feat(Dockerfile): enhance fail2ban setup with comprehensive filter configuration and permissions

ErcinDedeoglu · ErcinDedeoglu · commit 5771eb265aad · 2025-03-17T17:51:14.000+04:00
- Add wildcard pattern to copy all filter configurations
- Set permissions for all filter and action configurations
- Create required directories and files for fail2ban

feat(fail2ban): add new filters for probing and request flood detection

- Introduce nginx-probing.conf to detect unauthorized probing attempts
- Introduce nginx-request-flood.conf to detect request flooding

feat(jail.local): configure new fail2ban jails for enhanced security

- Add nginx-probing jail to monitor probing attempts
- Add nginx-request-flood jail to monitor request flooding
- Set findtime, maxretry, and bantime for new jails
diff --git a/src/Dockerfile b/src/Dockerfile
@@ -52,19 +52,22 @@ COPY src/docker_scripts/fetch_cloudflare_ips.sh /usr/local/bin/
 COPY src/docker_scripts/update_cloudflare_ips.sh /usr/local/bin/
 COPY src/docker_scripts/startup.sh /usr/local/bin/
 
-# Fail2ban configuration
+# Fail2ban configuration with comprehensive filter setup
 RUN mkdir -p /etc/fail2ban/action.d \
     && mkdir -p /etc/fail2ban/filter.d \
     && mkdir -p /etc/nginx/conf.d/banned \
     && mkdir -p /var/run/fail2ban
 
-COPY src/fail2ban/jail.local /etc/fail2ban/jail.local
-COPY src/fail2ban/filter.d/nginx-http-auth-proxma.conf /etc/fail2ban/filter.d/
+# Copy all filter configurations using wildcard pattern
+COPY src/fail2ban/filter.d/*.conf /etc/fail2ban/filter.d/
 COPY src/fail2ban/action.d/nginx-deny.conf /etc/fail2ban/action.d/
+COPY src/fail2ban/jail.local /etc/fail2ban/
 
+# Set permissions and create required files
 RUN chmod 644 /etc/fail2ban/jail.local \
-    && chmod 644 /etc/fail2ban/filter.d/nginx-http-auth-proxma.conf \
-    && chmod 644 /etc/fail2ban/action.d/nginx-deny.conf \
+    && chmod -R 644 /etc/fail2ban/filter.d/* \
+    && chmod 644 /etc/fail2ban/action.d/* \
+    && mkdir -p /etc/nginx/conf.d/banned \
     && touch /etc/nginx/conf.d/banned/banned_ips.conf \
     && chmod 644 /etc/nginx/conf.d/banned/banned_ips.conf
 
diff --git a/src/fail2ban/filter.d/nginx-probing.conf b/src/fail2ban/filter.d/nginx-probing.conf
@@ -0,0 +1,7 @@
+[Definition]
+failregex = ^<HOST>.*"GET .*HTTP.*" (403|404) \d+
+            ^<HOST>.*"(HEAD|OPTIONS) \/.*HTTP.* 
+            ^<HOST>.*"\/\.git\/.* 
+            ^<HOST>.*"\/\.env.*
+            ^<HOST>.*"\/wp-includes.*
+ignoreregex =
diff --git a/src/fail2ban/filter.d/nginx-request-flood.conf b/src/fail2ban/filter.d/nginx-request-flood.conf
@@ -0,0 +1,3 @@
+[Definition]
+failregex = ^<HOST> -.*-.*$
+datepattern = %%d/%%b/%%Y:%%H:%%M:%%S
diff --git a/src/fail2ban/jail.local b/src/fail2ban/jail.local
@@ -43,4 +43,21 @@ port = http,https
 enabled = true
 filter = nginx-botsearch
 logpath = /var/proxma/logs/nginx_access.log
+port = http,https
+
+[nginx-probing]
+enabled = true
+filter = nginx-probing
+logpath = /var/proxma/logs/nginx_access.log
+findtime = 2m
+maxretry = 5
+port = http,https
+
+[nginx-request-flood]
+enabled = true
+filter = nginx-request-flood
+logpath = /var/proxma/logs/nginx_access.log
+findtime = 60
+maxretry = 100
+bantime = 3600
 port = http,https

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[Definition]`
	`2`	`+failregex = ^<HOST> -.-.$`
	`3`	`+datepattern = %%d/%%b/%%Y:%%H:%%M:%%S`