..f6c2db9 --- /dev/null +++ b/apticron/apticron.conf @@ -0,0 +1,100 @@ +# apticron.conf +# +# set EMAIL to a space separated list of addresses which will be notified of +# impending updates +# +EMAIL="root" + +# +# Set DIFF_ONLY to "1" to only output the difference of the current run +# compared to the last run (ie. only new upgrades since the last run). If there +# are no differences, no output/email will be generated. By default, apticron +# will output everything that needs to be upgraded. +# +# DIFF_ONLY="1" + +# +# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges +# with the --profile option. You should add a corresponding profile to +# /etc/apt/listchanges.conf +# +# LISTCHANGES_PROFILE="apticron" + +# +# From hostname manpage: "Displays all FQDNs of the machine. This option +# enumerates all configured network addresses on all configured network inter‐ +# faces, and translates them to DNS domain names. Addresses that cannot be +# translated (i.e. because they do not have an appro‐ priate reverse DNS +# entry) are skipped. Note that different addresses may resolve to the same +# name, therefore the output may contain duplicate entries. Do not make any +# assumptions about the order of the output." +# +# ALL_FQDNS="1" + +# +# Set SYSTEM if you would like apticron to use something other than the output +# of "hostname -f" for the system name in the mails it generates. This option +# overrides the ALL_FQDNS above. +# +# SYSTEM="foobar.example.com" + +# +# Set IPADDRESSNUM if you would like to configure the maximal number of IP +# addresses apticron displays. The default is to display 1 address of each +# family type (inet, inet6), if available. +# +# IPADDRESSNUM="1" + +# +# Set IPADDRESSES to a whitespace separated list of reachable addresses for +# this system. By default, apticron will try to work these out using the +# "ip" command +# +# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" + +# +# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of +# packages on hold in your system. The default behavior is downloading and +# listing them as any other package. +# +# NOTIFY_HOLDS="0" + +# +# Set NOTIFY_NEW="0" if you don't want to be notified about packages which +# are not installed in your system. Yes, it's possible! There are some issues +# related to systems which have mixed stable/unstable sources. In these cases +# apt-get will consider for example that packages with "Priority: +# required"/"Essential: yes" in unstable but not in stable should be installed, +# so they will be listed in dist-upgrade output. Please take a look at +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44 +# +# NOTIFY_NEW="0" + +# +# Set NOTIFY_NO_UPDATES="0" if you don't want to be notified when there is no +# new versions. Set to 1 could assure you that apticron works well. +# +# NOTIFY_NO_UPDATES="0" + +# +# Set CUSTOM_SUBJECT if you want to replace the default subject used in +# the notification e-mails. This may help filtering/sorting client-side e-mail. +# If you want to use internal vars please use single quotes here. Ex: +# $CUSTOM_SUBJECT='[apticron] $SYSTEM: $NUM_PACKAGES package update(s)' +# +# CUSTOM_SUBJECT="" + +# Set CUSTOM_NO_UPDATES_SUBJECT if you want to replace the default subject used +# in the no update notification e-mails. This may help filtering/sorting +# client-side e-mail. +# If you want to use internal vars please use single quotes here. Ex: +# $CUSTOM_NO_UPDATES_SUBJECT='[apticron] $SYSTEM: no updates' +# +# CUSTOM_NO_UPDATES_SUBJECT="" + +# +# Set CUSTOM_FROM if you want to replace the default sender by changing the +# 'From:' field used in the notification e-mails. Your default sender will +# be something like root@ns2. +# +# CUSTOM_FROM="" diff --git a/bash_completion.d/fail2ban b/bash_completion.d/fail2ban new file mode 100644 index 0000000..7a42bd1 --- /dev/null +++ b/bash_completion.d/fail2ban @@ -0,0 +1,149 @@ +# fail2ban bash-completion -*- shell-script -*- +# +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +__fail2ban_jails () { + "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g' +} + +_fail2ban () { + local cur prev words cword + _init_completion || return + + case $prev in + -V|--version|-h|--help) + return 0 # No further completion valid + ;; + -c) + _filedir -d # Directories + return 0 + ;; + -s|-p) + _filedir # Files + return 0 + ;; + *) + if [[ "$cur" == "-"* ]];then + COMPREPLY=( $( compgen -W \ + "$( _parse_help "$1" --help 2>/dev/null) -V" \ + -- "$cur") ) + return 0 + fi + ;; + esac + + if [[ "$1" == *"fail2ban-regex" ]];then + _filedir + return 0 + elif [[ "$1" == *"fail2ban-client" ]];then + local cmd jail + case $prev in + "$1") + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ [a-z]+/{print $1}')" \ + -- "$cur") ) + return 0 + ;; + start|reload|stop|status) + COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) ) + return 0 + ;; + set|get) + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ '$prev' [^<]/{print $2}')" \ + -- "$cur") ) + COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) ) + return 0 + ;; + *) + if [[ "${words[$cword-2]}" == "add" ]];then + COMPREPLY=( $( compgen -W "auto polling gamin pyinotify" -- "$cur" ) ) + return 0 + elif [[ "${words[$cword-2]}" == "set" || "${words[$cword-2]}" == "get" ]];then + cmd="${words[cword-2]}" + # Handle in section below + elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then + cmd="${words[$cword-3]}" + jail="${words[$cword-2]}" + # Handle in section below + fi + ;; + esac + + if [[ -z "$jail" && -n "$cmd" ]];then + case $prev in + loglevel) + if [[ "$cmd" == "set" ]];then + COMPREPLY=( $( compgen -W "0 1 2 3 4" -- "$cur" ) ) + fi + return 0 + ;; + logtarget) + if [[ "$cmd" == "set" ]];then + COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG" -- "$cur" ) ) + _filedir # And files + fi + return 0 + ;; + *) # Jail name + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ '${cmd}' /{print $3}')" \ + -- "$cur") ) + return 0 + ;; + esac + elif [[ -n "$jail" && "$cmd" == "set" ]];then + case $prev in + addlogpath) + _filedir + return 0 + ;; + dellogpath|delignoreip) + COMPREPLY=( $( compgen -W \ + "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \ + -- "$cur" ) ) + if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then + _filedir + fi + return 0 + ;; + delfailregex|delignoregex) + COMPREPLY=( $( compgen -W \ + "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \ + -- "$cur" ) ) + return 0 + ;; + unbanip) + COMPREPLY=( $( compgen -W \ + "$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \ + -- "$cur" ) ) + return 0 + ;; + idle) + COMPREPLY=( $( compgen -W "on off" -- "$cur" ) ) + return 0 + ;; + usedns) + COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) ) + return 0 + ;; + esac + fi + + fi # fail2ban-client +} && +complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex diff --git a/bash_completion.d/isoquery b/bash_completion.d/isoquery new file mode 100644 index 0000000..c27ed05 --- /dev/null +++ b/bash_completion.d/isoquery @@ -0,0 +1,45 @@ +# /etc/bash_completion.d/isoquery +# Programmable Bash command completion for the ‘isoquery’ command. + +shopt -s progcomp + +_isoquery_completion () { + local cur prev opts + + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + + opts="-h --help -v --version" + opts="${opts} -i --iso -x --xmlfile -l --locale -0 --null" + opts="${opts} -n --name -o --official_name -c --common_name" + + case "${prev}" in + -i|--iso) + local standards=(639 639-3 639-5 3166 3166-2 4217 15924) + COMPREPLY=( $(compgen -W "${standards[*]}" -- ${cur}) ) + ;; + + -x|--xmlfile) + COMPREPLY=( $(compgen -A file -- ${cur}) ) + ;; + + -l|--locale) + local locale_names=$(locale --all-locales) + COMPREPLY=( $(compgen -W "${locale_names}" -- ${cur}) ) + ;; + + *) + COMPREPLY=($(compgen -W "${opts}" -- ${cur})) + ;; + esac +} + +complete -F _isoquery_completion isoquery + + +# Local variables: +# coding: utf-8 +# mode: shell-script +# End: +# vim: fileencoding=utf-8 filetype=bash : diff --git a/chrony/chrony.conf b/chrony/chrony.conf new file mode 100644 index 0000000..50d0c34 --- /dev/null +++ b/chrony/chrony.conf @@ -0,0 +1,95 @@ +# This the default chrony.conf file for the Debian chrony package. After +# editing this file use the command 'invoke-rc.d chrony restart' to make +# your changes take effect. John Hasler 1998-2008 + +# See www.pool.ntp.org for an explanation of these servers. Please +# consider joining the project if possible. If you can't or don't want to +# use these servers I suggest that you try your ISP's nameservers. We