API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 26th, 2015
418
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.56 KB | None | 0 0
raw download clone embed print report
  1. # Fail2Ban jail base specification file
  2. #
  3. # HOW TO ACTIVATE JAILS:
  4. #
  5. # YOU SHOULD NOT MODIFY THIS FILE.
  6. #
  7. # It will probably be overwitten or improved in a distribution update.
  8. #
  9. # Provide customizations in a jail.local file or a jail.d/customisation.local.
  10. # For example to change the default bantime for all jails and to enable the
  11. # ssh-iptables jail the following (uncommented) would appear in the .local file.
  12. # See man 5 jail.conf for details.
  13. #
  14. # [DEFAULT]
  15. # bantime = 3600
  16. #
  17. # [ssh-iptables]
  18. # enabled = true
  19.  
  20.  
  21.  
  22. # Comments: use '#' for comment lines and ';' (following a space) for inline comments
  23.  
  24. # The DEFAULT allows a global definition of the options. They can be overridden
  25. # in each jail afterwards.
  26.  
  27. [DEFAULT]
  28. banaction = iptables-multiport
  29.  
  30. # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
  31. # ban a host which matches an address in this list. Several addresses can be
  32. # defined using space separator.
  33. #ignoreip =
  34.  
  35. # External command that will take an tagged arguments to ignore, e.g. <ip>,
  36. # and return true if the IP is to be ignored. False otherwise.
  37. #
  38. # ignorecommand = /path/to/command <ip>
  39. ignorecommand =
  40.  
  41. # "bantime" is the number of seconds that a host is banned.
  42. bantime = 600
  43.  
  44. # A host is banned if it has generated "maxretry" during the last "findtime"
  45. # seconds.
  46. findtime = 600
  47.  
  48. # "maxretry" is the number of failures before a host get banned.
  49. maxretry = 3
  50.  
  51. # "backend" specifies the backend used to get files modification.
  52. # Available options are "pyinotify", "gamin", "polling" and "auto".
  53. # This option can be overridden in each jail as well.
  54. #
  55. # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
  56. # If pyinotify is not installed, Fail2ban will use auto.
  57. # gamin: requires Gamin (a file alteration monitor) to be installed.
  58. # If Gamin is not installed, Fail2ban will use auto.
  59. # polling: uses a polling algorithm which does not require external libraries.
  60. # auto: will try to use the following backends, in order:
  61. # pyinotify, gamin, polling.
  62. backend = auto
  63.  
  64. # "usedns" specifies if jails should trust hostnames in logs,
  65. # warn when DNS lookups are performed, or ignore all hostnames in logs
  66. #
  67. # yes: if a hostname is encountered, a DNS lookup will be performed.
  68. # warn: if a hostname is encountered, a DNS lookup will be performed,
  69. # but it will be logged as a warning.
  70. # no: if a hostname is encountered, will not be used for banning,
  71. # but it will be logged as info.
  72. usedns = warn
  73.  
  74.  
  75. # This jail corresponds to the standard configuration in Fail2ban.
  76. # The mail-whois action send a notification e-mail with a whois request
  77. # in the body.
  78.  
  79. [pam-generic]
  80.  
  81. enabled = false
  82. filter = pam-generic
  83. action = iptables-allports[name=pam,protocol=all]
  84. logpath = /var/log/messages
  85.  
  86.  
  87. [xinetd-fail]
  88.  
  89. enabled = false
  90. filter = xinetd-fail
  91. action = iptables-allports[name=xinetd,protocol=all]
  92. logpath = /var/log/daemon*log
  93.  
  94.  
  95. #[ssh-iptables]
  96.  
  97. #enabled = true
  98. #port = ssh
  99. #filter = sshd
  100. #action = iptables[name=SSH, port=ssh, protocol=tcp]
  101. #logpath = /var/log/messages
  102. #findtime = 300
  103. #maxretry = 3
  104. #bantime = 36000
  105.  
  106.  
  107. #[ssh-ddos]
  108.  
  109. #enabled = true
  110. #filter = sshd-ddos
  111. #action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
  112. #logpath = /var/log/messages
  113. #maxretry = 2
  114.  
  115.  
  116. #[dropbear]
  117. #
  118. #enabled = false
  119. #filter = dropbear
  120. #action = iptables[name=dropbear, port=ssh, protocol=tcp]
  121. #logpath = /var/log/messages
  122. #maxretry = 5
  123.  
  124.  
  125. [proftpd-iptables]
  126.  
  127. enabled = false
  128. filter = proftpd
  129. action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
  130. logpath = /var/log/proftpd/proftpd.log
  131. maxretry = 6
  132.  
