Advertisement
Guest User

Untitled

a guest
Mar 26th, 2015
377
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Fail2Ban jail base specification file
  2. #
  3. # HOW TO ACTIVATE JAILS:
  4. #
  5. # YOU SHOULD NOT MODIFY THIS FILE.
  6. #
  7. # It will probably be overwitten or improved in a distribution update.
  8. #
  9. # Provide customizations in a jail.local file or a jail.d/customisation.local.
  10. # For example to change the default bantime for all jails and to enable the
  11. # ssh-iptables jail the following (uncommented) would appear in the .local file.
  12. # See man 5 jail.conf for details.
  13. #
  14. # [DEFAULT]
  15. # bantime = 3600
  16. #
  17. # [ssh-iptables]
  18. # enabled = true
  19.  
  20.  
  21.  
  22. # Comments: use '#' for comment lines and ';' (following a space) for inline comments
  23.  
  24. # The DEFAULT allows a global definition of the options. They can be overridden
  25. # in each jail afterwards.
  26.  
  27. [DEFAULT]
  28. banaction = iptables-multiport
  29.  
  30. # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
  31. # ban a host which matches an address in this list. Several addresses can be
  32. # defined using space separator.
  33. #ignoreip =
  34.  
  35. # External command that will take an tagged arguments to ignore, e.g. <ip>,
  36. # and return true if the IP is to be ignored. False otherwise.
  37. #
  38. # ignorecommand = /path/to/command <ip>
  39. ignorecommand =
  40.  
  41. # "bantime" is the number of seconds that a host is banned.
  42. bantime = 600
  43.  
  44. # A host is banned if it has generated "maxretry" during the last "findtime"
  45. # seconds.
  46. findtime = 600
  47.  
  48. # "maxretry" is the number of failures before a host get banned.
  49. maxretry = 3
  50.  
  51. # "backend" specifies the backend used to get files modification.
  52. # Available options are "pyinotify", "gamin", "polling" and "auto".
  53. # This option can be overridden in each jail as well.
  54. #
  55. # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
  56. # If pyinotify is not installed, Fail2ban will use auto.
  57. # gamin: requires Gamin (a file alteration monitor) to be installed.
  58. # If Gamin is not installed, Fail2ban will use auto.
  59. # polling: uses a polling algorithm which does not require external libraries.
  60. # auto: will try to use the following backends, in order:
  61. # pyinotify, gamin, polling.
  62. backend = auto
  63.  
  64. # "usedns" specifies if jails should trust hostnames in logs,
  65. # warn when DNS lookups are performed, or ignore all hostnames in logs
  66. #
  67. # yes: if a hostname is encountered, a DNS lookup will be performed.
  68. # warn: if a hostname is encountered, a DNS lookup will be performed,
  69. # but it will be logged as a warning.
  70. # no: if a hostname is encountered, will not be used for banning,
  71. # but it will be logged as info.
  72. usedns = warn
  73.  
  74.  
  75. # This jail corresponds to the standard configuration in Fail2ban.
  76. # The mail-whois action send a notification e-mail with a whois request
  77. # in the body.
  78.  
  79. [pam-generic]
  80.  
  81. enabled = false
  82. filter = pam-generic
  83. action = iptables-allports[name=pam,protocol=all]
  84. logpath = /var/log/messages
  85.  
  86.  
  87. [xinetd-fail]
  88.  
  89. enabled = false
  90. filter = xinetd-fail
  91. action = iptables-allports[name=xinetd,protocol=all]
  92. logpath = /var/log/daemon*log
  93.  
  94.  
  95. #[ssh-iptables]
  96.  
  97. #enabled = true
  98. #port = ssh
  99. #filter = sshd
  100. #action = iptables[name=SSH, port=ssh, protocol=tcp]
  101. #logpath = /var/log/messages
  102. #findtime = 300
  103. #maxretry = 3
  104. #bantime = 36000
  105.  
  106.  
  107. #[ssh-ddos]
  108.  
  109. #enabled = true
  110. #filter = sshd-ddos
  111. #action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
  112. #logpath = /var/log/messages
  113. #maxretry = 2
  114.  
  115.  
