Closed ericras closed 6 years ago
ericras
commented
6 years ago Settings added to sites/all/settings.php
// Autoban settings to force on all sites.
$conf['autoban_cron_enable'] = FALSE;
$conf['autoban_dblog_type_exclude'] = "autoban,cron,php,system,user";
$conf['autoban_force_enable'] = TRUE;
$conf['autoban_thresholds'] = "1,2,3,5,10,20,50,100,200,500,1000";
$conf['autoban_whitelist'] = "10.0.0.0/8\r\n129.93.0.0/16";
tsteiner
commented
6 years ago sed script to add the shared tables to the settings.php file (and not duplicate it if it already exists):
/'default'\s*=> '\w*_drupal_',/,/^);$/ {
/'autoban'/ d
/'blocked_ips'/ d
/'filter'/ {
i \ 'autoban' => 'drupal_',
i \ 'blocked_ips' => 'drupal_',
}
}No longer going to share tables
[x] Create RFC
[x] Deploy 0d448f2d41c76d40cf2c857a1802f46f66693f6d c41980fc208a24fea3a839c98c3bead6e0e23055 (module with patch from https://www.drupal.org/project/autoban/issues/2969670)
[x] Add variable values to sites/all/settings.php including on-campus whitelist
[x] Drush enable autoban module on all sites
[ ]
Add autoban and blocked_ips tables as shared/prefix tables in every sites/unl.edu.SITE/settings.php[x] Deploy autoban rule to all sites with drush: php /var/www/bin/drush-all-sites.php sql-query --db-prefix "INSERT INTO {autoban} SET type = 'honeypot', message = 'Blocked submission of %form due to @cause.', threshold = '5', user_type = '1', ip_type = '0';"
[x] Deploy iptables rules to production