  133.  
  134. #[gssftpd-iptables]
  135. #
  136. #enabled = false
  137. #filter = gssftpd
  138. #action = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
  139. # sendmail-whois[name=GSSFTPd, dest=you@example.com]
  140. #logpath = /var/log/messages
  141. #maxretry = 6
  142.  
  143.  
  144. [pure-ftpd]
  145.  
  146. enabled = false
  147. filter = pure-ftpd
  148. action = iptables[name=pureftpd, port=ftp, protocol=tcp]
  149. logpath = /var/log/messages
  150. maxretry = 6
  151.  
  152.  
  153. [wuftpd]
  154.  
  155. enabled = false
  156. filter = wuftpd
  157. action = iptables[name=wuftpd, port=ftp, protocol=tcp]
  158. logpath = /var/log/messages
  159. maxretry = 6
  160.  
  161.  
  162. [sendmail-auth]
  163.  
  164. enabled = false
  165. filter = sendmail-auth
  166. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  167. logpath = /var/log/mail
  168.  
  169.  
  170. [sendmail-reject]
  171.  
  172. enabled = false
  173. filter = sendmail-reject
  174. action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
  175. logpath = /var/log/mail
  176.  
  177.  
  178. # This jail forces the backend to "polling".
  179. #[sasl-iptables]
  180. #
  181. #enabled = true
  182. #filter = postfix-sasl
  183. #backend = polling
  184. #action = iptables[name=sasl, port="smtp,smtps", protocol=tcp]
  185. #logpath = /var/log/maillog
  186. #findtime = 300
  187. #maxretry = 10
  188. #bantime = 1800
  189.  
  190.  
  191. # ASSP SMTP Proxy Jail
  192. [assp]
  193.  
  194. enabled = false
  195. filter = assp
  196. action = iptables-multiport[name=assp,port="25,465,587"]
  197. logpath = /root/path/to/assp/logs/maillog.txt
  198.  
  199.  
  200. # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
  201. # used to avoid banning the user "myuser".
  202. #[ssh-tcpwrapper]
  203.  
  204. #enabled = false
  205. #filter = sshd
  206. #action = hostsdeny[daemon_list=sshd]
  207. # sendmail-whois[name=SSH, dest=you@example.com]
  208. #ignoreregex = for myuser from
  209. #logpath = /var/log/messages
  210.  
  211.  
  212. # Here we use blackhole routes for not requiring any additional kernel support
  213. # to store large volumes of banned IPs
  214. [ssh-route]
  215.  
  216. enabled = false
  217. filter = sshd
  218. action = route
  219. logpath = /var/log/messages
  220. maxretry = 5
  221.  
  222.  
  223. # Here we use a combination of Netfilter/Iptables and IPsets
  224. # for storing large volumes of banned IPs
  225. #
  226. # IPset comes in two versions. See ipset -V for which one to use
  227. # requires the ipset package and kernel support.
  228. [ssh-iptables-ipset4]
  229.  
  230. enabled = false
  231. filter = sshd
  232. action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
  233. logpath = /var/log/messages
  234. maxretry = 5
  235.  
  236.  
  237. [ssh-iptables-ipset6]
  238.  
  239. enabled = false
  240. filter = sshd
  241. action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
  242. logpath = /var/log/messages
  243. maxretry = 5
  244.  
  245.  
  246. # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
  247. # table number must be unique.
  248. #
  249. # This will create a deny rule for that table ONLY if a rule
  250. # for the table doesn't ready exist.
  251. #
  252. [ssh-bsd-ipfw]
  253.  
  254. enabled = false
  255. filter = sshd
  256. action = bsd-ipfw[port=ssh,table=1]
  257. logpath = /var/log/auth.log
  258. maxretry = 5
  259.  
  260.  
  261. # This jail demonstrates the use of wildcards in "logpath".
  262. # Moreover, it is possible to give other files on a new line.
  263. [apache-tcpwrapper]
  264.  
  265. enabled = false
  266. filter = apache-auth
  267. action = hostsdeny
  268. logpath = /var/log/apache*/*error.log
  269. /home/www/myhomepage/error.log
  270. maxretry = 6
  271.  
  272.  
  273. [apache-modsecurity]
  274.  
  275. enabled = false
  276. filter = apache-modsecurity
  277. action = iptables-multiport[name=apache-modsecurity,port="80,443"]
  278. logpath = /var/log/apache*/*error.log
  279. /home/www/myhomepage/error.log
  280. maxretry = 2
  281.  