  116. #[dropbear]
  117. #
  118. #enabled = false
  119. #filter = dropbear
  120. #action = iptables[name=dropbear, port=ssh, protocol=tcp]
  121. #logpath = /var/log/messages
  122. #maxretry = 5
  123.  
  124.  
  125. [proftpd-iptables]
  126.  
  127. enabled = false
  128. filter = proftpd
  129. action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
  130. logpath = /var/log/proftpd/proftpd.log
  131. maxretry = 6
  132.  
  133.  
  134. #[gssftpd-iptables]
  135. #
  136. #enabled = false
  137. #filter = gssftpd
  138. #action = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
  139. # sendmail-whois[name=GSSFTPd, dest=you@example.com]
  140. #logpath = /var/log/messages
  141. #maxretry = 6
  142.  
  143.  
  144. [pure-ftpd]
  145.  
  146. enabled = false
  147. filter = pure-ftpd
  148. action = iptables[name=pureftpd, port=ftp, protocol=tcp]
  149. logpath = /var/log/messages
  150. maxretry = 6
  151.  
  152.  
  153. [wuftpd]
  154.  
  155. enabled = false
  156. filter = wuftpd
  157. action = iptables[name=wuftpd, port=ftp, protocol=tcp]
  158. logpath = /var/log/messages
  159. maxretry = 6
  160.  
  161.  
  162. [sendmail-auth]
  163.  
  164. enabled = false
  165. filter = sendmail-auth
  166. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  167. logpath = /var/log/mail
  168.  
  169.  
  170. [sendmail-reject]
  171.  
  172. enabled = false
  173. filter = sendmail-reject
  174. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  175. logpath = /var/log/mail
  176.  
  177.  
  178. # This jail forces the backend to "polling".
  179. #[sasl-iptables]
  180. #
  181. #enabled = true
  182. #filter = postfix-sasl
  183. #backend = polling
  184. #action = iptables[name=sasl, port="smtp,smtps", protocol=tcp]
  185. #logpath = /var/log/maillog
  186. #findtime = 300
  187. #maxretry = 10
  188. #bantime = 1800
  189.  
  190.  
  191. # ASSP SMTP Proxy Jail
  192. [assp]
  193.  
  194. enabled = false
  195. filter = assp
  196. action = iptables-multiport[name=assp,port="25,465,587"]
  197. logpath = /root/path/to/assp/logs/maillog.txt
  198.  
  199.  
  200. # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
  201. # used to avoid banning the user "myuser".
  202. #[ssh-tcpwrapper]
  203.  
  204. #enabled = false
  205. #filter = sshd
  206. #action = hostsdeny[daemon_list=sshd]
  207. # sendmail-whois[name=SSH, dest=you@example.com]
  208. #ignoreregex = for myuser from
  209. #logpath = /var/log/messages
  210.  
  211.  
  212. # Here we use blackhole routes for not requiring any additional kernel support
  213. # to store large volumes of banned IPs
  214. [ssh-route]
  215.  
  216. enabled = false
  217. filter = sshd
  218. action = route
  219. logpath = /var/log/messages
  220. maxretry = 5
  221.  
  222.  
  223. # Here we use a combination of Netfilter/Iptables and IPsets
  224. # for storing large volumes of banned IPs
  225. #
  226. # IPset comes in two versions. See ipset -V for which one to use
  227. # requires the ipset package and kernel support.
  228. [ssh-iptables-ipset4]
  229.  
  230. enabled = false
  231. filter = sshd
  232. action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
  233. logpath = /var/log/messages
  234. maxretry = 5
  235.  
  236.  
  237. [ssh-iptables-ipset6]
  238.  
  239. enabled = false
  240. filter = sshd
  241. action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
  242. logpath = /var/log/messages
  243. maxretry = 5
  244.  
  245.  
  246. # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
  247. # table number must be unique.
  248. #
  249. # This will create a deny rule for that table ONLY if a rule
  250. # for the table doesn't ready exist.
  251. #
  252. [ssh-bsd-ipfw]
  253.  
  254. enabled = false
  255. filter = sshd
  256. action = bsd-ipfw[port=ssh,table=1]
  257. logpath = /var/log/auth.log
  258. maxretry = 5
  259.  
  260.  
  261. # This jail demonstrates the use of wildcards in "logpath".
  262. # Moreover, it is possible to give other files on a new line.
  263. [apache-tcpwrapper]
  264.  
  265. enabled = false
  266. filter = apache-auth
  267. action = hostsdeny
  268. logpath = /var/log/apache*/*error.log
  269. /home/www/myhomepage/error.log
  270. maxretry = 6
  271.  
  272.  
  273. [apache-modsecurity]
  274.  
  275. enabled = false
  276. filter = apache-modsecurity
  277. action = iptables-multiport[name=apache-modsecurity,port="80,443"]
  278. logpath = /var/log/apache*/*error.log
  279. /home/www/myhomepage/error.log
  280. maxretry = 2
  281.  
  282.  
  283. [apache-overflows]
  284.  
  285. enabled = false
  286. filter = apache-overflows
  287. action = iptables-multiport[name=apache-overflows,port="80,443"]
  288. logpath = /var/log/apache*/*error.log
  289. /home/www/myhomepage/error.log
  290. maxretry = 2
  291.  
  292.  
  293. [apache-nohome]
  294.  
  295. enabled = false
  296. filter = apache-nohome
  297. action = iptables-multiport[name=apache-nohome,port="80,443"]
  298. logpath = /var/log/apache*/*error.log
  299. /home/www/myhomepage/error.log
  300. maxretry = 2
  301.  
  302.  
  303. [nginx-http-auth]
  304.  
  305. enabled = false
  306. filter = nginx-http-auth
  307. action = iptables-multiport[name=nginx-http-auth,port="80,443"]
  308. logpath = /var/log/nginx/error.log
  309.  
  310.  
  311. [squid]
  312.  
  313. enabled = false
  314. filter = squid
  315. action = iptables-multiport[name=squid,port="80,443,8080"]
  316. logpath = /var/log/squid/access.log
  317.  
  318.  
  319. # The hosts.deny path can be defined with the "file" argument if it is
  320. # not in /etc.
  321. #[postfix-tcpwrapper]
  322. #
  323. #enabled = false
  324. #filter = postfix
  325. #action = hostsdeny[file=/not/a/standard/path/hosts.deny]
  326. # sendmail[name=Postfix, dest=you@example.com]
  327. #logpath = /var/log/postfix.log
  328. #bantime = 300
  329.  
  330.  
  331. [cyrus-imap]
  332.  
  333. enabled = false
  334. filter = cyrus-imap
  335. action = iptables-multiport[name=cyrus-imap,port="143,993"]
  336. logpath = /var/log/mail
  337.  
  338.  
  339. [courierlogin]
  340.  
  341. enabled = false
  342. filter = courierlogin
  343. action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
  344. logpath = /var/log/mail
  345.  
  346.  
  347. [couriersmtp]
  348.  
  349. enabled = false
  350. filter = couriersmtp
  351. action = iptables-multiport[name=couriersmtp,port="25,465,587"]
  352. logpath = /var/log/mail
  353.  
  354.  
  355. [qmail-rbl]
  356.  
  357. enabled = false
  358. filter = qmail
  359. action = iptables-multiport[name=qmail-rbl,port="25,465,587"]
  360. logpath = /service/qmail/log/main/current
  361.  
  362.  
  363. [sieve]
  364.  
  365. enabled = false
  366. filter = sieve
  367. action = iptables-multiport[name=sieve,port="25,465,587"]
  368. logpath = /var/log/mail
  369.  
  370.  
  371. # Do not ban anybody. Just report information about the remote host.
  372. # A notification is sent at most every 600 seconds (bantime).
  373. #[vsftpd-notification]
  374. #
  375. #enabled = false
  376. #filter = vsftpd
  377. #action = sendmail-whois[name=VSFTPD, dest=you@example.com]
  378. #logpath = /var/log/vsftpd.log
  379. #maxretry = 5
  380. #bantime = 1800
  381.  
  382.  
  383. # Same as above but with banning the IP address.
  384. #[vsftpd-iptables]
  385. #
  386. #enabled = false
  387. #filter = vsftpd
  388. #action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
  389. # sendmail-whois[name=VSFTPD, dest=you@example.com]
  390. #logpath = /var/log/vsftpd.log
  391. maxretry = 5
  392. bantime = 1800
  393.  
  394.  
  395. # Ban hosts which agent identifies spammer robots crawling the web
  396. # for email addresses. The mail outputs are buffered.
