API tools faq
paste
Advertisement
mchub

fail2ban jail.conf

mchub
Dec 5th, 2014
859
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.48 KB | None | 0 0
raw download clone embed print report
  1. # Fail2Ban jail base specification file
  2. #
  3. # HOW TO ACTIVATE JAILS:
  4. #
  5. # YOU SHOULD NOT MODIFY THIS FILE.
  6. #
  7. # It will probably be overwitten or improved in a distribution update.
  8. #
  9. # Provide customizations in a jail.local file or a jail.d/customisation.local.
  10. # For example to change the default bantime for all jails and to enable the
  11. # ssh-iptables jail the following (uncommented) would appear in the .local file.
  12. # See man 5 jail.conf for details.
  13. #
  14. # [DEFAULT]
  15. # bantime = 3600
  16. #
  17. # [ssh-iptables]
  18. # enabled = true
  19.  
  20.  
  21.  
  22. # Comments: use '#' for comment lines and ';' (following a space) for inline comments
  23.  
  24. # The DEFAULT allows a global definition of the options. They can be overridden
  25. # in each jail afterwards.
  26.  
  27. [DEFAULT]
  28.  
  29. # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
  30. # ban a host which matches an address in this list. Several addresses can be
  31. # defined using space separator.
  32. ignoreip = 127.0.0.1/8
  33.  
  34. # External command that will take an tagged arguments to ignore, e.g. <ip>,
  35. # and return true if the IP is to be ignored. False otherwise.
  36. #
  37. # ignorecommand = /path/to/command <ip>
  38. ignorecommand =
  39.  
  40. # "bantime" is the number of seconds that a host is banned.
  41. bantime = 600
  42.  
  43. # A host is banned if it has generated "maxretry" during the last "findtime"
  44. # seconds.
  45. findtime = 600
  46.  
  47. # "maxretry" is the number of failures before a host get banned.
  48. maxretry = 3
  49.  
  50. # "backend" specifies the backend used to get files modification.
  51. # Available options are "pyinotify", "gamin", "polling" and "auto".
  52. # This option can be overridden in each jail as well.
  53. #
  54. # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
  55. # If pyinotify is not installed, Fail2ban will use auto.
  56. # gamin: requires Gamin (a file alteration monitor) to be installed.
  57. # If Gamin is not installed, Fail2ban will use auto.
  58. # polling: uses a polling algorithm which does not require external libraries.
  59. # auto: will try to use the following backends, in order:
  60. # pyinotify, gamin, polling.
  61. backend = auto
  62.  
  63. # "usedns" specifies if jails should trust hostnames in logs,
  64. # warn when DNS lookups are performed, or ignore all hostnames in logs
  65. #
  66. # yes: if a hostname is encountered, a DNS lookup will be performed.
  67. # warn: if a hostname is encountered, a DNS lookup will be performed,
  68. # but it will be logged as a warning.
  69. # no: if a hostname is encountered, will not be used for banning,
  70. # but it will be logged as info.
  71. usedns = warn
  72.  
  73.  
  74. # This jail corresponds to the standard configuration in Fail2ban.
  75. # The mail-whois action send a notification e-mail with a whois request
  76. # in the body.
  77.  
  78. [pam-generic]
  79.  
  80. enabled = false
  81. filter = pam-generic
  82. action = iptables-allports[name=pam,protocol=all]
  83. logpath = /var/log/secure
  84.  
  85.  
  86. [xinetd-fail]
  87.  
  88. enabled = false
  89. filter = xinetd-fail
  90. action = iptables-allports[name=xinetd,protocol=all]
  91. logpath = /var/log/daemon*log
  92.  
  93.  
  94. [ssh-iptables]
  95.  
  96. enabled = true
  97. filter = sshd
  98. action = iptables[name=SSH, port=ssh, protocol=tcp]
  99. sendmail-whois[name=SSH, dest=****@mchub.ca, sender=fail2ban@mchub.ca, sendername="Fail2Ban"]
  100. logpath = /var/log/secure
  101. maxretry = 5
  102.  
  103.  
  104. [ssh-ddos]
  105.  
