From 71a5181ed0d546c0ebd3d0aaff0f5a1df9d02518 Mon Sep 17 00:00:00 2001 From: Francois Carpentier Date: Fri, 14 Sep 2018 06:29:00 +0200 Subject: [PATCH] Update Description of several filters: ModSecurity, 3proxy, Asterisk, Counter Strike, Courier, Cyrus IMAP server, DirectAdmin, Dovecot, Drupal, ejabberd, Exim; I suggest to clarify what is the corresponding service, and who developed it, and include source of this information. All of the above might be useful for newcomers to F2B and or users not familiar with some service. --- config/filter.d/3proxy.conf | 5 ++++- config/filter.d/apache-modsecurity.conf | 6 +++++- config/filter.d/asterisk.conf | 10 +++++++++- config/filter.d/counter-strike.conf | 10 +++++++++- config/filter.d/courier-auth.conf | 9 +++++++++ config/filter.d/courier-smtp.conf | 10 +++++++++- config/filter.d/cyrus-imap.conf | 9 +++++++-- config/filter.d/directadmin.conf | 14 ++++++++----- config/filter.d/dovecot.conf | 8 ++++++++ config/filter.d/drupal-auth.conf | 26 +++++++++++++++---------- config/filter.d/ejabberd-auth.conf | 13 ++++++++++--- config/filter.d/exim-spam.conf | 12 ++++++++++-- config/filter.d/exim.conf | 15 ++++++++++---- 13 files changed, 116 insertions(+), 31 deletions(-) diff --git a/config/filter.d/3proxy.conf b/config/filter.d/3proxy.conf index 299c3a29..9ae795b6 100644 --- a/config/filter.d/3proxy.conf +++ b/config/filter.d/3proxy.conf @@ -1,6 +1,9 @@ # Fail2Ban filter for 3proxy # -# +# 3proxy is an open source SOCKSv4/4a/5 proxy, with UDP ASSOCIATE and comprehensive IPv4 support, for Unix, Linux +# and Windows. It also supports chaining and can convert requests between different proxy types. +# https://www.3proxy.ru +# https://github.com/z3APA3A/3proxy [Definition] diff --git a/config/filter.d/apache-modsecurity.conf b/config/filter.d/apache-modsecurity.conf index 13e9c5ea..94a08517 100644 --- a/config/filter.d/apache-modsecurity.conf +++ b/config/filter.d/apache-modsecurity.conf @@ -1,5 +1,9 @@ # Fail2Ban apache-modsec filter -# +# +# ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS +# and Nginx. Which is developed by the company SpiderLabs. Which is owned by Trustwave. +# https://www.modsecurity.org +# https://www.trustwave.com [INCLUDES] diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf index 0cb1b70a..324a9084 100644 --- a/config/filter.d/asterisk.conf +++ b/config/filter.d/asterisk.conf @@ -1,5 +1,13 @@ # Fail2Ban filter for asterisk authentication failures -# +# +# Asterisk is a software implementation of a telephone private branch exchange (PBX). It allows telephones +# interfaced with a variety of hardware technologies to make calls to one another, and to connect to telephony +# services, such as the public switched telephone network (PSTN) and voice over Internet Protocol (VoIP) services. +# +# Homepage: https://www.asterisk.org +# Repository: https://gerrit.asterisk.org +# License: GPLv2 with additional licenses available from Digium, Inc. +# Developer: https://www.digium.com [INCLUDES] diff --git a/config/filter.d/counter-strike.conf b/config/filter.d/counter-strike.conf index a896b5ca..723b04af 100644 --- a/config/filter.d/counter-strike.conf +++ b/config/filter.d/counter-strike.conf @@ -1,6 +1,14 @@ # Fail2Ban filter for failure attempts in Counter Strike-1.6 # -# +# Counter-Strike (CS) is a series of multiplayer first-person shooter video games. Which are published by the for-profit +# corporations: Valve, Sierra Entertainment, Namco, and Nexon. +# +# Homepage archived: https://archive.fo/IvxQO +# Homepage offline: http://www.cstrike-planet.com/faq/6 +# Publisher: http://valvesoftware.com +# Repository: Closed source +# License: Closed source +# Log path: /opt/cstrike/logs/L[0-9]*.log [Definition] diff --git a/config/filter.d/courier-auth.conf b/config/filter.d/courier-auth.conf index 1170a63a..67b265e9 100644 --- a/config/filter.d/courier-auth.conf +++ b/config/filter.d/courier-auth.conf @@ -1,5 +1,14 @@ # Fail2Ban