  397. [apache-badbots]
  398.  
  399. enabled = false
  400. filter = apache-badbots
  401. action = iptables-multiport[name=BadBots, port="http,https"]
  402. sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
  403. logpath = /var/log/apache/access_log
  404. /var/log/apache2/*/access_log
  405. bantime = 172800
  406. maxretry = 1
  407.  
  408.  
  409. # Use shorewall instead of iptables.
  410. #[apache-shorewall]
  411. #
  412. #enabled = false
  413. #filter = apache-noscript
  414. #action = shorewall
  415. # sendmail[name=Postfix, dest=you@example.com]
  416. #logpath = /var/log/apache2/error_log
  417.  
  418.  
  419. # Monitor roundcube server
  420. #[roundcube-iptables]
  421.  
  422. #enabled = true
  423. #filter = roundcube-auth
  424. #action = iptables-multiport[name=RoundCube, port="http,https"]
  425. #logpath = /var/log/roundcubemail/userlogins
  426.  
  427.  
  428. # Monitor SOGo groupware server
  429. [sogo-iptables]
  430.  
  431. enabled = false
  432. filter = sogo-auth
  433. # without proxy this would be:
  434. # port = 20000
  435. action = iptables-multiport[name=SOGo, port="http,https"]
  436. logpath = /var/log/sogo/sogo.log
  437.  
  438.  
  439. [groupoffice]
  440.  
  441. enabled = false
  442. filter = groupoffice
  443. action = iptables-multiport[name=groupoffice, port="http,https"]
  444. logpath = /home/groupoffice/log/info.log
  445.  
  446.  
  447. #[openwebmail]
  448. #
  449. #enabled = false
  450. #filter = openwebmail
  451. #logpath = /var/log/openwebmail.log
  452. #action = ipfw
  453. # sendmail-whois[name=openwebmail, dest=you@example.com]
  454. #maxretry = 5
  455.  
  456.  
  457. [horde]
  458.  
  459. enabled = false
  460. filter = horde
  461. logpath = /var/log/horde/horde.log
  462. action = iptables-multiport[name=horde, port="http,https"]
  463. maxretry = 5
  464.  
  465.  
  466. # Ban attackers that try to use PHP's URL-fopen() functionality
  467. # through GET/POST variables. - Experimental, with more than a year
  468. # of usage in production environments.
  469. [php-url-fopen]
  470.  
  471. enabled = false
  472. action = iptables-multiport[name=php-url-open, port="http,https"]
  473. filter = php-url-fopen
  474. logpath = /var/log/apache/access_log
  475. maxretry = 1
  476.  
  477.  
  478. [suhosin]
  479.  
  480. enabled = false
  481. filter = suhosin
  482. action = iptables-multiport[name=suhosin, port="http,https"]
  483. # adapt the following two items as needed
  484. logpath = /var/log/lighttpd/error.log
  485. maxretry = 2
  486.  
  487.  
  488. [lighttpd-auth]
  489.  
  490. enabled = false
  491. filter = lighttpd-auth
  492. action = iptables-multiport[name=lighttpd-auth, port="http,https"]
  493. # adapt the following two items as needed
  494. logpath = /var/log/lighttpd/error.log
  495. maxretry = 2
  496.  
  497.  
  498. # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
  499. # option is overridden in this jail. Moreover, the action "mail-whois" defines
  500. # the variable "name" which contains a comma using "". The characters '' are
  501. # valid too.
  502. #[ssh-ipfw]
  503. #
  504. #enabled = false
  505. #filter = sshd
  506. #action = ipfw[localhost=192.168.0.1]
  507. # sendmail-whois[name="SSH,IPFW", dest=you@example.com]
  508. #logpath = /var/log/messages
  509. #ignoreip = 168.192.0.1
  510.  
  511.  
  512. # !!! WARNING !!!
  513. # Since UDP is connection-less protocol, spoofing of IP and imitation
  514. # of illegal actions is way too simple. Thus enabling of this filter
  515. # might provide an easy way for implementing a DoS against a chosen
  516. # victim. See
  517. # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
  518. # Please DO NOT USE this jail unless you know what you are doing.
  519. #
  520. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  521. # This jail blocks UDP traffic for DNS requests.
