From bc79a4f5b1b3640a93363e7edeb60675facd636a Mon Sep 17 00:00:00 2001
From: djmaze <djmaze@djmaze.lan>
Date: Wed, 29 Jul 2020 11:29:59 +0200
Subject: [PATCH] Added Fail2ban instructions

---
 README.md                                   |  1 +
 fail2ban/README.md                          | 39 +++++++++++++++++++++
 fail2ban/filter.d/rainloop-fpm-journal.conf |  8 +++++
 fail2ban/filter.d/rainloop-log.conf         |  5 +++
 fail2ban/jail.d/rainloop-fpm-journal.conf   |  5 +++
 fail2ban/jail.d/rainloop-log.conf           |  5 +++
 6 files changed, 63 insertions(+)
 create mode 100644 fail2ban/README.md
 create mode 100644 fail2ban/filter.d/rainloop-fpm-journal.conf
 create mode 100644 fail2ban/filter.d/rainloop-log.conf
 create mode 100644 fail2ban/jail.d/rainloop-fpm-journal.conf
 create mode 100644 fail2ban/jail.d/rainloop-log.conf

diff --git a/README.md b/README.md
index 4d29c39d5..252815b2e 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ This fork has the following changes:
 * Privacy/GDPR friendly (no: Social, Gravatar, Facebook, Google, Twitter, DropBox, OwnCloud, X-Mailer)
 * Admin uses password_hash/password_verify
 * Auth failed attempts written to syslog
+* Added Fail2ban instructions
 * ES2015 (removed polyfills and Modernizr)
 * PHP 7.3+ required
 * PHP mbstring extension required
diff --git a/fail2ban/README.md b/fail2ban/README.md
new file mode 100644
index 000000000..dd34a7be7
--- /dev/null
+++ b/fail2ban/README.md
@@ -0,0 +1,39 @@
+# Fail2ban Instructions
+
+This modified version of RainLoop logs to the system (when syslog works in PHP).
+
+If you use other ports then http, https & 2096, modify them in /filter.d/*.conf
+
+## Systemd journal PHP-FPM
+
+Upload the following to /etc/fail2ban/*
+
+- /filter.d/rainloop-fpm-journal.conf
+- /jail.d/rainloop-fpm-journal.conf
+
+Modify your /etc/fail2ban/jail.local with:
+
+<code>[rainloop-fpm-journal]<br/>
+enabled = true</code>
+
+## Default log (not recommended)
+
+Modify /PATH-TO-RAINLOOP-DATA/_data_/_default_/configs/application.ini
+
+<code>[logs]<br/>
+auth_logging = On<br/>
+auth_logging_filename = "fail2ban/auth-fail.log"<br/>
+auth_logging_format = "[{date:Y-m-d H:i:s T}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
+</code>
+
+Modify the path in /jail.d/rainloop-log.conf
+
+Upload the following to /etc/fail2ban/*
+
+- /filter.d/rainloop-log.conf
+- /jail.d/rainloop-log.conf
+
+Modify your /etc/fail2ban/jail.local with:
+
+<code>[rainloop-log]<br/>
+enabled = true</code>
diff --git a/fail2ban/filter.d/rainloop-fpm-journal.conf b/fail2ban/filter.d/rainloop-fpm-journal.conf
new file mode 100644
index 000000000..6943df2ac
--- /dev/null
+++ b/fail2ban/filter.d/rainloop-fpm-journal.conf
@@ -0,0 +1,8 @@
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = Auth failed: ip=<HOST> user=.*$
+ignoreregex =
+_daemon = php-fpm
+journalmatch = _SYSTEMD_UNIT=php-fpm.service SYSLOG_FACILITY=10
+#journalmatch = _SYSTEMD_UNIT=php-fpm.service SYSLOG_FACILITY=10 SYSLOG_IDENTIFIER=rainloop PRIORITY=3
diff --git a/fail2ban/filter.d/rainloop-log.conf b/fail2ban/filter.d/rainloop-log.conf
new file mode 100644
index 000000000..a862d7173
--- /dev/null
+++ b/fail2ban/filter.d/rainloop-log.conf
@@ -0,0 +1,5 @@
+[INCLUDES]
+#before = common.conf
+[Definition]
+failregex = Auth failed: ip=<HOST> user=.* host=.* port=.*$
+ignoreregex =
diff --git a/fail2ban/jail.d/rainloop-fpm-journal.conf b/fail2ban/jail.d/rainloop-fpm-journal.conf
new file mode 100644
index 000000000..92af30723
--- /dev/null
+++ b/fail2ban/jail.d/rainloop-fpm-journal.conf
@@ -0,0 +1,5 @@
+[rainloop-fpm-journal]
+filter  = rainloop-fpm-journal
+port    = http,https,2096
+backend = systemd
+maxretry = 3
diff --git a/fail2ban/jail.d/rainloop-log.conf b/fail2ban/jail.d/rainloop-log.conf
new file mode 100644
index 000000000..f3b385e58
--- /dev/null
+++ b/fail2ban/jail.d/rainloop-log.conf
@@ -0,0 +1,5 @@
+[rainloop-log]
+filter  = rainloop-log
+port    = http,https,2096
+logpath = /PATH-TO-RAINLOOP-DATA/_data_/_default_/logs/fail2ban/auth-fail.log
+maxretry = 3