Bug#598847: Info received (Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk))

Sun, 03 Oct 2010 11:27:16 -0700 

In case someone else is interested, maybe this example will help prevent them
wasting a few hours on it like I did :P

Synopsis -

I want to ban sshd attacks from also accessing my Apache web server;
the below solution
isn't complete by any stretch but it will give you a basic idea form
which to expand upon.

First make sure you have dey.hosts installed:
sudo apt-get install denyhosts

Next IN /etc/cron.hourly create the sx.denyhosts file:

nano /etc/cron.hourly/sx.denyhosts
#!/bin/sh

test -x /etc/apache2/sx || exit 0
/etc/apache2/sx


Save it and make it +x; Next IN /etc/apache2 create the sx driver Perl script:
nano /etc/apache2/sx
#!/usr/bin/perl -w
# Executed via cron every 5 minutes to set-up
# Apache2 blocking based upon SSHd attacks:
# Gathered from /etc/hosts.deny  --wcj
# Copywrite (C) WC -Sx- Jones 2010; released into Public Domain.

use Fcntl qw(:DEFAULT :flock);
my $DEBUG = 0; # Set to 1 to enable...
my $QUIET = 1; # Set to 1 to silence...

sysopen my $rfh, "/etc/hosts.deny", O_RDWR|O_CREAT
              or die "can't open /etc/hosts.deny: $!";
sysopen my $wfh, "/etc/apache2/hosts.deny", O_RDWR|O_CREAT
             or die "can't open /etc/apache2/hosts.deny: $!";
truncate $wfh, 0 or die "can't truncate /etc/apache2/hosts.deny: $!";

while(<$rfh>) { chomp;
        next unless /^ALL\:\s\d+\.\d+\.\d+\.\d+/;
        print "Working on $_ ... Got: " if $DEBUG;

        my $ip = (split(/\s/,$_))[1];
        print "$ip - \n" if $DEBUG;
        print $wfh "$ip -\n";
}

print "\nDone ... \n" unless $QUIET;
close $rfh or die "can't close ... $!";
close $wfh or die "can't close ... $!";

# Restarting Apache2  --wcj
system('/usr/sbin/invoke-rc.d apache2 restart > /dev/null 2>&1') unless $DEBUG;


Save it and make it +x; Next IN /etc/apache2/sites-available/default
(or what ever vhost you wish to protect) add:

TraceEnable off
RewriteEngine On
#RewriteLogLevel 1
#RewriteLog /etc/apache2/hosts_deny_log
##################################################
# Blocked based upon hosts.deny --wcj
RewriteMap    hosts-deny  txt:/etc/apache2/hosts.deny
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^  -  [F]
##################################################

# The reader is welcome to modify any of the above to suit your needs....

HTH/Bill



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to