installation script for OS Devuan (#95)

* adding devuan

* add devaun desc to README
make update and upgrade more noisy
correct path for devuan in pre-install

* some untested code for the source install - source installation is broken in Debian installation script and I have not debugged the problem. Focusing on the packaged version first.

devuan/resources/fail2ban/freeswitch-404.conf

@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+# inbound route - 404 not found
+
+
+[Definition]
+
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = 404 not found <HOST>
+
+
+#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch-dos.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch-ip.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
+failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch.conf

@@ -0,0 +1,18 @@
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

devuan/resources/fail2ban/fusionpbx.conf

@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = .* FusionPBX: \[<HOST>\] authentication failed for
+          = .* FusionPBX: \[<HOST>\] provision attempt bad password for
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

devuan/resources/fail2ban/jail.local

@@ -0,0 +1,113 @@
+[freeswitch-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+[freeswitch-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+#[freeswitch-ip-tcp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+#[freeswitch-ip-udp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+[freeswitch-dos-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-dos-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-404]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-404
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-allports[name=freeswitch-404, protocol=all]
+maxretry = 3
+findtime = 300
+bantime  = 86400
+
+[fusionpbx]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = fusionpbx
+logpath  = /var/log/auth.log
+action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+#          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
+maxretry = 10
+findtime = 600
+bantime  = 600
+
+[nginx-404]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-404
+logpath  = /var/log/nginx/access*.log
+bantime  = 600
+findtime = 60
+maxretry = 120
+
+[nginx-dos]
+# Based on apache-badbots but a simple IP check (any IP requesting more than
+# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# Block for two full days.
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-dos
+logpath  = /var/log/nginx/access*.log
+findtime = 60
+bantime  = 172800
+maxretry = 240

devuan/resources/fail2ban/nginx-404.conf

@@ -0,0 +1,5 @@
+# Fail2Ban configuration file
+#
+[Definition]
+failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
+ignoreregex =

devuan/resources/fail2ban/nginx-dos.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+ 
+[Definition]
+# Option: failregex
+# Notes.: Regexp to catch a generic call from an IP address.
+# Values: TEXT
+#
+failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
+ 
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =