new apache-scan fail2ban filter

etc/fail2ban/filter.d/apache-scan.conf

@@ -0,0 +1,13 @@
+# Fail2ban filter: /etc/fail2ban/filter.d/apache-scan.conf:
+#
+# Block IPs scanning for vulnerabilities and/or sensitive data
+#
+# Matches e.g.
+# exampledomain.com 12.34.56.78 - - [04/May/2023:04:20:00 -0700] "GET /.env HTTP/1.1" 404 317 "-" "Go-http-client/1.1"
+#
+[Definition]
+failregex = [\w\.\-]+ <HOST> [\w\.\-]+ [\w\.\-]+ .*] "GET /.DS_Store HTTP
+            [\w\.\-]+ <HOST> [\w\.\-]+ [\w\.\-]+ .*] "GET /.env HTTP
+            [\w\.\-]+ <HOST> [\w\.\-]+ [\w\.\-]+ .*] "GET /.git/config HTTP
+
+ignoreregex =

etc/fail2ban/jail.d/apache-scan.conf

@@ -0,0 +1,8 @@
+[apache-scan]
+enabled = true
+port = http,https
+filter = apache-scan
+logpath = /var/log/apache2/access.log tail
+bantime = 3600
+findtime = 60
+maxretry = 1

install.sh

@@ -173,6 +173,17 @@ find /srv/www/html/phpMyAdmin -type d -exec chmod 755 {} +
 find /srv/www/html/phpMyAdmin -type f -exec chmod 644 {} +
 chown -R vhost:vhost /srv/www/html/phpMyAdmin
 
+# fail2ban
+if [[ -d /etc/fail2ban/ ]]; then
+  chmod 644 etc/fail2ban/*/*.conf
+  cp -a etc/fail2ban/* /etc/fail2ban/
+  if systemctl is-active --quiet fail2ban ; then
+    systemctl restart fail2ban
+  fi
+else
+  echo "NOTICE: fail2ban not installed, skipping"
+fi
+
 # jailkit
 DEBIAN_FRONTEND=noninteractive apt-get -y install jailkit
 sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
@@ -242,6 +253,6 @@ if [[ -d /etc/firewalld/ ]]; then
   firewall-cmd --zone=public --add-service=https
   firewall-cmd --permanent --zone=public --add-service=https
 else
-  echo "firewalld not installed, not opening http ports in firewall."
+  echo "NOTICE: firewalld not installed, not opening http ports in firewall."
 fi