mark +# the servers 'offline' so that chronyd won't try to connect when the link +# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc +# commands to switch it on when a dialup link comes up and off when it goes +# down. Code in /etc/init.d/chrony attempts to determine whether or not +# the link is up at boot time and set the online status accordingly. If +# you have an always-on connection such as cable omit the 'offline' +# directive and chronyd will default to online. +# +# Note that if Chrony tries to go "online" and dns lookup of the servers +# fails they will be discarded. Thus under some circumstances it is +# better to use IP numbers than host names. + +server 0.debian.pool.ntp.org offline minpoll 8 +server 1.debian.pool.ntp.org offline minpoll 8 +server 2.debian.pool.ntp.org offline minpoll 8 +server 3.debian.pool.ntp.org offline minpoll 8 + + +# Look here for the admin password needed for chronyc. The initial +# password is generated by a random process at install time. You may +# change it if you wish. + +keyfile /etc/chrony/chrony.keys + +# Set runtime command key. Note that if you change the key (not the +# password) to anything other than 1 you will need to edit +# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony +# and /etc/cron.weekly/chrony as these scripts use it to get the password. + +commandkey 1 + +# I moved the driftfile to /var/lib/chrony to comply with the Debian +# filesystem standard. + +driftfile /var/lib/chrony/chrony.drift + +# Comment this line out to turn off logging. + +log tracking measurements statistics +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. + +maxupdateskew 100.0 + +# Dump measurements when daemon exits. + +dumponexit + +# Specify directory for dumping measurements. + +dumpdir /var/lib/chrony + +# Let computer be a server when it is unsynchronised. + +local stratum 10 + +# Allow computers on the unrouted nets to use the server. + +allow 10/8 +allow 192.168/16 +allow 172.16/12 + +# This directive forces `chronyd' to send a message to syslog if it +# makes a system clock adjustment larger than a threshold value in seconds. + +logchange 0.5 + +# This directive defines an email address to which mail should be sent +# if chronyd applies a correction exceeding a particular threshold to the +# system clock. + +# mailonchange root@localhost 0.5 + +# This directive tells chrony to regulate the real-time clock and tells it +# Where to store related data. It may not work on some newer motherboards +# that use the HPET real-time clock. It requires enhanced real-time +# support in the kernel. I've commented it out because with certain +# combinations of motherboard and kernel it is reported to cause lockups. + +# rtcfile /var/lib/chrony/chrony.rtc + +# If the last line of this file reads 'rtconutc' chrony will assume that +# the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent +# chrony will assume local time. The line (if any) was written by the +# chrony postinst based on what it found in /etc/default/rcS. You may +# change it if necessary. +# rtconutc diff --git a/chrony/chrony.keys b/chrony/chrony.keys new file mode 100644 index 0000000..e99f8aa --- /dev/null +++ b/chrony/chrony.keys @@ -0,0 +1 @@ +1 2DiH7BB# diff --git a/colordiffrc b/colordiffrc new file mode 100644 index 0000000..4bcb02d --- /dev/null +++ b/colordiffrc @@ -0,0 +1,29 @@ +# Example colordiffrc file for dark backgrounds +# +# Set banner=no to suppress authorship info at top of +# colordiff output +banner=no +# By default, when colordiff output is being redirected +# to a file, it detects this and does not colour-highlight +# To make the patch file *include* colours, change the option +# below to 'yes' +color_patches=no +# Sometimes it can be useful to specify which diff command to +# use: that can be specified here +diff_cmd=diff +# +# available colours are: white, yellow, green, blue, +# cyan, red, magenta, black, +# darkwhite, darkyellow, darkgreen, +# darkblue, darkcyan, darkred, +# darkmagenta, darkblack +# +# Can also specify 'none', 'normal' or 'off' which are all +# aliases for the same thing, namely "don't colour highlight +# this, use the default output colour" +# +plain=off +newtext=blue +oldtext=red +diffstuff=magenta +cvsstuff=green diff --git a/cron.d/apticron b/cron.d/apticron