  106. enabled = true
  107. filter = sshd-ddos
  108. action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
  109. logpath = /var/log/secure
  110. maxretry = 2
  111.  
  112.  
  113. [dropbear]
  114.  
  115. enabled = false
  116. filter = dropbear
  117. action = iptables[name=dropbear, port=ssh, protocol=tcp]
  118. logpath = /var/log/messages
  119. maxretry = 5
  120.  
  121.  
  122. [proftpd-iptables]
  123.  
  124. enabled = false
  125. filter = proftpd
  126. action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
  127. sendmail-whois[name=ProFTPD, dest=****@mchub.ca]
  128. logpath = /var/log/proftpd/proftpd.log
  129. maxretry = 6
  130.  
  131.  
  132. [gssftpd-iptables]
  133.  
  134. enabled = false
  135. filter = gssftpd
  136. action = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
  137. sendmail-whois[name=GSSFTPd, dest=****@mchub.ca]
  138. logpath = /var/log/daemon.log
  139. maxretry = 6
  140.  
  141.  
  142. [pure-ftpd]
  143.  
  144. enabled = false
  145. filter = pure-ftpd
  146. action = iptables[name=pureftpd, port=ftp, protocol=tcp]
  147. logpath = /var/log/pureftpd.log
  148. maxretry = 6
  149.  
  150.  
  151. [wuftpd]
  152.  
  153. enabled = false
  154. filter = wuftpd
  155. action = iptables[name=wuftpd, port=ftp, protocol=tcp]
  156. logpath = /var/log/daemon.log
  157. maxretry = 6
  158.  
  159.  
  160. [sendmail-auth]
  161.  
  162. enabled = true
  163. filter = sendmail-auth
  164. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  165. logpath = /var/log/maillog
  166.  
  167.  
  168. [sendmail-reject]
  169.  
  170. enabled = false
  171. filter = sendmail-reject
  172. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  173. logpath = /var/log/maillog
  174.  
  175.  
  176. # This jail forces the backend to "polling".
  177. [sasl-iptables]
  178.  
  179. enabled = false
  180. filter = postfix-sasl
  181. backend = polling
  182. action = iptables[name=sasl, port=smtp, protocol=tcp]
  183. sendmail-whois[name=sasl, dest=****@mchub.ca]
  184. logpath = /var/log/mail.log
  185.  
  186.  
  187. # ASSP SMTP Proxy Jail
  188. [assp]
  189.  
  190. enabled = false
  191. filter = assp
  192. action = iptables-multiport[name=assp,port="25,465,587"]
  193. logpath = /root/path/to/assp/logs/maillog.txt
  194.  
  195.  
  196. # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
  197. # used to avoid banning the user "myuser".
  198. [ssh-tcpwrapper]
  199.  
  200. enabled = false
  201. filter = sshd
  202. action = hostsdeny[daemon_list=sshd]
  203. sendmail-whois[name=SSH, dest=****@mchub.ca]
  204. ignoreregex = for myuser from
  205. logpath = /var/log/secure
  206.  
  207.  
  208. # Here we use blackhole routes for not requiring any additional kernel support
  209. # to store large volumes of banned IPs
  210. [ssh-route]
  211.  
  212. enabled = false
  213. filter = sshd
  214. action = route
  215. logpath = /var/log/secure
  216. maxretry = 5
  217.  
  218.  
  219. # Here we use a combination of Netfilter/Iptables and IPsets
  220. # for storing large volumes of banned IPs
  221. #
  222. # IPset comes in two versions. See ipset -V for which one to use
  223. # requires the ipset package and kernel support.
  224. [ssh-iptables-ipset4]
  225.  
  226. enabled = false
  227. filter = sshd
  228. action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
  229. logpath = /var/log/secure
  230. maxretry = 5
  231.  
  232.  
  233. [ssh-iptables-ipset6]
  234.  
  235. enabled = false
  236. filter = sshd
  237. action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
  238. logpath = /var/log/secure
  239. maxretry = 5
  240.  
  241.  
  242. # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
  243. # table number must be unique.
  244. #
  245. # This will create a deny rule for that table ONLY if a rule
  246. # for the table doesn't ready exist.
  247. #
  248. [ssh-bsd-ipfw]
  249.  
