diff options
| author | Alexander Barton <alex@barton.de> | 2024-04-19 23:28:34 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2024-04-19 23:40:19 +0200 |
| commit | 75ef4e14e0a3e08eec9ec454a2749711ccaa6c2e (patch) | |
| tree | 1361ffc886abb64cd14529bb40cb8d3804b8d4b3 | |
| parent | d4fb21f3542ee2a42aecdddc73a76a6ff41fcacd (diff) | |
| download | ngircd-75ef4e14e0a3e08eec9ec454a2749711ccaa6c2e.tar.gz ngircd-75ef4e14e0a3e08eec9ec454a2749711ccaa6c2e.zip | |
Add am example filter file for "Fail2Ban"
| -rwxr-xr-x | contrib/Debian/rules | 5 | ||||
| -rw-r--r-- | contrib/Makefile.am | 1 | ||||
| -rw-r--r-- | contrib/README.md | 2 | ||||
| -rw-r--r-- | contrib/ngircd-fail2ban.conf | 25 |
4 files changed, 33 insertions, 0 deletions
diff --git a/contrib/Debian/rules b/contrib/Debian/rules index 25e27872..561f765c 100755 --- a/contrib/Debian/rules +++ b/contrib/Debian/rules @@ -53,6 +53,11 @@ execute_after_dh_auto_install: $(CURDIR)/contrib/ngircd.logcheck \ $(CURDIR)/debian/ngircd/etc/logcheck/ignore.d.paranoid/ngircd +# Install the fail2ban configuration. + install -o root -g root -m 0644 -D \ + $(CURDIR)/contrib/ngircd-fail2ban.conf \ + $(CURDIR)/debian/ngircd/etc/fail2ban/filter.d/ngircd.conf + # Make lintian happy :-) rm $(CURDIR)/debian/ngircd/usr/share/doc/ngircd/COPYING mv $(CURDIR)/debian/ngircd/usr/share/doc/ngircd/ChangeLog \ diff --git a/contrib/Makefile.am b/contrib/Makefile.am index f2d99012..cd2eb05e 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -17,6 +17,7 @@ EXTRA_DIST = README.md \ Dockerfile \ ngindent.sh \ ngircd-bsd.sh \ + ngircd-fail2ban.conf \ ngIRCd-Logo.gif \ ngircd-redhat.init \ ngircd.logcheck \ diff --git a/contrib/README.md b/contrib/README.md index fdd46495..5ab57690 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -16,6 +16,8 @@ This `contrib/` directory contains the following sub-folders and files: - `ngircd-bsd.sh`: Start/stop script for FreeBSD. +- `ngircd-fail2ban.conf`: fail2ban(1) filter configuration for ngIRCd. + - `ngircd-redhat.init`: Start/stop script for old(er) RedHat-based distributions (like CentOS and Fedora), which did _not_ use systemd(8). diff --git a/contrib/ngircd-fail2ban.conf b/contrib/ngircd-fail2ban.conf new file mode 100644 index 00000000..c9903e0c --- /dev/null +++ b/contrib/ngircd-fail2ban.conf @@ -0,0 +1,25 @@ +# Fail2ban filter for ngIRCd +# +# Put into /etc/fail2ban/filter.d/ngircd.conf and enable in your jail.local +# configuration like this: +# +# [ngircd] +# enabled = true +# backend = systemd +# + +[INCLUDES] + +before = common.conf + +[DEFAULT] + +_daemon = ngircd + +[Definition] + +failregex = ^%(__prefix_line)sRefused connection from <ADDR> on socket \d+: + +[Init] + +journalmatch = _SYSTEMD_UNIT=ngircd.service + _COMM=ngircd |