diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/attachments/20120829')
6 files changed, 138 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0001.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0001.obj new file mode 100644 index 000000000..ff0820647 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0001.obj @@ -0,0 +1,20 @@ +# +# + +[Definition] + +# Option: failregex +# Notes.: regex to match access from a small ddos encountered in August 27 2012 and following days. +# Keys of interest being: "Tenemos todo el tiempo del mundo", "PUTOS" in the query string +# and "blogdeklx1" in the referrer string +# It attacks on two URLs: /?id=...&msg=...Tenemos... and /es/. So we match on referrer for now. +# +# Values: TEXT +# +failregex = ^<HOST> -.*blogdeklx1.*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoregex =
\ No newline at end of file diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0002.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0002.obj new file mode 100644 index 000000000..fba1c7cc8 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0002.obj @@ -0,0 +1,8 @@ +# This jail is meant against a DDOS encountered from August 27 2012 + +[apache-dos-2012-mx] +enabled = true +filter = apache-dos-2012-mx +action = shorewall +logpath = /var/log/httpd/www.mageia.org-access_log +maxretry = 2 diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0003.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0003.obj new file mode 100644 index 000000000..f4d199e51 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0003.obj @@ -0,0 +1,41 @@ +Index: modules/fail2ban/manifests/init.pp +=================================================================== +--- modules/fail2ban/manifests/init.pp (revision 0) ++++ modules/fail2ban/manifests/init.pp (revision 0) +@@ -0,0 +1,35 @@ ++# Class: fail2ban ++# ++# This module manages fail2ban service and its main configuration files. ++# ++# Sample Usage: include fail2ban ++# ++class fail2ban { ++ ++ package { 'fail2ban': ensure => installed } ++ ++ service { 'fail2ban': ++ ensure => running, ++ require => Package['fail2ban'], ++ } ++ ++ file { '/etc/fail2ban/fail2ban.conf': ++ owner => 'root', ++ group => 'root', ++ mode => '0644', ++ source => 'puppet:///modules/fail2ban/fail2ban.conf', ++ } ++ ++ file { '/etc/fail2ban/jail.conf': ++ owner => 'root', ++ group => 'root', ++ mode => '0644', ++ source => "puppet:///modules/fail2ban/jail-$operatingsystem.conf", ++ } ++ ++ exec { '/etc/init.d/fail2ban restart': ++ subscribe => [ File['/etc/fail2ban/fail2ban.conf'], File['/etc/fail2ban/jail.conf'] ], ++ refreshonly => true, ++ } ++ ++} +\ No newline at end of file
\ No newline at end of file diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0004.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0004.obj new file mode 100644 index 000000000..ff0820647 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0004.obj @@ -0,0 +1,20 @@ +# +# + +[Definition] + +# Option: failregex +# Notes.: regex to match access from a small ddos encountered in August 27 2012 and following days. +# Keys of interest being: "Tenemos todo el tiempo del mundo", "PUTOS" in the query string +# and "blogdeklx1" in the referrer string +# It attacks on two URLs: /?id=...&msg=...Tenemos... and /es/. So we match on referrer for now. +# +# Values: TEXT +# +failregex = ^<HOST> -.*blogdeklx1.*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoregex =
\ No newline at end of file diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0005.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0005.obj new file mode 100644 index 000000000..fba1c7cc8 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment-0005.obj @@ -0,0 +1,8 @@ +# This jail is meant against a DDOS encountered from August 27 2012 + +[apache-dos-2012-mx] +enabled = true +filter = apache-dos-2012-mx +action = shorewall +logpath = /var/log/httpd/www.mageia.org-access_log +maxretry = 2 diff --git a/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment.obj b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment.obj new file mode 100644 index 000000000..f4d199e51 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20120829/5576ffef/attachment.obj @@ -0,0 +1,41 @@ +Index: modules/fail2ban/manifests/init.pp +=================================================================== +--- modules/fail2ban/manifests/init.pp (revision 0) ++++ modules/fail2ban/manifests/init.pp (revision 0) +@@ -0,0 +1,35 @@ ++# Class: fail2ban ++# ++# This module manages fail2ban service and its main configuration files. ++# ++# Sample Usage: include fail2ban ++# ++class fail2ban { ++ ++ package { 'fail2ban': ensure => installed } ++ ++ service { 'fail2ban': ++ ensure => running, ++ require => Package['fail2ban'], ++ } ++ ++ file { '/etc/fail2ban/fail2ban.conf': ++ owner => 'root', ++ group => 'root', ++ mode => '0644', ++ source => 'puppet:///modules/fail2ban/fail2ban.conf', ++ } ++ ++ file { '/etc/fail2ban/jail.conf': ++ owner => 'root', ++ group => 'root', ++ mode => '0644', ++ source => "puppet:///modules/fail2ban/jail-$operatingsystem.conf", ++ } ++ ++ exec { '/etc/init.d/fail2ban restart': ++ subscribe => [ File['/etc/fail2ban/fail2ban.conf'], File['/etc/fail2ban/jail.conf'] ], ++ refreshonly => true, ++ } ++ ++} +\ No newline at end of file
\ No newline at end of file |