search

freephile / qb

The QualityBox fork of Meza
https://discourse.equality-tech.com
MIT License
3 stars 1 forks source link

Create role for Fail2ban #27

Open freephile opened 4 years ago

freephile commented 4 years ago

Currently fail2ban is installed and configured manually on each host.

Create a role to install and configure it with Ansible - or possibly use https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker as a replacement (creating role for that)

freephile commented 4 years ago

Note that for any existing installs, the fail2ban service should be stopped and the fail2ban.service file in ./build/ should be copied 

cp build/fail2ban.service /lib/systemd/system/fail2ban.service 
systemctl stop fail2ban
# Run 'systemctl daemon-reload' to reload units.
systemctl daemon-reload

Update the configuration
wget -q -O- "https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list" | uniq | sed -e 's/\\ / /g' | sed -e 's/\([.\:|()+]\)/\\\1/g' | tr '\n' '|' | sed -e 's/|$//g'
copy the results into /etc/fail2ban/filter.d/apache-badbots.conf
freephile commented 4 years ago

To confirm installation fail2ban-client version

To confirm operation fail2ban-regex --print-all-matched /var/log/apache2/access_log /etc/fail2ban/filter.d/apache-badbots.conf