  250. enabled = false
  251. filter = sshd
  252. action = bsd-ipfw[port=ssh,table=1]
  253. logpath = /var/log/auth.log
  254. maxretry = 5
  255.  
  256.  
  257. # This jail demonstrates the use of wildcards in "logpath".
  258. # Moreover, it is possible to give other files on a new line.
  259. [apache-tcpwrapper]
  260.  
  261. enabled = false
  262. filter = apache-auth
  263. action = hostsdeny
  264. logpath = /var/log/apache*/*error.log
  265. /home/www/myhomepage/error.log
  266. maxretry = 6
  267.  
  268.  
  269. [apache-modsecurity]
  270.  
  271. enabled = false
  272. filter = apache-modsecurity
  273. action = iptables-multiport[name=apache-modsecurity,port="80,443"]
  274. logpath = /var/log/apache*/*error.log
  275. /home/www/myhomepage/error.log
  276. maxretry = 2
  277.  
  278.  
  279. [apache-overflows]
  280.  
  281. enabled = true
  282. filter = apache-overflows
  283. action = iptables-multiport[name=apache-overflows,port="80,443"]
  284. logpath = /usr/local/apache/logs/error_log
  285. maxretry = 2
  286.  
  287.  
  288. [apache-nohome]
  289.  
  290. enabled = true
  291. filter = apache-nohome
  292. action = iptables-multiport[name=apache-nohome,port="80,443"]
  293. logpath = /usr/local/apache/logs/error_log
  294. maxretry = 2
  295.  
  296.  
  297. [nginx-http-auth]
  298.  
  299. enabled = false
  300. filter = nginx-http-auth
  301. action = iptables-multiport[name=nginx-http-auth,port="80,443"]
  302. logpath = /var/log/nginx/error.log
  303.  
  304.  
  305. [squid]
  306.  
  307. enabled = false
  308. filter = squid
  309. action = iptables-multiport[name=squid,port="80,443,8080"]
  310. logpath = /var/log/squid/access.log
  311.  
  312.  
  313. # The hosts.deny path can be defined with the "file" argument if it is
  314. # not in /etc.
  315. [postfix-tcpwrapper]
  316.  
  317. enabled = false
  318. filter = postfix
  319. action = hostsdeny[file=/not/a/standard/path/hosts.deny]
  320. sendmail[name=Postfix, dest=****@mchub.ca]
  321. logpath = /var/log/postfix.log
  322. bantime = 300
  323.  
  324.  
  325. [cyrus-imap]
  326.  
  327. enabled = false
  328. filter = cyrus-imap
  329. action = iptables-multiport[name=cyrus-imap,port="143,993"]
  330. logpath = /var/log/mail*log
  331.  
  332.  
  333. [courierlogin]
  334.  
  335. enabled = false
  336. filter = courierlogin
  337. action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
  338. logpath = /var/log/mail*log
  339.  
  340.  
  341. [couriersmtp]
  342.  
  343. enabled = false
  344. filter = couriersmtp
  345. action = iptables-multiport[name=couriersmtp,port="25,465,587"]
  346. logpath = /var/log/mail*log
  347.  
  348.  
  349. [qmail-rbl]
  350.  
  351. enabled = false
  352. filter = qmail
  353. action = iptables-multiport[name=qmail-rbl,port="25,465,587"]
  354. logpath = /service/qmail/log/main/current
  355.  
  356.  
  357. [sieve]
  358.  
  359. enabled = false
  360. filter = sieve
  361. action = iptables-multiport[name=sieve,port="25,465,587"]
  362. logpath = /var/log/mail*log
  363.  
  364.  
  365. # Do not ban anybody. Just report information about the remote host.
  366. # A notification is sent at most every 600 seconds (bantime).
  367. [vsftpd-notification]
  368.  
  369. enabled = false
  370. filter = vsftpd
  371. action = sendmail-whois[name=VSFTPD, dest=****@mchub.ca]
  372. logpath = /var/log/vsftpd.log
  373. maxretry = 5
  374. bantime = 1800
  375.  
  376.  
  377. # Same as above but with banning the IP address.
  378. [vsftpd-iptables]
  379.  