filter for courier authentication failures # +# Courier mail transfer agent (MTA) is an integrated mail/groupware server based on open commodity protocols, +# such as ESMTP, IMAP, POP3, LDAP, TLS, and HTTP. Courier provides ESMTP, IMAP, POP3, webmail, and mailing list +# services within a single, consistent, framework. +# +# Homepage: http://www.courier-mta.org +# Repository: http://www.courier-mta.org/repo.html +# License: GNU General Public +# Developer: Double Precision, Inc. +# Wikipedia: https://en.wikipedia.org/wiki/Courier_Mail_Server [INCLUDES] diff --git a/config/filter.d/courier-smtp.conf b/config/filter.d/courier-smtp.conf index fc0afc26..2f747557 100644 --- a/config/filter.d/courier-smtp.conf +++ b/config/filter.d/courier-smtp.conf @@ -1,6 +1,14 @@ # Fail2Ban filter to block relay attempts though a Courier smtp server # -# +# Courier mail transfer agent (MTA) is an integrated mail/groupware server based on open commodity protocols, +# such as ESMTP, IMAP, POP3, LDAP, TLS, and HTTP. Courier provides ESMTP, IMAP, POP3, webmail, and mailing list +# services within a single, consistent, framework. +# +# Homepage: http://www.courier-mta.org +# Repository: http://www.courier-mta.org/repo.html +# License: GNU General Public +# Developer: Double Precision, Inc. +# Wikipedia: https://en.wikipedia.org/wiki/Courier_Mail_Server [INCLUDES] diff --git a/config/filter.d/cyrus-imap.conf b/config/filter.d/cyrus-imap.conf index 31dfda60..363474b8 100644 --- a/config/filter.d/cyrus-imap.conf +++ b/config/filter.d/cyrus-imap.conf @@ -1,7 +1,12 @@ # Fail2Ban filter for authentication failures on Cyrus imap server # -# -# +# The Cyrus IMAP server is electronic mail server software developed by Carnegie Mellon University +# +# Homepage: https://www.cyrusimap.org +# Repository: https://github.com/cyrusimap/cyrus-imapd +# License: Original BSD license +# Developer: Carnegie Mellon University +# Wikipedia: https://en.wikipedia.org/wiki/Cyrus_IMAP_server [INCLUDES] diff --git a/config/filter.d/directadmin.conf b/config/filter.d/directadmin.conf index 7622e548..75cdb08b 100644 --- a/config/filter.d/directadmin.conf +++ b/config/filter.d/directadmin.conf @@ -1,7 +1,14 @@ -# Fail2Ban configuration file for Directadmin -# +# Fail2Ban configuration file for DirectAdmin # +# Requires DirectAdmin v1.45.3 or higher # +# DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier +# +# Homepage: https://www.directadmin.com +# Repository: Closed source +# License: Proprietary +# Developer: JBMC Software +# Wikipedia: https://en.wikipedia.org/wiki/DirectAdmin [INCLUDES] @@ -16,8 +23,5 @@ ignoreregex = [Init] datepattern = ^%%Y:%%m:%%d-%%H:%%M:%%S -# -# Requires Directadmin v1.45.3 or higher. http://www.directadmin.com/features.php?id=1590 -# # Author: Cyril Roos diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf index 9497c601..b676f334 100644 --- a/config/filter.d/dovecot.conf +++ b/config/filter.d/dovecot.conf @@ -1,5 +1,13 @@ # Fail2Ban filter Dovecot authentication and pop3/imap server # +# Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, +# written primarily with security in mind +# +# Homepage: https://www.dovecot.org +# Repository: https://github.com/dovecot/core +# License: Mostly MIT and LGPLv2 +# Developer: Timo Sirainen and contributors +# Wikipedia: https://en.wikipedia.org/wiki/Dovecot_(software) [INCLUDES] diff --git a/config/filter.d/drupal-auth.conf b/config/filter.d/drupal-auth.conf index b60abe3e..329b6e2b 100644 --- a/config/filter.d/drupal-auth.conf +++ b/config/filter.d/drupal-auth.conf @@ -1,11 +1,22 @@ # Fail2Ban filter to block repeated failed login attempts to Drupal site(s) # +# Requirements: +# 1. Configure Drupal Syslog using this documentation at https://www.drupal.org/documentation/modules/syslog # -# Drupal must be setup to use Syslog, which defaults to the following format: -# -# !