Bug#598847: Info received (Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk))

To: 598847@bugs.debian.org
Subject: Bug#598847: Info received (Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk))
From: WC Jones <wcjones@ccsh.us>
Date: Sun, 3 Oct 2010 14:24:30 -0400
Message-id: <[🔎] AANLkTi=p8TQgq1EM7s8pv3WGh++9d6AZEZ2NS7wo4BER@mail.gmail.com>
Reply-to: WC Jones <wcjones@ccsh.us>, 598847@bugs.debian.org
In-reply-to: <handler.598847.B598847.128604015829431.ackinfo@bugs.debian.org>
References: <[🔎] AANLkTimcsz9v=Lq67ukJsU-bjYbn6NvkCH5rADPLBzdB@mail.gmail.com> <handler.598847.B598847.128604015829431.ackinfo@bugs.debian.org>

In case someone else is interested, maybe this example will help prevent them
wasting a few hours on it like I did :P

Synopsis -

I want to ban sshd attacks from also accessing my Apache web server;
the below solution
isn't complete by any stretch but it will give you a basic idea form
which to expand upon.

First make sure you have dey.hosts installed:
sudo apt-get install denyhosts

Next IN /etc/cron.hourly create the sx.denyhosts file:

nano /etc/cron.hourly/sx.denyhosts
#!/bin/sh

test -x /etc/apache2/sx || exit 0
/etc/apache2/sx


Save it and make it +x; Next IN /etc/apache2 create the sx driver Perl script:
nano /etc/apache2/sx
#!/usr/bin/perl -w
# Executed via cron every 5 minutes to set-up
# Apache2 blocking based upon SSHd attacks:
# Gathered from /etc/hosts.deny  --wcj
# Copywrite (C) WC -Sx- Jones 2010; released into Public Domain.

use Fcntl qw(:DEFAULT :flock);
my $DEBUG = 0; # Set to 1 to enable...
my $QUIET = 1; # Set to 1 to silence...

sysopen my $rfh, "/etc/hosts.deny", O_RDWR|O_CREAT
              or die "can't open /etc/hosts.deny: $!";
sysopen my $wfh, "/etc/apache2/hosts.deny", O_RDWR|O_CREAT
             or die "can't open /etc/apache2/hosts.deny: $!";
truncate $wfh, 0 or die "can't truncate /etc/apache2/hosts.deny: $!";

while(<$rfh>) { chomp;
	next unless /^ALL\:\s\d+\.\d+\.\d+\.\d+/;
	print "Working on $_ ... Got: " if $DEBUG;

	my $ip = (split(/\s/,$_))[1];
	print "$ip - \n" if $DEBUG;
	print $wfh "$ip -\n";
}

print "\nDone ... \n" unless $QUIET;
close $rfh or die "can't close ... $!";
close $wfh or die "can't close ... $!";

# Restarting Apache2  --wcj
system('/usr/sbin/invoke-rc.d apache2 restart > /dev/null 2>&1') unless $DEBUG;


Save it and make it +x; Next IN /etc/apache2/sites-available/default
(or what ever vhost you wish to protect) add:

TraceEnable off
RewriteEngine On
#RewriteLogLevel 1
#RewriteLog /etc/apache2/hosts_deny_log
##################################################
# Blocked based upon hosts.deny --wcj
RewriteMap    hosts-deny  txt:/etc/apache2/hosts.deny
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^  -  [F]
##################################################

# The reader is welcome to modify any of the above to suit your needs....

HTH/Bill

Reply to:

References:
- Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk)
  - From: WC Jones <wcjones@ccsh.us>

Prev by Date: Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk)
Next by Date: Processing of apr-util_1.2.12+dfsg-8+lenny5_i386.changes
Previous by thread: Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk)
Next by thread: Bug#598847: Acknowledgement (apache2: removing apache2 installs apache2-mpm-itk)
Index(es):
- Date
- Thread