new file mode 100644 index 0000000..5c90274 --- /dev/null +++ b/cron.d/apticron @@ -0,0 +1,3 @@ +# cron entry for apticron + +28 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi diff --git a/default/fail2ban b/default/fail2ban new file mode 100644 index 0000000..35bb377 --- /dev/null +++ b/default/fail2ban @@ -0,0 +1,39 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Author: Cyril Jaquier +# +# $Revision$ + +# Command line options for Fail2Ban. Refer to "fail2ban-client -h" for +# valid options. +FAIL2BAN_OPTS="" + +# Run fail2ban as a different user. If not set, fail2ban +# will run as root. +# +# The user is not created automatically. +# The user can be created e.g. with +# useradd --system --no-create-home --home-dir / --groups adm fail2ban +# Log files are readable by group adm by default. Adding the fail2ban +# user to this group allows it to read the logfiles. +# +# Another manual step that needs to be taken is to allow write access +# for fail2ban user to fail2ban log files. The /etc/init.d/fail2ban +# script will change the ownership when starting fail2ban. Logrotate +# needs to be configured separately, see /etc/logrotate.d/fail2ban. +# +# FAIL2BAN_USER="fail2ban" diff --git a/default/haveged b/default/haveged new file mode 100644 index 0000000..77b6941 --- /dev/null +++ b/default/haveged @@ -0,0 +1,5 @@ +# Configuration file for haveged + +# Options to pass to haveged: +# -w sets low entropy watermark (in bits) +DAEMON_ARGS="-w 1024" diff --git a/default/rsync b/default/rsync new file mode 100644 index 0000000..13780c2 --- /dev/null +++ b/default/rsync @@ -0,0 +1,41 @@ +# defaults file for rsync daemon mode + +# start rsync in daemon mode from init.d script? +# only allowed values are "true", "false", and "inetd" +# Use "inetd" if you want to start the rsyncd from inetd, +# all this does is prevent the init.d script from printing a message +# about not starting rsyncd (you still need to modify inetd's config yourself). +RSYNC_ENABLE=false + +# which file should be used as the configuration file for rsync. +# This file is used instead of the default /etc/rsyncd.conf +# Warning: This option has no effect if the daemon is accessed +# using a remote shell. When using a different file for +# rsync you might want to symlink /etc/rsyncd.conf to +# that file. +# RSYNC_CONFIG_FILE= + +# what extra options to give rsync --daemon? +# that excludes the --daemon; that's always done in the init.d script +# Possibilities are: +# --address=123.45.67.89 (bind to a specific IP address) +# --port=8730 (bind to specified port; default 873) +RSYNC_OPTS='' + +# run rsyncd at a nice level? +# the rsync daemon can impact performance due to much I/O and CPU usage, +# so you may want to run it at a nicer priority than the default priority. +# Allowed values are 0 - 19 inclusive; 10 is a reasonable value. +RSYNC_NICE='' + +# run rsyncd with ionice? +# "ionice" does for IO load what "nice" does for CPU load. +# As rsync is often used for backups which aren't all that time-critical, +# reducing the rsync IO priority will benefit the rest of the system. +# See the manpage for ionice for allowed options. +# -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment +# the next line to activate this. +# RSYNC_IONICE='-c3' + +# Don't forget to create an appropriate config file, +# else the daemon will not start. diff --git a/dhcp/dhclient-enter-hooks.d/nodnsupdate b/dhcp/dhclient-enter-hooks.d/nodnsupdate new file mode 100644 index 0000000..9f5c98d --- /dev/null +++ b/dhcp/dhclient-enter-hooks.d/nodnsupdate @@ -0,0 +1,6 @@ +#!/bin/sh + +# Don't overwrite /etc/resolv.conf +make_resolv_conf() { + : +} diff --git a/fail2ban/action.d/apf.conf b/fail2ban/action.d/apf.conf new file mode 100644 index 0000000..5c4a261 --- /dev/null +++ b/fail2ban/action.d/apf.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# https://www.rfxn.com/projects/advanced-policy-firewall/ +# +# Note: APF doesn't play nicely with other actions. It has been observed to +# remove bans created by other iptables based actions. If you are going to use +# this action, use it for all of your jails. +# +# DON'T MIX APF and other IPTABLES based actions +[Definition] + +actionstart = +actionstop = +actioncheck = +actionban = apf --deny "banned by Fail2Ban " +actionunban = apf --remove + +[Init] + +# Name used in APF configuration +# +name = default + +# DEV NOTES: +# +# Author: Mark McKinstry diff --git a/fail2ban/action.d/badips.conf b/fail2ban/action.d/badips.conf new file mode 100644 index 0000000..4a5c0f9 --- /dev/null +++ b/fail2ban/action.d/badips.conf @@ -0,0 +1,19 @@ +# Fail2ban reporting to badips.com +# +# Note: This reports and IP only and does not actually ban traffic. Use +# another action in the same jail if you want bans to occur. +# +# Set the category to the appropriate value before use. +# +# To get see register and optional key to get personalised graphs see: +# http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key + +[Definition] + +actionban = curl --fail --user-agent "fail2ban v0.8.12" http://www.badips.com/add// + +[Init] + +# Option: category +# Notes.: Values are from the list here: http://www.badips.com/get/categories +category = diff --git a/fail2ban/action.d/blocklist_de.conf b/fail2ban/action.d/blocklist_de.conf new file mode 100644 index 0000000..d4170ca --- /dev/null +++ b/fail2ban/action.d/blocklist_de.conf @@ -0,0 +1,86 @@ +# Fail2Ban configuration file +# +# Author: Steven Hiscocks +# +# + +# Action to report IP address to blocklist.de +# Blocklist.de must be signed up to at www.blocklist.de +# Once registered, one or more servers can be added. +# This action requires the server 'email address' and the assoicate apikey. +# +# From blocklist.de: +# www.blocklist.de is a free and voluntary service provided by a +# Fraud/Abuse-specialist, whose servers are often attacked on SSH-, +# Mail-Login-, FTP-, Webserver- and other services. +# The mission is to report all attacks to the abuse deparments of the +# infected PCs/servers to ensure that the responsible provider can inform +# the customer about the infection and disable them +# +# IMPORTANT: +# +# Reporting an IP of abuse is a serious complaint. Make sure that it is +# serious. Fail2ban developers and network owners recommend you only use this +# action for: +# * The recidive where the IP has been banned multiple times +# * Where maxretry has been set quite high, beyond the normal user typing +# password incorrectly. +# * For filters that have a low likelyhood of receiving human errors +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = curl --fail --data-urlencode 'server=' --data 'apikey=' --data 'service=' --data 'ip=' --data-urlencode 'logs=' --data 'format=text' --user-agent "fail2ban v0.8.12" "https://www.blocklist.de/en/httpreports.html" + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] + +# Option: email +# Notes server email address, as per blocklise.de account +# Values: STRING Default: None +# +#email = + +# Option: apikey +# Notes your user blocklist.de user account apikey +# Values: STRING Default: None +# +#apikey = + +# Option: service +# Notes service name you are reporting on, typically aligns with filter name +# see http://www.blocklist.de/en/httpreports.html for full list +# Values: STRING Default: None +# +#service = diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf new file mode 100644 index 0000000..1285361 --- /dev/null +++ b/fail2ban/action.d/bsd-ipfw.conf @@ -0,0 +1,83 @@ +# Fail2Ban configuration file +# +# Author: Nick Munger +# Modified by: Ken Menzel +# Daniel Black (start/stop) +# Fabian Wenk (many ideas as per fail2ban users list) +# +# Ensure firewall_enable="YES" in the top of /etc/rc.conf +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = ipfw show | fgrep -q 'table()' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e
else exit b }'; num=$?; ipfw -q add $num from table\(
\) to me ; echo $num > "" ) + + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = [ ! -f ] || ( read num < ""
ipfw -q delete $num
rm "" ) + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +# requires an ipfw rule like "deny ip from table(1) to me" +actionban = ipfw table
add + + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = ipfw table
delete + +[Init] +# Option: table +# Notes: The ipfw table to use. If a ipfw rule using this table already exists, +# this action will not create a ipfw rule to block it and the following +# options will have no effect. +# Values: NUM +table = 1 + +# Option: port +# Notes.: Specifies port to monitor. Blank indicate block all ports. +# Values: [ NUM | STRING ] +# +port = + +# Option: startstatefile +# Notes: A file to indicate that the table rule that was added. Ensure it is unique per table. +# Values: STRING +startstatefile = /var/run/fail2ban/ipfw-started-table_
