Bot Updating Package Versions

2026-03-06 18:25:15 +09:00 · 2022-02-08 19:58:44 +01:00 · 2022-02-03 06:18:15 +01:00 · 2022-01-27 06:19:02 +01:00 · 2022-01-20 06:19:07 +01:00 · 2022-01-11 08:34:43 +01:00
6 changed files with 36 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -330,6 +330,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64

 ## Versions

+* **09.01.22:** - Added a fail2ban jail for nginx unauthorized
 * **21.12.21:** - Fixed issue with iptables not working as expected
 * **30.11.21:** - Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
 * **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
--- a/package_versions.txt
+++ b/package_versions.txt
@@ -1,6 +1,6 @@
 alpine-baselayout-3.2.0-r16
 alpine-keys-2.4-r0
-apache2-utils-2.4.51-r0
+apache2-utils-2.4.52-r0
 apk-tools-2.12.7-r0
 apr-1.7.0-r0
 apr-util-1.6.1-r7
@@ -9,11 +9,11 @@ bash-5.1.4-r0
 brotli-libs-1.0.9-r5
 busybox-1.33.1-r6
 c-client-2007f-r11
-ca-certificates-20191127-r5
-ca-certificates-bundle-20191127-r5
+ca-certificates-20211220-r0
+ca-certificates-bundle-20211220-r0
 coreutils-8.32-r2
 curl-7.79.1-r0
-expat-2.4.1-r0
+expat-2.4.4-r0
 fail2ban-0.11.2-r0
 freetype-2.10.4-r1
 gdbm-1.19-r0
@@ -29,7 +29,7 @@ iptables-1.8.7-r1
 libacl-2.2.53-r0
 libassuan-2.5.5-r0
 libattr-2.5.1-r0
-libblkid-2.37.2-r0
+libblkid-2.37.3-r0
 libbsd-0.11.3-r0
 libbz2-1.0.8-r1
 libc-utils-0.7.2-r3
@@ -55,7 +55,7 @@ libmcrypt-2.5.8-r9
 libmd-1.0.3-r0
 libmemcached-libs-1.0.18-r4
 libmnl-1.0.4-r1
-libmount-2.37.2-r0
+libmount-2.37.3-r0
 libnftnl-libs-1.2.0-r0
 libpng-1.6.37-r1
 libpq-13.5-r0
@@ -72,7 +72,7 @@ libssl1.1-1.1.1l-r0
 libstdc++-10.3.1_git20210424-r2
 libtasn1-4.17.0-r0
 libunistring-0.9.10-r1
-libuuid-2.37.2-r0
+libuuid-2.37.3-r0
 libwebp-1.2.0-r2
 libx11-1.7.2-r0
 libxau-1.0.9-r0
@@ -85,7 +85,7 @@ libxslt-1.1.34-r1
 libxt-1.2.1-r0
 libzip-1.7.3-r2
 linux-pam-1.5.1-r1
-logrotate-3.18.1-r0
+logrotate-3.18.1-r1
 lz4-libs-1.9.3-r1
 memcached-1.6.9-r0
 mpdecimal-2.5.1-r1
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -154,6 +154,7 @@ app_setup_nginx_reverse_proxy_block: ""

 # changelog
 changelogs:
+  - { date: "09.01.22:", desc: "Added a fail2ban jail for nginx unauthorized" }
  - { date: "21.12.21:", desc: "Fixed issue with iptables not working as expected" }
  - { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" }
  - { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
--- a/root/defaults/fail2ban/filter.d/nginx-unauthorized.conf
+++ b/root/defaults/fail2ban/filter.d/nginx-unauthorized.conf
@@ -0,0 +1,7 @@
+# A fail2ban filter for unauthorized log messages
+
+[Definition]
+
+failregex = ^(?!.*?(?i)plex)<HOST>.*"(GET|POST|HEAD).*" 401 .*$
+
+ignoreregex = 
--- a/root/defaults/jail.local
+++ b/root/defaults/jail.local
@@ -1,10 +1,14 @@
-## Version 2020/05/10 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
+## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
 # This is the custom version of the jail.conf for fail2ban
 # Feel free to modify this and add additional filters
 # Then you can drop the new filter conf files into the fail2ban-filters
 # folder and restart the container

 [DEFAULT]
+# Prevents banning LAN subnets
+ignoreip = 10.0.0.0/8
+           192.168.0.0/16
+           172.16.0.0/12

 # Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
 banaction = iptables-allports
@@ -21,37 +25,35 @@ maxretry = 5


 [ssh]
-
 enabled = false

-
 [nginx-http-auth]
-
 enabled  = true
 filter   = nginx-http-auth
 port     = http,https
 logpath  = /config/log/nginx/error.log

-
 [nginx-badbots]
-
 enabled  = true
 port     = http,https
 filter   = nginx-badbots
 logpath  = /config/log/nginx/access.log
 maxretry = 2

-
 [nginx-botsearch]
-
 enabled  = true
 port     = http,https
 filter   = nginx-botsearch
 logpath  = /config/log/nginx/access.log

 [nginx-deny]
-
 enabled  = true
 port     = http,https
 filter   = nginx-deny
 logpath  = /config/log/nginx/error.log
+
+[nginx-unauthorized]
+enabled  = true
+port     = http,https
+filter   = nginx-unauthorized
+logpath  = /config/log/nginx/unauthorized.log
--- a/root/defaults/nginx.conf
+++ b/root/defaults/nginx.conf
@@ -1,4 +1,4 @@
-## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
+## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf

 user abc;

@@ -55,6 +55,13 @@ http {
        '' close;
    }

+    # Saves unauthorized log messages to a separate log file
+    map $status $unauthorized {
+        default 0;
+        ~^401  1;
+    }
+    access_log /config/log/nginx/unauthorized.log combined if=$unauthorized;
+    
    # Sets the path, format, and configuration for a buffered log write.
    access_log /config/log/nginx/access.log;
Author	SHA1	Message	Date
LinuxServer-CI	274369c4ba	Bot Updating Package Versions	2022-02-08 19:58:44 +01:00
LinuxServer-CI	7562a1c26a	Bot Updating Package Versions	2022-02-03 06:18:15 +01:00
LinuxServer-CI	7d6b5e66c1	Bot Updating Package Versions	2022-01-27 06:19:02 +01:00
LinuxServer-CI	6fde2f5f8f	Bot Updating Package Versions	2022-01-20 06:19:07 +01:00
Roxedus	08d0680a0c	Merge pull request #202 from quietsy/master	2022-01-11 08:34:43 +01:00
quietsy	665eace79f	Ignore plex unauthorized requests	2022-01-11 09:19:16 +02:00
Roxedus	51d6132d63	Merge pull request #201 from quietsy/master	2022-01-10 19:48:30 +01:00
quietsy	251917b23f	Added a fail2ban jail for nginx unauthorized	2022-01-09 17:16:11 +02:00
LinuxServer-CI	bedff470cf	Bot Updating Package Versions	2021-12-30 06:19:44 +01:00