Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Fail2Ban configuration file
- #
- # Author: Cyril Jaquier
- #
- # $Revision: 617 $
- #
- # The DEFAULT allows a global definition of the options. They can be override
- # in each jail afterwards.
- [DEFAULT]
- # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
- # ban a host which matches an address in this list. Several addresses can be
- # defined using space separator.
- #ignoreip = 127.0.0.1 192.168.0.1/24 192.168.1.1/24
- # "bantime" is the number of seconds that a host is banned.
- bantime = 1800
- # A host is banned if it has generated "maxretry" during the last "findtime"
- # seconds.
- findtime = 600
- # "maxretry" is the number of failures before a host get banned.
- maxretry = 3
- # "backend" specifies the backend used to get files modification. Available
- # options are "gamin", "polling" and "auto". This option can be overridden in
- # each jail too (use "gamin" for a jail and "polling" for another).
- #
- # gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
- # is not installed, Fail2ban will use polling.
- # polling: uses a polling algorithm which does not require external libraries.
- # auto: will choose Gamin if available and polling otherwise.
- backend = auto
- # This jail corresponds to the standard configuration in Fail2ban 0.6.
- # The mail-whois action send a notification e-mail with a whois request
- # in the body.
- [ssh-iptables]
- enabled = true
- filter = sshd
- action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/secure
- maxretry = 3
- [proftpd-iptables]
- enabled = false
- filter = proftpd
- action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/proftpd/proftpd.log
- maxretry = 6
- # This jail forces the backend to "polling".
- [sasl-iptables]
- enabled = false
- filter = sasl
- backend = polling
- action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/mail.log
- # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
- # used to avoid banning the user "myuser".
- [ssh-tcpwrapper]
- enabled = false
- filter = sshd
- action = hostsdeny
- sendmail-whois[name=SSH, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- ignoreregex = for myuser from
- logpath = /var/log/sshd.log
- # This jail demonstrates the use of wildcards in "logpath".
- # Moreover, it is possible to give other files on a new line.
- [apache-tcpwrapper]
- enabled = true
- filter = apache-auth
- action = iptables-allports[name=APACHE, port=http, protocol=tcp]
- sendmail-whois[name=APACHE, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/httpd/error_log
- maxretry = 3
- # The hosts.deny path can be defined with the "file" argument if it is
- # not in /etc.
- [postfix-tcpwrapper]
- enabled = false
- filter = postfix
- action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/postfix.log
- bantime = 1800
- # Do not ban anybody. Just report information about the remote host.
- # A notification is sent at most every 600 seconds (bantime).
- [vsftpd-notification]
- enabled = false
- filter = vsftpd
- action = sendmail-whois[name=VSFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/vsftpd.log
- maxretry = 5
- bantime = 1800
- # Same as above but with banning the IP address.
- [vsftpd-iptables]
- enabled = true
- filter = vsftpd
- action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=VSFTPD, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/vsftpd.log
- maxretry = 3
- bantime = 1800
- # Ban hosts which agent identifies spammer robots crawling the web
- # for email addresses. The mail outputs are buffered.
- [apache-badbots]
- enabled = true
- filter = apache-badbots
- action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-whois[name=APACHE, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/httpd/*access_log
- bantime = 1800
- maxretry = 1
- # Use shorewall instead of iptables.
- [apache-shorewall]
- enabled = false
- filter = apache-noscript
- action = shorewall
- sendmail[name=Postfix, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/apache2/error_log
- # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
- # option is overridden in this jail. Moreover, the action "mail-whois" defines
- # the variable "name" which contains a comma using "". The characters '' are
- # valid too.
- [ssh-ipfw]
- enabled = false
- filter = sshd
- action = ipfw[localhost=127.0.0.1]
- sendmail-whois[name="SSH,IPFW", dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/auth.log
- #ignoreip = 168.192.0.1
- # These jails block attacks against named (bind9). By default, logging is off
- # with bind9 installation. You will need something like this:
- #
- # logging {
- # channel security_file {
- # file "/var/log/named/security.log" versions 3 size 30m;
- # severity dynamic;
- # print-time yes;
- # };
- # category security {
- # security_file;
- # };
- # }
- #
- # in your named.conf to provide proper logging.
- # This jail blocks UDP traffic for DNS requests.
- [named-refused-udp]
- enabled = false
- filter = named-refused
- action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
- sendmail-whois[name=Named, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/named/security.log
- #ignoreip = 168.192.0.1
- # This jail blocks TCP traffic for DNS requests.
- [named-refused-tcp]
- enabled = false
- filter = named-refused
- action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/named/security.log
- #ignoreip = 168.192.0.1
- [asterisk-iptables]
- enabled = true
- filter = asterisk
- action = iptables-allports[name=ASTERISK, protocol=all]
- sendmail-whois[name=ASTERISK, dest=root@localhost, sender=fail2ban@pbx.dyndns.org]
- logpath = /var/log/asterisk/full
- #logpath = /var/log/messages
- maxretry = 5
- bantime = 1800
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement