334 lines
6.3 KiB
Plaintext
334 lines
6.3 KiB
Plaintext
[DEFAULT]
|
|
bantime = 3600
|
|
findtime = 1
|
|
maxretry = 2
|
|
|
|
backend = auto
|
|
usedns = warn
|
|
|
|
destemail = root@localhost
|
|
sendername = Fail2Ban
|
|
|
|
banaction = iptables-multiport
|
|
|
|
mta = sendmail
|
|
|
|
protocol = tcp
|
|
|
|
chain = INPUT
|
|
|
|
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
|
|
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
|
|
action = %(action_)s
|
|
|
|
[ssh]
|
|
|
|
enabled = true
|
|
port = ssh
|
|
filter = sshd
|
|
logpath = /var/log/auth.log
|
|
maxretry = 3
|
|
|
|
[nginx-limits]
|
|
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-limits
|
|
logpath = /hostdata/*/logs/error.log
|
|
maxretry = 3
|
|
|
|
[nginx-ban]
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-ban
|
|
logpath = /hostdata/*/logs/access.log
|
|
maxretry = 3
|
|
|
|
[nginx-raw]
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-raw
|
|
logpath = /hostdata/*/logs/access.log
|
|
maxretry = 3
|
|
|
|
[dropbear]
|
|
|
|
enabled = true
|
|
port = ssh
|
|
filter = dropbear
|
|
logpath = /var/log/auth.log
|
|
maxretry = 6
|
|
|
|
[pam-generic]
|
|
|
|
enabled = true
|
|
filter = pam-generic
|
|
port = all
|
|
banaction = iptables-allports
|
|
#port = anyport
|
|
logpath = /var/log/auth.log
|
|
maxretry = 6
|
|
|
|
[xinetd-fail]
|
|
|
|
enabled = false
|
|
filter = xinetd-fail
|
|
port = all
|
|
banaction = iptables-multiport-log
|
|
logpath = /var/log/daemon.log
|
|
maxretry = 2
|
|
|
|
|
|
[ssh-route]
|
|
|
|
enabled = false
|
|
filter = sshd
|
|
action = route
|
|
logpath = /var/log/sshd.log
|
|
maxretry = 6
|
|
|
|
[ssh-iptables-ipset4]
|
|
|
|
enabled = false
|
|
port = ssh
|
|
filter = sshd
|
|
banaction = iptables-ipset-proto4
|
|
logpath = /var/log/sshd.log
|
|
maxretry = 6
|
|
|
|
[ssh-iptables-ipset6]
|
|
|
|
enabled = false
|
|
port = ssh
|
|
filter = sshd
|
|
banaction = iptables-ipset-proto6
|
|
logpath = /var/log/sshd.log
|
|
maxretry = 6
|
|
|
|
|
|
[apache]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = apache-auth
|
|
logpath = /var/log/apache*/*error.log
|
|
maxretry = 6
|
|
|
|
[apache-multiport]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = apache-auth
|
|
logpath = /var/log/apache*/*error.log
|
|
maxretry = 6
|
|
|
|
[apache-noscript]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = apache-noscript
|
|
logpath = /var/log/apache*/*error.log
|
|
maxretry = 6
|
|
|
|
[apache-overflows]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = apache-overflows
|
|
logpath = /var/log/apache*/*error.log
|
|
maxretry = 2
|
|
|
|
[php-url-fopen]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = php-url-fopen
|
|
logpath = /var/www/*/logs/access_log
|
|
|
|
[lighttpd-fastcgi]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = lighttpd-fastcgi
|
|
logpath = /var/log/lighttpd/error.log
|
|
|
|
# Same as above for mod_auth
|
|
# It catches wrong authentifications
|
|
|
|
[lighttpd-auth]
|
|
|
|
enabled = false
|
|
port = http,https
|
|
filter = suhosin
|
|
logpath = /var/log/lighttpd/error.log
|
|
|
|
[nginx-http-auth]
|
|
|
|
enabled = true
|
|
filter = nginx-http-auth
|
|
port = http,https
|
|
logpath = /var/log/nginx/error.log
|
|
|
|
[roundcube-auth]
|
|
|
|
enabled = false
|
|
filter = roundcube-auth
|
|
port = http,https
|
|
logpath = /var/log/roundcube/userlogins
|
|
|
|
|
|
[sogo-auth]
|
|
|
|
enabled = false
|
|
filter = sogo-auth
|
|
port = http, https