  522. # [named-refused-udp]
  523. #
  524. # enabled = false
  525. # filter = named-refused
  526. # action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
  527. # sendmail-whois[name=Named, dest=you@example.com]
  528. # logpath = /var/log/named/security.log
  529. # ignoreip = 168.192.0.1
  530.  
  531. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  532. # This jail blocks TCP traffic for DNS requests.
  533. #[named-refused-tcp]
  534. #
  535. #enabled = false
  536. #filter = named-refused
  537. #action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
  538. # sendmail-whois[name=Named, dest=you@example.com]
  539. #logpath = /var/lib/named/log/security.log
  540. #ignoreip = 168.192.0.1
  541.  
  542.  
  543. [nsd]
  544.  
  545. enabled = false
  546. filter = nsd
  547. action = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
  548. iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
  549. logpath = /var/log/nsd.log
  550.  
  551.  
  552. #[asterisk]
  553. #
  554. #enabled = false
  555. #filter = asterisk
  556. #action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  557. # iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  558. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  559. #logpath = /var/log/asterisk/messages
  560. #maxretry = 10
  561.  
  562.  
  563. [freeswitch]
  564.  
  565. enabled = false
  566. filter = freeswitch
  567. logpath = /var/log/freeswitch.log
  568. maxretry = 10
  569. action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
  570. iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
  571.  
  572. [ejabberd-auth]
  573.  
  574. enabled = false
  575. filter = ejabberd-auth
  576. logpath = /var/log/ejabberd/ejabberd.log
  577. action = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
  578.  
  579. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  580. # use [asterisk] for new jails
  581. #[asterisk-tcp]
  582. #
  583. #enabled = false
  584. #filter = asterisk
  585. #action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  586. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  587. #logpath = /var/log/asterisk/messages
  588. #maxretry = 10
  589.  
  590.  
  591. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  592. # use [asterisk] for new jails
  593. #[asterisk-udp]
  594. #
  595. #enabled = false
  596. #filter = asterisk
  597. #action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  598. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  599. #logpath = /var/log/asterisk/messages
  600. #maxretry = 10
  601.  
  602.  
  603. #[mysqld-iptables]
  604. #
  605. #enabled = false
  606. #filter = mysqld-auth
  607. #action = iptables[name=mysql, port=3306, protocol=tcp]
  608. # sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
  609. #logpath = /var/log/mysql/mysqld.log
  610. #maxretry = 5
  611.  
  612.  
  613. [mysqld-syslog]
  614.  
  615. enabled = false
  616. filter = mysqld-auth
  617. action = iptables[name=mysql, port=3306, protocol=tcp]
  618. logpath = /var/log/mysql/mysqld.log
  619. maxretry = 5
  620.  
  621.  
  622. # Jail for more extended banning of persistent abusers
  623. # !!! WARNING !!!
  624. # Make sure that your loglevel specified in fail2ban.conf/.local
  625. # is not at DEBUG level -- which might then cause fail2ban to fall into
  626. # an infinite loop constantly feeding itself with non-informative lines
  627. [recidive]
  628.  
  629. enabled = false
  630. filter = recidive
  631. logpath = /var/log/fail2ban.log
  632. action = iptables-allports[name=recidive,protocol=all]
  633. sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
  634. bantime = 604800 ; 1 week
  635. findtime = 86400 ; 1 day
  636. maxretry = 5
  637.  
  638.  
  639. # PF is a BSD based firewall
  640. [ssh-pf]
  641.  
  642. enabled = false
  643. filter = sshd
  644. action = pf
  645. logpath = /var/log/messages
  646. maxretry = 5
  647.  
  648.  
  649. [3proxy]
  650.  
  651. enabled = false
  652. filter = 3proxy
  653. action = iptables[name=3proxy, port=3128, protocol=tcp]
  654. logpath = /var/log/3proxy.log
  655.  
  656.  
  657. [exim]
  658.  
  659. enabled = false
  660. filter = exim
  661. action = iptables-multiport[name=exim,port="25,465,587"]
  662. logpath = /var/log/exim/mainlog
  663.  
  664.  
  665. [exim-spam]
  666.  
  667. enabled = false
  668. filter = exim-spam
  669. action = iptables-multiport[name=exim-spam,port="25,465,587"]
  670. logpath = /var/log/exim/mainlog
  671.  
