API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 19th, 2014
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.51 KB | None | 0 0
raw download clone embed print report
  1. # Fail2Ban configuration file
  2. #
  3. # Author: Cyril Jaquier
  4. #
  5. # $Revision: 617 $
  6. #
  7.  
  8. # The DEFAULT allows a global definition of the options. They can be override
  9. # in each jail afterwards.
  10.  
  11. [DEFAULT]
  12.  
  13. # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
  14. # ban a host which matches an address in this list. Several addresses can be
  15. # defined using space separator.
  16. #ignoreip = 127.0.0.1 192.168.0.1/24 192.168.1.1/24
  17.  
  18. # "bantime" is the number of seconds that a host is banned.
  19. bantime = 1800
  20.  
  21. # A host is banned if it has generated "maxretry" during the last "findtime"
  22. # seconds.
  23. findtime = 600
  24.  
  25. # "maxretry" is the number of failures before a host get banned.
  26. maxretry = 3
  27.  
  28. # "backend" specifies the backend used to get files modification. Available
  29. # options are "gamin", "polling" and "auto". This option can be overridden in
  30. # each jail too (use "gamin" for a jail and "polling" for another).
  31. #
  32. # gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
  33. # is not installed, Fail2ban will use polling.
  34. # polling: uses a polling algorithm which does not require external libraries.
  35. # auto: will choose Gamin if available and polling otherwise.
  36. backend = auto
  37.  
  38.  
  39. # This jail corresponds to the standard configuration in Fail2ban 0.6.
  40. # The mail-whois action send a notification e-mail with a whois request
  41. # in the body.
  42.  
  43. [ssh-iptables]
  44.  
  45. enabled = true
  46. filter = sshd
  47. action = iptables[name=SSH, port=ssh, protocol=tcp]
  48. sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  49. logpath = /var/log/secure
  50. maxretry = 3
  51.  
  52. [proftpd-iptables]
  53.  
  54. enabled = false
  55. filter = proftpd
  56. action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
  57. sendmail-whois[name=ProFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  58. logpath = /var/log/proftpd/proftpd.log
  59. maxretry = 6
  60.  
  61. # This jail forces the backend to "polling".
  62.  
  63. [sasl-iptables]
  64.  
  65. enabled = false
  66. filter = sasl
  67. backend = polling
  68. action = iptables[name=sasl, port=smtp, protocol=tcp]
  69. sendmail-whois[name=sasl, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  70. logpath = /var/log/mail.log
  71.  
  72. # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
  73. # used to avoid banning the user "myuser".
  74.  
  75. [ssh-tcpwrapper]
  76.  
  77. enabled = false
  78. filter = sshd
  79. action = hostsdeny
  80. sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  81. ignoreregex = for myuser from
  82. logpath = /var/log/sshd.log
  83.  
  84. # This jail demonstrates the use of wildcards in "logpath".
  85. # Moreover, it is possible to give other files on a new line.
  86.  
  87. [apache-tcpwrapper]
  88.  
  89. enabled = true
  90. filter = apache-auth
  91. action = iptables-allports[name=APACHE, port=http, protocol=tcp]
  92. sendmail-whois[name=APACHE, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  93. logpath = /var/log/httpd/error_log
  94. maxretry = 3
  95.  
  96. # The hosts.deny path can be defined with the "file" argument if it is
  97. # not in /etc.
  98.  
  99. [postfix-tcpwrapper]
  100.  
  101. enabled = false
  102. filter = postfix
  103. action = hostsdeny[file=/not/a/standard/path/hosts.deny]
  104. sendmail[name=Postfix, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  105. logpath = /var/log/postfix.log
  106. bantime = 1800
  107.  
  108. # Do not ban anybody. Just report information about the remote host.
  109. # A notification is sent at most every 600 seconds (bantime).
  110.  
  111. [vsftpd-notification]
  112.  
  113. enabled = false
  114. filter = vsftpd
  115. action = sendmail-whois[name=VSFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  116. logpath = /var/log/vsftpd.log
  117. maxretry = 5
  118. bantime = 1800
  119.  
  120. # Same as above but with banning the IP address.
  121.  
  122. [vsftpd-iptables]
  123.  
  124. enabled = true
  125. filter = vsftpd
  126. action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
  127. sendmail-whois[name=VSFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  128. logpath = /var/log/vsftpd.log
  129. maxretry = 3
  130. bantime = 1800
  131.  
  132. # Ban hosts which agent identifies spammer robots crawling the web
  133. # for email addresses. The mail outputs are buffered.
  134.  
  135. [apache-badbots]
  136.  
  137. enabled = true
  138. filter = apache-badbots
  139. action = iptables-multiport[name=BadBots, port="http,https"]
  140. sendmail-whois[name=APACHE, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  141. logpath = /var/log/httpd/*access_log
  142. bantime = 1800
  143. maxretry = 1
  144.  
  145. # Use shorewall instead of iptables.
  146.  
  147. [apache-shorewall]
  148.  
  149. enabled = false
  150. filter = apache-noscript
  151. action = shorewall
  152. sendmail[name=Postfix, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  153. logpath = /var/log/apache2/error_log
  154.  
  155. # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
  156. # option is overridden in this jail. Moreover, the action "mail-whois" defines
  157. # the variable "name" which contains a comma using "". The characters '' are
  158. # valid too.
  159.  
  160. [ssh-ipfw]
  161.  
  162. enabled = false
  163. filter = sshd
  164. action = ipfw[localhost=127.0.0.1]
  165. sendmail-whois[name="SSH,IPFW", dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  166. logpath = /var/log/auth.log
  167. #ignoreip = 168.192.0.1
  168.  
  169. # These jails block attacks against named (bind9). By default, logging is off
  170. # with bind9 installation. You will need something like this:
  171. #
  172. # logging {
  173. # channel security_file {
  174. # file "/var/log/named/security.log" versions 3 size 30m;
  175. # severity dynamic;
  176. # print-time yes;
  177. # };
  178. # category security {
  179. # security_file;
  180. # };
  181. # }
  182. #
  183. # in your named.conf to provide proper logging.
  184. # This jail blocks UDP traffic for DNS requests.
  185.  
  186. [named-refused-udp]
  187.  
  188. enabled = false
  189. filter = named-refused
  190. action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
  191. sendmail-whois[name=Named, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  192. logpath = /var/log/named/security.log
  193. #ignoreip = 168.192.0.1
  194.  
  195. # This jail blocks TCP traffic for DNS requests.
  196.  
  197. [named-refused-tcp]
  198.  
  199. enabled = false
  200. filter = named-refused
  201. action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
  202. sendmail-whois[name=Named, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  203. logpath = /var/log/named/security.log
  204. #ignoreip = 168.192.0.1
  205.  
  206.  
  207. [asterisk-iptables]
  208.  
  209. enabled = true
  210. filter = asterisk
  211. action = iptables-allports[name=ASTERISK, protocol=all]
  212. sendmail-whois[name=ASTERISK, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
  213. logpath = /var/log/asterisk/full
  214. #logpath = /var/log/messages
  215. maxretry = 5
  216. bantime = 1800
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!