Merge pull request #474 from modoboa/security/fail2ban

Added fail2ban setup

modoboa_installer/config_dict_template.py

@@ -118,6 +118,31 @@ ConfigDictTemplate = [
             }
         ]
     },
+    {
+        "name": "fail2ban",
+        "values": [
+            {
+                "option": "enabled",
+                "default": "true",
+            },
+            {
+                "option": "config_dir",
+                "default": "/etc/fail2ban"
+            },
+            {
+                "option": "max_retry",
+                "default": "20"
+            },
+            {
+                "option": "ban_time",
+                "default": "3600"
+            },
+            {
+                "option": "find_time",
+                "default": "30"
+            },
+        ]
+    },
     {
         "name": "modoboa",
         "values": [

modoboa_installer/scripts/fail2ban.py

@@ -0,0 +1,17 @@
+"""fail2ban related functions."""
+
+from . import base
+
+
+class Fail2ban(base.Installer):
+    """Fail2ban installer."""
+
+    appname = "fail2ban"
+    packages = {
+        "deb": ["fail2ban"],
+        "rpm": ["fail2ban"]
+    }
+    config_files = [
+        "jail.d/modoboa.conf",
+        "filter.d/modoboa-auth.conf",
+    ]

modoboa_installer/scripts/files/fail2ban/filter.d/modoboa-auth.conf.tpl

@@ -0,0 +1,9 @@
+# Fail2Ban filter Modoboa authentication
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = modoboa\.auth: WARNING Failed connection attempt from \'<HOST>\' as user \'.*?\'$

modoboa_installer/scripts/files/fail2ban/jail.d/modoboa.conf.tpl

@@ -0,0 +1,9 @@
+[modoboa]
+enabled = true
+port = http,https
+protocol = tcp
+filter = modoboa-auth
+maxretry = %max_retry
+bantime = %ban_time
+findtime = %find_time
+logpath = /var/log/auth.log

run.py

@@ -22,6 +22,7 @@ from modoboa_installer import utils
 
 PRIMARY_APPS = [
     "amavis",
+    "fail2ban",
     "modoboa",
     "automx",
     "radicale",