  672.  
  673. [perdition]
  674.  
  675. enabled = false
  676. filter = perdition
  677. action = iptables-multiport[name=perdition,port="110,143,993,995"]
  678. logpath = /var/log/maillog
  679.  
  680.  
  681. [uwimap-auth]
  682.  
  683. enabled = false
  684. filter = uwimap-auth
  685. action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
  686. logpath = /var/log/maillog
  687.  
  688.  
  689. [osx-ssh-ipfw]
  690.  
  691. enabled = false
  692. filter = sshd
  693. action = osx-ipfw
  694. logpath = /var/log/secure.log
  695. maxretry = 5
  696.  
  697.  
  698. [ssh-apf]
  699.  
  700. enabled = false
  701. filter = sshd
  702. action = apf[name=SSH]
  703. logpath = /var/log/secure
  704. maxretry = 5
  705.  
  706.  
  707. [osx-ssh-afctl]
  708.  
  709. enabled = false
  710. filter = sshd
  711. action = osx-afctl[bantime=600]
  712. logpath = /var/log/secure.log
  713. maxretry = 5
  714.  
  715.  
  716. [webmin-auth]
  717.  
  718. enabled = false
  719. filter = webmin-auth
  720. action = iptables-multiport[name=webmin,port="10000"]
  721. logpath = /var/log/auth.log
  722.  
  723.  
  724. # dovecot defaults to logging to the mail syslog facility
  725. # but can be set by syslog_facility in the dovecot configuration.
  726. [dovecot]
  727.  
  728. enabled = false
  729. filter = dovecot
  730. action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  731. logpath = /var/log/mail
  732.  
  733.  
  734. [dovecot-auth]
  735.  
  736. enabled = false
  737. filter = dovecot
  738. action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  739. logpath = /var/log/mail
  740.  
  741.  
  742. [solid-pop3d]
  743.  
  744. enabled = false
  745. filter = solid-pop3d
  746. action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
  747. logpath = /var/log/mail
  748.  
  749.  
  750. [selinux-ssh]
  751. enabled = false
  752. filter = selinux-ssh
  753. action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
  754. logpath = /var/log/audit/audit.log
  755. maxretry = 5
  756.  
  757. # See the IMPORTANT note in action.d/blocklist_de.conf for when to
  758. # use this action
  759. #
  760. # Report block via blocklist.de fail2ban reporting service API
  761. # See action.d/blocklist_de.conf for more information
  762. #[ssh-blocklist]
  763. #
  764. #enabled = false
  765. #filter = sshd
  766. #action = iptables[name=SSH, port=ssh, protocol=tcp]
  767. # sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
  768. # blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
  769. #logpath = /var/log/messages
  770. #maxretry = 20
  771.  
  772.  
  773. # consider low maxretry and a long bantime
  774. # nobody except your own Nagios server should ever probe nrpe
  775. [nagios]
  776. enabled = false
  777. filter = nagios
  778. action = iptables[name=Nagios, port=5666, protocol=tcp]
  779. sendmail-whois[name=Nagios, dest=admin@serpack.de, sender=fail2ban@serpack.de, sendername="Fail2Ban"]
  780. logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
  781. maxretry = 1
  782.  
  783. [postfix-banhammer]
  784. enabled = true
  785. port = smtp,ssmtp
  786. filter = postfix
  787. action = iptables-multiport[name=PFIX, port='smtp,465,submission', protocol=tcp]
  788. logpath = /var/log/maillog
  789. maxretry = 3
  790. bantime = 7200
  791.  
  792. [dovecot-banhammer]
  793. enabled = true
  794. filter = dovecot
  795. action = iptables-multiport[name=DCOT, port='pop3,pop3s,imap,imaps', protocol=tcp]
  796. logpath = /var/log/maillog
  797. findtime = 300
  798. maxretry = 10
  799. bantime = 1800
  800.  
  801. [sasl-banhammer]
  802. enabled = true
  803. port = smtp,ssmtp
  804. filter = postfix-sasl
  805. action = iptables-multiport[name=SASL, port='smtp,465,submission', protocol=tcp]
  806. logpath = /var/log/maillog
  807. findtime = 300
  808. maxretry = 10
  809. bantime = 1800
Advertisement
RAW Paste Data Copied
Advertisement