|
|
# without proxy this would be:
|
|
# port = 20000
|
|
logpath = /var/log/sogo/sogo.log
|
|
|
|
|
|
[vsftpd]
|
|
|
|
enabled = false
|
|
port = ftp,ftp-data,ftps,ftps-data
|
|
filter = vsftpd
|
|
logpath = /var/log/vsftpd.log
|
|
# or overwrite it in jails.local to be
|
|
# logpath = /var/log/auth.log
|
|
# if you want to rely on PAM failed login attempts
|
|
# vsftpd's failregex should match both of those formats
|
|
maxretry = 6
|
|
|
|
|
|
[proftpd]
|
|
|
|
enabled = false
|
|
port = ftp,ftp-data,ftps,ftps-data
|
|
filter = proftpd
|
|
logpath = /var/log/proftpd/proftpd.log
|
|
maxretry = 6
|
|
|
|
|
|
[pure-ftpd]
|
|
|
|
enabled = true
|
|
port = ftp,ftp-data,ftps,ftps-data
|
|
filter = pure-ftpd
|
|
logpath = /var/log/syslog
|
|
maxretry = 6
|
|
|
|
|
|
[wuftpd]
|
|
|
|
enabled = false
|
|
port = ftp,ftp-data,ftps,ftps-data
|
|
filter = wuftpd
|
|
logpath = /var/log/syslog
|
|
maxretry = 6
|
|
|
|
|
|
[postfix]
|
|
|
|
enabled = false
|
|
port = smtp,ssmtp,submission
|
|
filter = postfix
|
|
logpath = /var/log/mail.log
|
|
|
|
|
|
[couriersmtp]
|
|
|
|
enabled = false
|
|
port = smtp,ssmtp,submission
|
|
filter = couriersmtp
|
|
logpath = /var/log/mail.log
|
|
|
|
[courierauth]
|
|
|
|
enabled = false
|
|
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
|
|
filter = courierlogin
|
|
logpath = /var/log/mail.log
|
|
|
|
|
|
[sasl]
|
|
|
|
enabled = false
|
|
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
|
|
filter = postfix-sasl
|
|
# You might consider monitoring /var/log/mail.warn instead if you are
|
|
# running postfix since it would provide the same log lines at the
|
|
# "warn" level but overall at the smaller filesize.
|
|
logpath = /var/log/mail.log
|
|
|
|
[dovecot]
|
|
|
|
enabled = false
|
|
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
|
|
filter = dovecot
|
|
logpath = /var/log/mail.log
|
|
|
|
# To log wrong MySQL access attempts add to /etc/my.cnf:
|
|
# log-error=/var/log/mysqld.log
|
|
# log-warning = 2
|
|
[mysqld-auth]
|
|
|
|
enabled = false
|
|
filter = mysqld-auth
|
|
port = 3306
|
|
logpath = /var/log/mysqld.log
|
|
|
|
|
|
#[named-refused-udp]
|
|
#
|
|
#enabled = false
|
|
#port = domain,953
|
|
#protocol = udp
|
|
#filter = named-refused
|
|
#logpath = /var/log/named/security.log
|
|
|
|
[named-refused-tcp]
|
|
|
|
enabled = false
|
|
port = domain,953
|
|
protocol = tcp
|
|
filter = named-refused
|
|
logpath = /var/log/named/security.log
|
|
|
|
# Multiple jails, 1 per protocol, are necessary ATM:
|
|
# see https://github.com/fail2ban/fail2ban/issues/37
|
|
[asterisk-tcp]
|
|
|
|
enabled = false
|
|
filter = asterisk
|
|
port = 5060,5061
|
|
protocol = tcp
|
|
logpath = /var/log/asterisk/messages
|
|
|
|
[asterisk-udp]
|
|
|
|
enabled = false
|
|
filter = asterisk
|
|
port = 5060,5061
|
|
protocol = udp
|
|
logpath = /var/log/asterisk/messages
|
|
|
|
|
|
# Jail for more extended banning of persistent abusers
|
|
# !!! WARNING !!!
|
|
# Make sure that your loglevel specified in fail2ban.conf/.local
|
|
# is not at DEBUG level -- which might then cause fail2ban to fall into
|
|
# an infinite loop constantly feeding itself with non-informative lines
|
|
[recidive]
|
|
|
|
enabled = false
|
|
filter = recidive
|
|
logpath = /var/log/fail2ban.log
|
|
action = iptables-allports[name=recidive]
|
|
sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
|
|
bantime = 604800 ; 1 week
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 5
|