Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ssh]
- enabled = true
- port = ssh
- filter = sshd
- logpath = /var/log/auth.log
- maxretry = 3
- [dropbear]
- enabled = false
- port = ssh
- filter = sshd
- logpath = /var/log/dropbear
- maxretry = 6
- # Generic filter for pam. Has to be used with action which bans all ports
- # such as iptables-allports, shorewall
- [pam-generic]
- enabled = false
- # pam-generic filter can be customized to monitor specific subset of 'tty's
- filter = pam-generic
- # port actually must be irrelevant but lets leave it all for some possible uses
- port = all
- banaction = iptables-allports
- port = anyport
- logpath = /var/log/auth.log
- maxretry = 6
- [xinetd-fail]
- enabled = false
- filter = xinetd-fail
- port = all
- banaction = iptables-multiport-log
- logpath = /var/log/daemon.log
- maxretry = 2
- [ssh-ddos]
- enabled = false
- port = ssh
- filter = sshd-ddos
- logpath = /var/log/auth.log
- maxretry = 6
- [apache]
- enabled = true
- port = http,https
- filter = apache-auth
- logpath = /var/log/apache*/*error.log
- maxretry = 3
- # default action is now multiport, so apache-multiport jail was left
- # for compatibility with previous (<0.7.6-2) releases
- [apache-multiport]
- enabled = true
- port = http,https
- filter = apache-auth
- logpath = /var/log/apache*/*error.log
- maxretry = 3
- [apache]
- enabled = true
- port = http,https
- filter = apache-auth
- logpath = /var/log/apache*/*error.log
- maxretry = 3
- # default action is now multiport, so apache-multiport jail was left
- # for compatibility with previous (<0.7.6-2) releases
- [apache-multiport]
- enabled = true
- port = http,https
- filter = apache-auth
- logpath = /var/log/apache*/*error.log
- maxretry = 3
- [apache-noscript]
- enabled = true
- port = http,https
- filter = apache-noscript
- logpath = /var/log/apache*/*error.log
- maxretry = 3
- [apache-overflows]
- enabled = true
- port = http,https
- filter = apache-overflows
- logpath = /var/log/apache*/*error.log
- maxretry = 2
- [vsftpd]
- enabled = false
- port = ftp,ftp-data,ftps,ftps-data
- filter = vsftpd
- logpath = /var/log/vsftpd.log
- # or overwrite it in jails.local to be
- # logpath = /var/log/auth.log
- # if you want to rely on PAM failed login attempts
- # vsftpd's failregex should match both of those formats
- maxretry = 6
- [proftpd]
- enabled = false
- port = ftp,ftp-data,ftps,ftps-data
- filter = proftpd
- logpath = /var/log/proftpd/proftpd.log
- maxretry = 6
- [pure-ftpd]
- enabled = false
- port = ftp,ftp-data,ftps,ftps-data
- filter = pure-ftpd
- logpath = /var/log/auth.log
- maxretry = 6
- [wuftpd]
- enabled = false
- port = ftp,ftp-data,ftps,ftps-data
- filter = wuftpd
- logpath = /var/log/auth.log
- maxretry = 6
- [couriersmtp]
- enabled = false
- port = smtp,ssmtp
- filter = couriersmtp
- logpath = /var/log/mail.log
- #
- # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
- # all relevant ports get banned
- #
- [courierauth]
- enabled = false
- port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
- filter = courierlogin
- logpath = /var/log/mail.log
- [sasl]
- enabled = false
- port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
- filter = sasl
- # You might consider monitoring /var/log/mail.warn instead if you are
- # running postfix since it would provide the same log lines at the
- # "warn" level but overall at the smaller filesize.
- logpath = /var/log/mail.log
- [named-refused-tcp]
- enabled = false
- port = domain,953
- protocol = tcp
- filter = named-refused
- logpath = /var/log/named/security.log
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement