From 5f02e1b8edec1c6d993361dfd1397a441fae1827 Mon Sep 17 00:00:00 2001 From: Antoine Nguyen Date: Mon, 30 Jan 2023 18:02:09 +0100 Subject: [PATCH 1/2] Added fail2ban setup --- modoboa_installer/config_dict_template.py | 25 +++++++++++++++++++++++ run.py | 1 + 2 files changed, 26 insertions(+) diff --git a/modoboa_installer/config_dict_template.py b/modoboa_installer/config_dict_template.py index a18437dd..73256d6d 100644 --- a/modoboa_installer/config_dict_template.py +++ b/modoboa_installer/config_dict_template.py @@ -118,6 +118,31 @@ def is_email(user_input): } ] }, + { + "name": "fail2ban", + "values": [ + { + "option": "enabled", + "default": "true", + }, + { + "option": "config_dir", + "default": "/etc/fail2ban" + }, + { + "option": "max_retry", + "default": "20" + }, + { + "option": "ban_time", + "default": "3600" + }, + { + "option": "find_time", + "default": "30" + }, + ] + }, { "name": "modoboa", "values": [ diff --git a/run.py b/run.py index 88c7ed66..edd5720a 100755 --- a/run.py +++ b/run.py @@ -22,6 +22,7 @@ PRIMARY_APPS = [ "amavis", + "fail2ban", "modoboa", "automx", "radicale", From 76ec16cd453253c4d5cf9a3839ec0175f7f437b4 Mon Sep 17 00:00:00 2001 From: Antoine Nguyen Date: Tue, 31 Jan 2023 09:08:34 +0100 Subject: [PATCH 2/2] Added missing files --- modoboa_installer/scripts/fail2ban.py | 17 +++++++++++++++++ .../fail2ban/filter.d/modoboa-auth.conf.tpl | 9 +++++++++ .../files/fail2ban/jail.d/modoboa.conf.tpl | 9 +++++++++ 3 files changed, 35 insertions(+) create mode 100644 modoboa_installer/scripts/fail2ban.py create mode 100644 modoboa_installer/scripts/files/fail2ban/filter.d/modoboa-auth.conf.tpl create mode 100644 modoboa_installer/scripts/files/fail2ban/jail.d/modoboa.conf.tpl diff --git a/modoboa_installer/scripts/fail2ban.py b/modoboa_installer/scripts/fail2ban.py new file mode 100644 index 00000000..7faa9172 --- /dev/null +++ b/modoboa_installer/scripts/fail2ban.py @@ -0,0 +1,17 @@ +"""fail2ban related functions.""" + +from . import base + + +class Fail2ban(base.Installer): + """Fail2ban installer.""" + + appname = "fail2ban" + packages = { + "deb": ["fail2ban"], + "rpm": ["fail2ban"] + } + config_files = [ + "jail.d/modoboa.conf", + "filter.d/modoboa-auth.conf", + ] diff --git a/modoboa_installer/scripts/files/fail2ban/filter.d/modoboa-auth.conf.tpl b/modoboa_installer/scripts/files/fail2ban/filter.d/modoboa-auth.conf.tpl new file mode 100644 index 00000000..9db6b5f0 --- /dev/null +++ b/modoboa_installer/scripts/files/fail2ban/filter.d/modoboa-auth.conf.tpl @@ -0,0 +1,9 @@ +# Fail2Ban filter Modoboa authentication + +[INCLUDES] + +before = common.conf + +[Definition] + +failregex = modoboa\.auth: WARNING Failed connection attempt from \'\' as user \'.*?\'$ diff --git a/modoboa_installer/scripts/files/fail2ban/jail.d/modoboa.conf.tpl b/modoboa_installer/scripts/files/fail2ban/jail.d/modoboa.conf.tpl new file mode 100644 index 00000000..4b265b6c --- /dev/null +++ b/modoboa_installer/scripts/files/fail2ban/jail.d/modoboa.conf.tpl @@ -0,0 +1,9 @@ +[modoboa] +enabled = true +port = http,https +protocol = tcp +filter = modoboa-auth +maxretry = %max_retry +bantime = %ban_time +findtime = %find_time +logpath = /var/log/auth.log