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message -# +# 2. Setup Drupal appropriately to use Syslog. Per documentation above. With this Syslog defaults format: +# !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message # +# Drupal is a free and open source content-management framework written in PHP. +# As of September 2018, the Drupal community is composed of more than 1.3 million members. +# Drupal provides a back-end framework for web sites ranging from personal blogs to corporate, +# political, and government sites. Systems also use Drupal for knowledge management +# and for business collaboration. +# +# Homepage: https://www.drupal.org +# Repository: http://cgit.drupalcode.org/drupal +# License: GPLv2 or later +# Developer: Drupal community. With fostering and support by the Drupal Association. +# Wikipedia: https://en.wikipedia.org/wiki/Drupal [INCLUDES] @@ -18,9 +29,4 @@ failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\. ignoreregex = - -# DEV Notes: -# -# https://www.drupal.org/documentation/modules/syslog -# -# Author: Lee Clemens +# Original author drupal-auth.conf: Lee Clemens diff --git a/config/filter.d/ejabberd-auth.conf b/config/filter.d/ejabberd-auth.conf index 512fdb7c..6207be90 100644 --- a/config/filter.d/ejabberd-auth.conf +++ b/config/filter.d/ejabberd-auth.conf @@ -1,8 +1,15 @@ -# Fail2Ban configuration file -# -# Author: Steven Hiscocks +# Fail2Ban filter to block repeated failed login attempts to ejabberd # +# ejabberd is an XMPP application server, written mainly in the Erlang programming language +# +# Homepage: https://www.process-one.net/en/ejabberd/ +# Community: https://www.ejabberd.im +# Repository: https://github.com/processone/ejabberd +# License: GNU General Public License +# Developer: ProcessOne +# Wikipedia: https://en.wikipedia.org/wiki/Ejabberd # +# Original author "ejabberd-auth.conf" file: Steven Hiscocks [Definition] diff --git a/config/filter.d/exim-spam.conf b/config/filter.d/exim-spam.conf index 733c884b..7735944a 100644 --- a/config/filter.d/exim-spam.conf +++ b/config/filter.d/exim-spam.conf @@ -1,4 +1,4 @@ -# Fail2Ban filter for exim the spam rejection messages +# Fail2Ban filter for Exim the spam rejection messages # # Honeypot traps are very useful for fighting spam. You just activate an email # address on your domain that you do not intend to use at all, and that normal @@ -11,12 +11,20 @@ # # honeypot: :blackhole: # -# For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used. +# For the SA: Action: silently tossed message... to be logged Exim's SAdevnull option needs to be used. # # To this filter use the jail.local should contain in the right jail: # # filter = exim-spam[honeypot=honeypot@yourdomain.com] # +# Exim is a mail transfer agent (MTA) used on Unix-like operating systems. +# Exim 4 is currently the default MTA on Debian GNU/Linux systems. +# +# Homepage: https://www.exim.org +# Repository: https://github.com/Exim/exim +# License: GNU General Public License +# Developer: The Exim Maintainers at http://git.exim.org/exim.git/blob/HEAD:/src/ACKNOWLEDGMENTS +# Wikipedia: https://en.wikipedia.org/wiki/Exim [INCLUDES] diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf index 21fcaf73..b7c9a1ba 100644 --- a/config/filter.d/exim.conf +++ b/config/filter.d/exim.conf @@ -1,9 +1,16 @@ -# Fail2Ban filter for exim +# Fail2Ban filter for Exim # -# This includes the rejection messages of exim. For spam and filter -# related bans use the exim-spam.conf +# This filter includes the rejection messages of exim. For spam and filter +# related bans use the "exim-spam.conf". # - +# Exim is a mail transfer agent (MTA) used on Unix-like operating systems. +# Exim 4 is currently the default MTA on Debian GNU/Linux systems. +# +# Homepage: https://www.exim.org +# Repository: https://github.com/Exim/exim +# License: GNU General Public License +# Developer: The Exim Maintainers at http://git.exim.org/exim.git/blob/HEAD:/src/ACKNOWLEDGMENTS +# Wikipedia: https://en.wikipedia.org/wiki/Exim [INCLUDES]