From 75ef4e14e0a3e08eec9ec454a2749711ccaa6c2e Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Fri, 19 Apr 2024 23:28:34 +0200 Subject: [PATCH] Add am example filter file for "Fail2Ban" --- contrib/Debian/rules | 5 +++++ contrib/Makefile.am | 1 + contrib/README.md | 2 ++ contrib/ngircd-fail2ban.conf | 25 +++++++++++++++++++++++++ 4 files changed, 33 insertions(+) create mode 100644 contrib/ngircd-fail2ban.conf diff --git a/contrib/Debian/rules b/contrib/Debian/rules index 25e27872..561f765c 100755 --- a/contrib/Debian/rules +++ b/contrib/Debian/rules @@ -53,6 +53,11 @@ execute_after_dh_auto_install: $(CURDIR)/contrib/ngircd.logcheck \ $(CURDIR)/debian/ngircd/etc/logcheck/ignore.d.paranoid/ngircd +# Install the fail2ban configuration. + install -o root -g root -m 0644 -D \ + $(CURDIR)/contrib/ngircd-fail2ban.conf \ + $(CURDIR)/debian/ngircd/etc/fail2ban/filter.d/ngircd.conf + # Make lintian happy :-) rm $(CURDIR)/debian/ngircd/usr/share/doc/ngircd/COPYING mv $(CURDIR)/debian/ngircd/usr/share/doc/ngircd/ChangeLog \ diff --git a/contrib/Makefile.am b/contrib/Makefile.am index f2d99012..cd2eb05e 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -17,6 +17,7 @@ EXTRA_DIST = README.md \ Dockerfile \ ngindent.sh \ ngircd-bsd.sh \ + ngircd-fail2ban.conf \ ngIRCd-Logo.gif \ ngircd-redhat.init \ ngircd.logcheck \ diff --git a/contrib/README.md b/contrib/README.md index fdd46495..5ab57690 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -16,6 +16,8 @@ This `contrib/` directory contains the following sub-folders and files: - `ngircd-bsd.sh`: Start/stop script for FreeBSD. +- `ngircd-fail2ban.conf`: fail2ban(1) filter configuration for ngIRCd. + - `ngircd-redhat.init`: Start/stop script for old(er) RedHat-based distributions (like CentOS and Fedora), which did _not_ use systemd(8). diff --git a/contrib/ngircd-fail2ban.conf b/contrib/ngircd-fail2ban.conf new file mode 100644 index 00000000..c9903e0c --- /dev/null +++ b/contrib/ngircd-fail2ban.conf @@ -0,0 +1,25 @@ +# Fail2ban filter for ngIRCd +# +# Put into /etc/fail2ban/filter.d/ngircd.conf and enable in your jail.local +# configuration like this: +# +# [ngircd] +# enabled = true +# backend = systemd +# + +[INCLUDES] + +before = common.conf + +[DEFAULT] + +_daemon = ngircd + +[Definition] + +failregex = ^%(__prefix_line)sRefused connection from on socket \d+: + +[Init] + +journalmatch = _SYSTEMD_UNIT=ngircd.service + _COMM=ngircd -- 2.39.2