  380. enabled = false
  381. filter = vsftpd
  382. action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
  383. sendmail-whois[name=VSFTPD, dest=****@mchub.ca]
  384. logpath = /var/log/vsftpd.log
  385. maxretry = 5
  386. bantime = 1800
  387.  
  388.  
  389. # Ban hosts which agent identifies spammer robots crawling the web
  390. # for email addresses. The mail outputs are buffered.
  391. [apache-badbots]
  392.  
  393. enabled = false
  394. filter = apache-badbots
  395. action = iptables-multiport[name=BadBots, port="http,https"]
  396. sendmail-buffered[name=BadBots, lines=5, dest=****@mchub.ca]
  397. logpath = /var/www/*/logs/access_log
  398. bantime = 172800
  399. maxretry = 1
  400.  
  401.  
  402. # Use shorewall instead of iptables.
  403. [apache-shorewall]
  404.  
  405. enabled = false
  406. filter = apache-noscript
  407. action = shorewall
  408. sendmail[name=Postfix, dest=****@mchub.ca]
  409. logpath = /var/log/apache2/error_log
  410.  
  411.  
  412. # Monitor roundcube server
  413. [roundcube-iptables]
  414.  
  415. enabled = false
  416. filter = roundcube-auth
  417. action = iptables-multiport[name=RoundCube, port="http,https"]
  418. logpath = /var/log/roundcube/userlogins
  419.  
  420.  
  421. # Monitor SOGo groupware server
  422. [sogo-iptables]
  423.  
  424. enabled = false
  425. filter = sogo-auth
  426. # without proxy this would be:
  427. # port = 20000
  428. action = iptables-multiport[name=SOGo, port="http,https"]
  429. logpath = /var/log/sogo/sogo.log
  430.  
  431.  
  432. [groupoffice]
  433.  
  434. enabled = false
  435. filter = groupoffice
  436. action = iptables-multiport[name=groupoffice, port="http,https"]
  437. logpath = /home/groupoffice/log/info.log
  438.  
  439.  
  440. [openwebmail]
  441.  
  442. enabled = false
  443. filter = openwebmail
  444. logpath = /var/log/openwebmail.log
  445. action = ipfw
  446. sendmail-whois[name=openwebmail, dest=****@mchub.ca]
  447. maxretry = 5
  448.  
  449.  
  450. [horde]
  451.  
  452. enabled = false
  453. filter = horde
  454. logpath = /var/log/horde/horde.log
  455. action = iptables-multiport[name=horde, port="http,https"]
  456. maxretry = 5
  457.  
  458.  
  459. # Ban attackers that try to use PHP's URL-fopen() functionality
  460. # through GET/POST variables. - Experimental, with more than a year
  461. # of usage in production environments.
  462. [php-url-fopen]
  463.  
  464. enabled = false
  465. action = iptables-multiport[name=php-url-open, port="http,https"]
  466. filter = php-url-fopen
  467. logpath = /var/www/*/logs/access_log
  468. maxretry = 1
  469.  
  470.  
  471. [suhosin]
  472.  
  473. enabled = false
  474. filter = suhosin
  475. action = iptables-multiport[name=suhosin, port="http,https"]
  476. # adapt the following two items as needed
  477. logpath = /var/log/lighttpd/error.log
  478. maxretry = 2
  479.  
  480.  
  481. [lighttpd-auth]
  482.  
  483. enabled = false
  484. filter = lighttpd-auth
  485. action = iptables-multiport[name=lighttpd-auth, port="http,https"]
  486. # adapt the following two items as needed
  487. logpath = /var/log/lighttpd/error.log
  488. maxretry = 2
  489.  
  490.  
  491. # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
  492. # option is overridden in this jail. Moreover, the action "mail-whois" defines
  493. # the variable "name" which contains a comma using "". The characters '' are
  494. # valid too.
  495. [ssh-ipfw]
  496.  
  497. enabled = false
  498. filter = sshd
  499. action = ipfw[localhost=192.168.0.1]
  500. sendmail-whois[name="SSH,IPFW", dest=****@mchub.ca]
  501. logpath = /var/log/auth.log
  502. ignoreip = 168.192.0.1
  503.  
