Create jail.local

2019-04-16 01:08:04 +02:00
parent 0afb1b43ca
commit d93485ea11
1 changed files with 333 additions and 0 deletions
@@ -0,0 +1,333 @@
 [DEFAULT]
 bantime  = 3600
 findtime = 1
 maxretry = 2
 backend = auto
 usedns = warn
 destemail = root@localhost
 sendername = Fail2Ban
 banaction = iptables-multiport
 mta = sendmail
 protocol = tcp
 chain = INPUT
 action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
 action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
 action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
 action = %(action_)s
 [ssh]
 enabled  = true
 port     = ssh
 filter   = sshd
 logpath  = /var/log/auth.log
 maxretry = 3
 [nginx-limits]
 enabled  = true
 port     = http,https
 filter   = nginx-limits
 logpath  = /hostdata/*/logs/error.log
 maxretry = 3
 [nginx-ban]
 enabled  = true
 port     = http,https
 filter   = nginx-ban
 logpath  = /hostdata/*/logs/access.log
 maxretry = 3
 [nginx-raw]
 enabled  = true
 port     = http,https
 filter   = nginx-raw
 logpath  = /hostdata/*/logs/access.log
 maxretry = 3
 [dropbear]
 enabled  = true
 port     = ssh
 filter   = dropbear
 logpath  = /var/log/auth.log
 maxretry = 6
 [pam-generic]
 enabled  = true
 filter   = pam-generic
 port     = all
 banaction = iptables-allports
 #port     = anyport
 logpath  = /var/log/auth.log
 maxretry = 6
 [xinetd-fail]
 enabled   = false
 filter    = xinetd-fail
 port      = all
 banaction = iptables-multiport-log
 logpath   = /var/log/daemon.log
 maxretry  = 2
 [ssh-route]
 enabled = false
 filter = sshd
 action = route
 logpath = /var/log/sshd.log
 maxretry = 6
 [ssh-iptables-ipset4]
 enabled  = false
 port     = ssh
 filter   = sshd
 banaction = iptables-ipset-proto4
 logpath  = /var/log/sshd.log
 maxretry = 6
 [ssh-iptables-ipset6]
 enabled  = false
 port     = ssh
 filter   = sshd
 banaction = iptables-ipset-proto6
 logpath  = /var/log/sshd.log
 maxretry = 6
 [apache]
 enabled  = false
 port     = http,https
 filter   = apache-auth
 logpath  = /var/log/apache*/*error.log
 maxretry = 6
 [apache-multiport]
 enabled   = false
 port      = http,https
 filter    = apache-auth
 logpath   = /var/log/apache*/*error.log
 maxretry  = 6
 [apache-noscript]
 enabled  = false
 port     = http,https
 filter   = apache-noscript
 logpath  = /var/log/apache*/*error.log
 maxretry = 6
 [apache-overflows]
 enabled  = false
 port     = http,https
 filter   = apache-overflows
 logpath  = /var/log/apache*/*error.log
 maxretry = 2
 [php-url-fopen]
 enabled = false
 port    = http,https
 filter  = php-url-fopen
 logpath = /var/www/*/logs/access_log
 [lighttpd-fastcgi]
 enabled = false
 port    = http,https
 filter  = lighttpd-fastcgi
 logpath = /var/log/lighttpd/error.log
 # Same as above for mod_auth
 # It catches wrong authentifications
 [lighttpd-auth]
 enabled = false
 port    = http,https
 filter  = suhosin
 logpath = /var/log/lighttpd/error.log
 [nginx-http-auth]
 enabled = true
 filter  = nginx-http-auth
 port    = http,https
 logpath = /var/log/nginx/error.log
 [roundcube-auth]
 enabled  = false
 filter   = roundcube-auth
 port     = http,https
 logpath  = /var/log/roundcube/userlogins
 [sogo-auth]
 enabled  = false
 filter   = sogo-auth
 port     = http, https
 # without proxy this would be:
 # port    = 20000
 logpath  = /var/log/sogo/sogo.log
 [vsftpd]
 enabled  = false
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = vsftpd
 logpath  = /var/log/vsftpd.log
 # or overwrite it in jails.local to be
 # logpath = /var/log/auth.log
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
 maxretry = 6
 [proftpd]
 enabled  = false
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = proftpd
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
 [pure-ftpd]
 enabled  = true
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = pure-ftpd
 logpath  = /var/log/syslog
 maxretry = 6
 [wuftpd]
 enabled  = false
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = wuftpd
 logpath  = /var/log/syslog
 maxretry = 6
 [postfix]
 enabled  = false
 port     = smtp,ssmtp,submission
 filter   = postfix
 logpath  = /var/log/mail.log
 [couriersmtp]
 enabled  = false
 port     = smtp,ssmtp,submission
 filter   = couriersmtp
 logpath  = /var/log/mail.log
 [courierauth]
 enabled  = false
 port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
 filter   = courierlogin
 logpath  = /var/log/mail.log
 [sasl]
 enabled  = false
 port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
 filter   = postfix-sasl
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = /var/log/mail.log
 [dovecot]
 enabled = false
 port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
 filter  = dovecot
 logpath = /var/log/mail.log
 # To log wrong MySQL access attempts add to /etc/my.cnf:
 # log-error=/var/log/mysqld.log
 # log-warning = 2
 [mysqld-auth]
 enabled  = false
 filter   = mysqld-auth
 port     = 3306
 logpath  = /var/log/mysqld.log
 #[named-refused-udp]
 #
 #enabled  = false
 #port     = domain,953
 #protocol = udp
 #filter   = named-refused
 #logpath  = /var/log/named/security.log
 [named-refused-tcp]
 enabled  = false
 port     = domain,953
 protocol = tcp
 filter   = named-refused
 logpath  = /var/log/named/security.log
 # Multiple jails, 1 per protocol, are necessary ATM:
 # see https://github.com/fail2ban/fail2ban/issues/37
 [asterisk-tcp]
 enabled  = false
 filter   = asterisk
 port     = 5060,5061
 protocol = tcp
 logpath  = /var/log/asterisk/messages
 [asterisk-udp]
 enabled  = false
 filter	 = asterisk
 port     = 5060,5061
 protocol = udp
 logpath  = /var/log/asterisk/messages
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
 #   Make sure that your loglevel specified in fail2ban.conf/.local
 #   is not at DEBUG level -- which might then cause fail2ban to fall into
 #   an infinite loop constantly feeding itself with non-informative lines
 [recidive]
 enabled  = false
 filter   = recidive
 logpath  = /var/log/fail2ban.log
 action   = iptables-allports[name=recidive]
           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5