ajoute les archives

ansible_tools/roles/set-fail2ban/templates/jail.conf.ubuntu.j2

@@ -0,0 +1,30 @@
+# Fail2Ban configuration file
+#
+
+[DEFAULT]
+ignoreip = {{ ignoreip }}
+bantime  = 86400
+findtime = 1200
+maxretry = 5
+
+backend = auto
+
+[zimbra-account]
+enabled = true
+filter = zimbra
+action = iptables-allports[name=zimbra-account]
+         sendmail[name=zimbra-account, dest={{ destmail }}]
+logpath = /opt/zimbra/log/mailbox.log
+bantime = {{ bantime_account }}
+findtime = {{ findtime_account }}
+maxretry = {{ maxretry_account }}
+
+[zimbra-postfix]
+enabled = true
+filter = zimbra-postfix
+action = iptables-allports[name=zimbra-postfix]
+         sendmail[name=zimbra-postfix, dest={{ destmail }}]
+logpath = /var/log/zimbra.log
+bantime = {{ bantime_postfix }}
+findtime = {{ findtime_postfix }}
+maxretry = {{ maxretry_postfix }}

ansible_tools/roles/set-fail2ban/templates/sendmail-common.conf.ubuntu.j2

@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Common settings for sendmail actions
+#
+# Users can override the defaults in sendmail-common.local
+
+[INCLUDES]
+
+after = sendmail-common.local
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
+              Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+              From: <sendername> <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
+             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+             From: <sendername> <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban =
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Recipient mail address
+#
+dest = {{ destmail }}
+
+# Sender mail address
+#
+sender = {{ sendermail }}
+
+# Sender display name
+#
+sendername = {{ sendername }}

ansible_tools/roles/set-fail2ban/templates/sendmail.conf.ubuntu.j2

@@ -0,0 +1,36 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /opt/zimbra/common/sbin/sendmail <sender> <dest>
+
+[Init]
+
+# Default name of the chain
+#
+name = default

ansible_tools/roles/set-fail2ban/templates/zimbra-postfix.conf.ubuntu.j2

@@ -0,0 +1,5 @@
+[Definition]
+
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w
+
+ignoreregex =

ansible_tools/roles/set-fail2ban/templates/zimbra.conf.ubuntu.j2

@@ -0,0 +1,11 @@
+[Definition]
+
+failregex = \[ip=<HOST>;\] account - authentication failed for .* \(no such account\)$
+        \[ip=<HOST>;\] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
+        \;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
+        \[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
+        \WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
+        \;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* missing userPassword;$
+        \;oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, invalid password;$
+        \;oip=<HOST>;.* account - Error occurred during authentication: authentication failed for .* ;$
+ignoreregex =