+ +# Option: block +# Notes: This is how much to block. +# Can be "ip", "tcp", "udp" or various other options. +# Values: STRING +block = ip + +# Option: blocktype +# Notes.: How to block the traffic. Use a action from man 5 ipfw +# Common values: deny, unreach port, reset +# ACTION defination at the top of man ipfw for allowed values. +# Values: STRING +# +blocktype = unreach port diff --git a/fail2ban/action.d/complain.conf b/fail2ban/action.d/complain.conf new file mode 100644 index 0000000..c017583 --- /dev/null +++ b/fail2ban/action.d/complain.conf @@ -0,0 +1,94 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom , Daniel Black +# Sends a complaint e-mail to addresses listed in the whois record for an +# offending IP address. +# This uses the https://abusix.com/contactdb.html to lookup abuse contacts. +# +# DEPENDANCIES: +# This requires the dig command from bind-utils +# +# You should provide the in the jail config - lines from the log +# matching the given IP address will be provided in the complaint as evidence. +# +# WARNING +# ------- +# +# Please do not use this action unless you are certain that fail2ban +# does not result in "false positives" for your deployment. False +# positive reports could serve a mis-favor to the original cause by +# flooding corresponding contact addresses, and complicating the work +# of administration personnel responsible for handling (verified) legit +# complains. +# +# Please consider using e.g. sendmail-whois-lines.conf action which +# would send the reports with relevant information to you, so the +# report could be first reviewed and then forwarded to a corresponding +# contact if legit. +# + + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = oifs=${IFS}; IFS=.;SEP_IP=( ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs} + IP= + if [ ! -z "$ADDRESSES" ]; then + (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep -E '(^|[^0-9])([^0-9]|$)' ) | "Abuse from " ${ADDRESSES//,/\" \"} + fi + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] +message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null + +# Option: mailcmd +# Notes.: Your system mail command. Is passed 2 args: subject and recipient +# Values: CMD +# +mailcmd = mail -s + +# Option: mailargs +# Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +# CC reports to another address: +# -c me@example.com +# Appear to come from a different address - the '--' indicates +# arguments to be passed to Sendmail: +# -- -f me@example.com +# Values: [ STRING ] +# +mailargs = + diff --git a/fail2ban/action.d/dshield.conf b/fail2ban/action.d/dshield.conf new file mode 100644 index 0000000..a004198 --- /dev/null +++ b/fail2ban/action.d/dshield.conf @@ -0,0 +1,204 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom +# Submits attack reports to DShield (http://www.dshield.org/) +# +# You MUST configure at least: +# (the port that's being attacked - use number not name). +# +# You SHOULD also provide: +# (your public IP address, if it's not the address of eth0) +# (your DShield userID, if you have one - recommended, but reports will +# be used anonymously if not) +# (the protocol in use - defaults to tcp) +# +# Best practice is to provide and in jail.conf like this: +# action = dshield[port=1234,protocol=tcp] +# +# ...and create "dshield.local" with contents something like this: +# [Init] +# myip = 10.0.0.1 +# userid = 12345 +# +# Other useful configuration values are (you can use for specifying +# a different sender address for the report e-mails, which should match what is +# configured at DShield), and // (to +# configure how often the buffer is flushed). +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = if [ -f .buffer ]; then + cat .buffer | "FORMAT DSHIELD USERID TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" + date +%%s > .lastsent + fi + rm -f .buffer .first + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +# See http://www.dshield.org/specs.html for more on report format/notes +# +# Note: We are currently using