API tools faq
paste
Guest User

Untitled

a guest
Dec 2nd, 2017
374
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.08 KB | None | 0 0
raw download clone embed print report
  1. The configuration file is located in: /etc/fail2ban/jail.conf You can use a text editor such as vi or nano to edit the file. Comments have been added to better help you understand the options.
  2. # Fail2Ban configuration file## Author: Cyril Jaquier## $Revision: 747 $#
  3. # The DEFAULT allows a global definition of the options. They can be override# in each jail afterwards.
  4. [DEFAULT]
  5. # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not# ban a host which matches an address in this list. Several addresses can be# defined using space separator.ignoreip = 127.0.0.1#Add another ignoreip directive here and put your ip if it doesn't change.#This will prevent you from banning yourself by accident.
  6. # "bantime" is the number of seconds that a host is banned.bantime = 600bantime = 99999999999999999999999999999999999999999999999#This effectively sets the ban infintely. Adjust to your needs. The default is 10 minutes, or 600 seconds.
  7. # A host is banned if it has generated "maxretry" during the last "findtime"# seconds.findtime = 600
  8. # "maxretry" is the number of failures before a host get banned.maxretry = 3It's ok to leave this at 3, for more security or if you use keys only, set it to 1.A setting of one will ban anyone who attempts to login without a key.
  9. # "backend" specifies the backend used to get files modification. Available# options are "gamin", "polling" and "auto". This option can be overridden in# each jail too (use "gamin" for a jail and "polling" for another).## gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin# is not installed, Fail2ban will use polling.# polling: uses a polling algorithm which does not require external libraries.# auto: will choose Gamin if available and polling otherwise.backend = auto
  10. # This jail corresponds to the standard configuration in Fail2ban 0.6.# The mail-whois action send a notification e-mail with a whois request# in the body.
  11. [ssh-iptables]
  12. enabled = truefilter = sshdaction = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=user@example.com, sender=fail2ban@example.com]logpath = /var/log/securemaxretry = 5#This is the most popular/necessary chain, set your email destination and sender here.#This will notify you when a user is added/banned in this chain. dest= is your email#address, sender= is the address the email comes from for filtering purposes.
  13. [proftpd-iptables]
  14. enabled = falsefilter = proftpdaction = iptables[name=ProFTPD, port=ftp, protocol=tcp] sendmail-whois[name=ProFTPD, dest=you@mail.com]logpath = /var/log/proftpd/proftpd.logmaxretry = 6
  15. # This jail forces the backend to "polling".
  16. [sasl-iptables]
  17. enabled = falsefilter = saslbackend = pollingaction = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=you@mail.com]logpath = /var/log/mail.log
  18. # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is# used to avoid banning the user "myuser".
  19. [ssh-tcpwrapper]
  20. enabled = falsefilter = sshdaction = hostsdeny sendmail-whois[name=SSH, dest=you@mail.com]ignoreregex = for myuser fromlogpath = /var/log/sshd.log
  21. # This jail demonstrates the use of wildcards in "logpath".# Moreover, it is possible to give other files on a new line.
  22. [apache-tcpwrapper]
  23. enabled = falsefilter = apache-authaction = hostsdenylogpath = /var/log/apache*/*error.log /home/www/myhomepage/error.logmaxretry = 6
  24. # The hosts.deny path can be defined with the "file" argument if it is# not in /etc.
  25. [postfix-tcpwrapper]
  26. enabled = falsefilter = postfixaction = hostsdeny[file=/not/a/standard/path/hosts.deny] sendmail[name=Postfix, dest=you@mail.com]logpath = /var/log/postfix.logbantime = 300
  27. # Do not ban anybody. Just report information about the remote host.# A notification is sent at most every 600 seconds (bantime).
  28. [vsftpd-notification]
  29. enabled = falsefilter = vsftpdaction = sendmail-whois[name=VSFTPD, dest=you@mail.com]logpath = /var/log/vsftpd.logmaxretry = 5bantime = 1800
  30. # Same as above but with banning the IP address.
  31. [vsftpd-iptables]
  32. enabled = falsefilter = vsftpdaction = iptables[name=VSFTPD, port=ftp, protocol=tcp] sendmail-whois[name=VSFTPD, dest=you@mail.com]logpath = /var/log/vsftpd.logmaxretry = 5bantime = 1800
  33. # Ban hosts which agent identifies spammer robots crawling the web# for email addresses. The mail outputs are buffered.
  34. [apache-badbots]
  35. enabled = falsefilter = apache-badbotsaction = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]logpath = /var/www/*/logs/access_logbantime = 172800maxretry = 1
  36. # Use shorewall instead of iptables.
  37. [apache-shorewall]
  38. enabled = falsefilter = apache-noscriptaction = shorewall sendmail[name=Postfix, dest=you@mail.com]logpath = /var/log/apache2/error_log
  39. # Ban attackers that try to use PHP's URL-fopen() functionality# through GET/POST variables. - Experimental, with more than a year# of usage in production environments.
  40. [php-url-fopen]
  41. enabled = falseport = http,httpsfilter = php-url-fopenlogpath = /var/www/*/logs/access_logmaxretry = 1
  42. # A simple PHP-fastcgi jail which works with lighttpd.# If you run a lighttpd server, then you probably will# find these kinds of messages in your error_log:# ALERT – tried to register forbidden variable ‘GLOBALS’# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')# This jail would block the IP 1.2.3.4.
  43. [lighttpd-fastcgi]
  44. enabled = falseport = http,httpsfilter = lighttpd-fastcgi# adapt the following two items as neededlogpath = /var/log/lighttpd/error.logmaxretry = 2
  45. # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"# option is overridden in this jail. Moreover, the action "mail-whois" defines# the variable "name" which contains a comma using "". The characters '' are# valid too.
  46. [ssh-ipfw]
  47. enabled = falsefilter = sshdaction = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=you@mail.com]logpath = /var/log/auth.logignoreip = 168.192.0.1
  48. # These jails block attacks against named (bind9). By default, logging is off# with bind9 installation. You will need something like this:## logging {# channel security_file {# file "/var/log/named/security.log" versions 3 size 30m;# severity dynamic;# print-time yes;# };# category security {# security_file;# };# };## in your named.conf to provide proper logging.# This jail blocks UDP traffic for DNS requests.
  49. [named-refused-udp]
  50. enabled = falsefilter = named-refusedaction = iptables-multiport[name=Named, port="domain,953", protocol=udp] sendmail-whois[name=Named, dest=you@mail.com]logpath = /var/log/named/security.logignoreip = 168.192.0.1
  51. # This jail blocks TCP traffic for DNS requests.
  52. [named-refused-tcp]
  53. enabled = falsefilter = named-refusedaction = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, dest=you@mail.com]logpath = /var/log/named/security.logignoreip = 168.192.0.1
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!