  504.  
  505. # !!! WARNING !!!
  506. # Since UDP is connection-less protocol, spoofing of IP and imitation
  507. # of illegal actions is way too simple. Thus enabling of this filter
  508. # might provide an easy way for implementing a DoS against a chosen
  509. # victim. See
  510. # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
  511. # Please DO NOT USE this jail unless you know what you are doing.
  512. #
  513. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  514. # This jail blocks UDP traffic for DNS requests.
  515. # [named-refused-udp]
  516. #
  517. # enabled = false
  518. # filter = named-refused
  519. # action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
  520. # sendmail-whois[name=Named, dest=****@mchub.ca]
  521. # logpath = /var/log/named/security.log
  522. # ignoreip = 168.192.0.1
  523.  
  524. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  525. # This jail blocks TCP traffic for DNS requests.
  526. [named-refused-tcp]
  527.  
  528. enabled = false
  529. filter = named-refused
  530. action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
  531. sendmail-whois[name=Named, dest=****@mchub.ca]
  532. logpath = /var/log/named/security.log
  533. ignoreip = 168.192.0.1
  534.  
  535.  
  536. [nsd]
  537.  
  538. enabled = false
  539. filter = nsd
  540. action = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
  541. iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
  542. logpath = /var/log/nsd.log
  543.  
  544.  
  545. [asterisk]
  546.  
  547. enabled = false
  548. filter = asterisk
  549. action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  550. iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  551. sendmail-whois[name=Asterisk, dest=****@mchub.ca, sender=fail2ban@example.com]
  552. logpath = /var/log/asterisk/messages
  553. maxretry = 10
  554.  
  555.  
  556. [freeswitch]
  557.  
  558. enabled = false
  559. filter = freeswitch
  560. logpath = /var/log/freeswitch.log
  561. maxretry = 10
  562. action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
  563. iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
  564.  
  565. [ejabberd-auth]
  566.  
  567. enabled = false
  568. filter = ejabberd-auth
  569. logpath = /var/log/ejabberd/ejabberd.log
  570. action = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
  571.  
  572. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  573. # use [asterisk] for new jails
  574. [asterisk-tcp]
  575.  
  576. enabled = false
  577. filter = asterisk
  578. action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  579. sendmail-whois[name=Asterisk, dest=****@mchub.ca, sender=fail2ban@example.com]
  580. logpath = /var/log/asterisk/messages
  581. maxretry = 10
  582.  
  583.  
  584. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  585. # use [asterisk] for new jails
  586. [asterisk-udp]
  587.  
  588. enabled = false
  589. filter = asterisk
  590. action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  591. sendmail-whois[name=Asterisk, dest=****@mchub.ca, sender=fail2ban@example.com]
  592. logpath = /var/log/asterisk/messages
  593. maxretry = 10
  594.  
  595.  
  596. [mysqld-iptables]
  597.  
  598. enabled = false
  599. filter = mysqld-auth
  600. action = iptables[name=mysql, port=3306, protocol=tcp]
  601. sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
  602. logpath = /var/log/mysqld.log
  603. maxretry = 5
  604.  
  605.  
  606. [mysqld-syslog]
  607.  
  608. enabled = false
  609. filter = mysqld-auth
  610. action = iptables[name=mysql, port=3306, protocol=tcp]
  611. logpath = /var/log/daemon.log
  612. maxretry = 5
  613.  
  614.  
  615. # Jail for more extended banning of persistent abusers
  616. # !!! WARNING !!!
  617. # Make sure that your loglevel specified in fail2ban.conf/.local
  618. # is not at DEBUG level -- which might then cause fail2ban to fall into
  619. # an infinite loop constantly feeding itself with non-informative lines
  620. [recidive]
  621.  
  622. enabled = false
  623. filter = recidive
  624. logpath = /var/log/fail2ban.log
  625. action = iptables-allports[name=recidive,protocol=all]
  626. sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
  627. bantime = 604800 ; 1 week
  628. findtime = 86400 ; 1 day
  629. maxretry = 5
  630.  
  631.  
  632. # PF is a BSD based firewall
  633. [ssh-pf]
  634.  
  635. enabled = false
  636. filter = sshd
  637. action = pf
  638. logpath = /var/log/secure
  639. maxretry = 5
  640.  
  641.  
  642. [3proxy]
  643.  
  644. enabled = false
  645. filter = 3proxy
  646. action = iptables[name=3proxy, port=3128, protocol=tcp]
  647. logpath = /var/log/3proxy.log
  648.  
  649.  
  650. [exim]
  651.  
  652. enabled = true
  653. filter = exim
  654. action = iptables-multiport[name=exim,port="25,465,587"]
  655. logpath = /var/log/exim_mainlog
  656.  
  657.  
  658. [exim-spam]
  659.  
  660. enabled = false
  661. filter = exim-spam
  662. action = iptables-multiport[name=exim-spam,port="25,465,587"]
  663. logpath = /var/log/exim_mainlog
  664.  
  665.  
  666. [perdition]
  667.  
  668. enabled = false
  669. filter = perdition
  670. action = iptables-multiport[name=perdition,port="110,143,993,995"]
  671. logpath = /var/log/maillog
  672.  
  673.  
  674. [uwimap-auth]
  675.  
  676. enabled = false
  677. filter = uwimap-auth
  678. action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
  679. logpath = /var/log/maillog
  680.  
  681.  
  682. [osx-ssh-ipfw]
  683.  
  684. enabled = false
  685. filter = sshd
  686. action = osx-ipfw
  687. logpath = /var/log/secure.log
  688. maxretry = 5
  689.  
  690.  
  691. [ssh-apf]
  692.  
  693. enabled = false
  694. filter = sshd
  695. action = apf[name=SSH]
  696. logpath = /var/log/secure
  697. maxretry = 5
  698.  
  699.  
  700. [osx-ssh-afctl]
  701.  
  702. enabled = false
  703. filter = sshd
  704. action = osx-afctl[bantime=600]
  705. logpath = /var/log/secure.log
  706. maxretry = 5
  707.  
  708.  
  709. [webmin-auth]
  710.  
  711. enabled = false
  712. filter = webmin-auth
  713. action = iptables-multiport[name=webmin,port="10000"]
  714. logpath = /var/log/auth.log
  715.  
  716.  
  717. # dovecot defaults to logging to the mail syslog facility
  718. # but can be set by syslog_facility in the dovecot configuration.
  719. [dovecot]
  720.  
  721. enabled = true
  722. filter = dovecot
  723. action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  724. logpath = /var/log/maillog
  725.  
  726.  
  727. [dovecot-auth]
  728.  
  729. enabled = true
  730. filter = dovecot
  731. action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  732. logpath = /var/log/secure
  733.  
  734.  
  735. [solid-pop3d]
  736.  
  737. enabled = false
  738. filter = solid-pop3d
  739. action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
  740. logpath = /var/log/mail.log
  741.  
  742.  
  743. [selinux-ssh]
  744. enabled = true
  745. filter = selinux-ssh
  746. action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
  747. logpath = /var/log/audit/audit.log
  748. maxretry = 5
  749.  
  750. # See the IMPORTANT note in action.d/blocklist_de.conf for when to
  751. # use this action
  752. #
  753. # Report block via blocklist.de fail2ban reporting service API
  754. # See action.d/blocklist_de.conf for more information
  755. [ssh-blocklist]
  756.  
  757. enabled = true
  758. filter = sshd
  759. action = iptables[name=SSH, port=ssh, protocol=tcp]
  760. sendmail-whois[name=SSH, dest=****@mchub.ca, sender=fail2ban@example.com, sendername="Fail2Ban"]
  761. blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
  762. logpath = /var/log/secure
  763. maxretry = 20
  764.  
  765.  
  766. # consider low maxretry and a long bantime
  767. # nobody except your own Nagios server should ever probe nrpe
  768. [nagios]
  769. enabled = false
  770. filter = nagios
  771. action = iptables[name=Nagios, port=5666, protocol=tcp]
  772. sendmail-whois[name=Nagios, dest=****@mchub.ca, sender=fail2ban@example.com, sendername="Fail2Ban"]
  773. logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
  774. maxretry = 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!