  282.  
  283. [apache-overflows]
  284.  
  285. enabled = false
  286. filter = apache-overflows
  287. action = iptables-multiport[name=apache-overflows,port="80,443"]
  288. logpath = /var/log/apache*/*error.log
  289. /home/www/myhomepage/error.log
  290. maxretry = 2
  291.  
  292.  
  293. [apache-nohome]
  294.  
  295. enabled = false
  296. filter = apache-nohome
  297. action = iptables-multiport[name=apache-nohome,port="80,443"]
  298. logpath = /var/log/apache*/*error.log
  299. /home/www/myhomepage/error.log
  300. maxretry = 2
  301.  
  302.  
  303. [nginx-http-auth]
  304.  
  305. enabled = false
  306. filter = nginx-http-auth
  307. action = iptables-multiport[name=nginx-http-auth,port="80,443"]
  308. logpath = /var/log/nginx/error.log
  309.  
  310.  
  311. [squid]
  312.  
  313. enabled = false
  314. filter = squid
  315. action = iptables-multiport[name=squid,port="80,443,8080"]
  316. logpath = /var/log/squid/access.log
  317.  
  318.  
  319. # The hosts.deny path can be defined with the "file" argument if it is
  320. # not in /etc.
  321. #[postfix-tcpwrapper]
  322. #
  323. #enabled = false
  324. #filter = postfix
  325. #action = hostsdeny[file=/not/a/standard/path/hosts.deny]
  326. # sendmail[name=Postfix, dest=you@example.com]
  327. #logpath = /var/log/postfix.log
  328. #bantime = 300
  329.  
  330.  
  331. [cyrus-imap]
  332.  
  333. enabled = false
  334. filter = cyrus-imap
  335. action = iptables-multiport[name=cyrus-imap,port="143,993"]
  336. logpath = /var/log/mail
  337.  
  338.  
  339. [courierlogin]
  340.  
  341. enabled = false
  342. filter = courierlogin
  343. action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
  344. logpath = /var/log/mail
  345.  
  346.  
  347. [couriersmtp]
  348.  
  349. enabled = false
  350. filter = couriersmtp
  351. action = iptables-multiport[name=couriersmtp,port="25,465,587"]
  352. logpath = /var/log/mail
  353.  
  354.  
  355. [qmail-rbl]
  356.  
  357. enabled = false
  358. filter = qmail
  359. action = iptables-multiport[name=qmail-rbl,port="25,465,587"]
  360. logpath = /service/qmail/log/main/current
  361.  
  362.  
  363. [sieve]
  364.  
  365. enabled = false
  366. filter = sieve
  367. action = iptables-multiport[name=sieve,port="25,465,587"]
  368. logpath = /var/log/mail
  369.  
  370.  
  371. # Do not ban anybody. Just report information about the remote host.
  372. # A notification is sent at most every 600 seconds (bantime).
  373. #[vsftpd-notification]
  374. #
  375. #enabled = false
  376. #filter = vsftpd
  377. #action = sendmail-whois[name=VSFTPD, dest=you@example.com]
  378. #logpath = /var/log/vsftpd.log
  379. #maxretry = 5
  380. #bantime = 1800
  381.  
  382.  
  383. # Same as above but with banning the IP address.
  384. #[vsftpd-iptables]
  385. #
  386. #enabled = false
  387. #filter = vsftpd
  388. #action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
  389. # sendmail-whois[name=VSFTPD, dest=you@example.com]
  390. #logpath = /var/log/vsftpd.log
  391. maxretry = 5
  392. bantime = 1800
  393.  
  394.  
  395. # Ban hosts which agent identifies spammer robots crawling the web
  396. # for email addresses. The mail outputs are buffered.
  397. [apache-badbots]
  398.  
  399. enabled = false
  400. filter = apache-badbots
  401. action = iptables-multiport[name=BadBots, port="http,https"]
  402. sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
  403. logpath = /var/log/apache/access_log
  404. /var/log/apache2/*/access_log
  405. bantime = 172800
  406. maxretry = 1
  407.  
  408.  
  409. # Use shorewall instead of iptables.
  410. #[apache-shorewall]
  411. #
  412. #enabled = false
  413. #filter = apache-noscript
  414. #action = shorewall
  415. # sendmail[name=Postfix, dest=you@example.com]
  416. #logpath = /var/log/apache2/error_log
  417.  
  418.  
  419. # Monitor roundcube server
  420. #[roundcube-iptables]
  421.  
  422. #enabled = true
  423. #filter = roundcube-auth
  424. #action = iptables-multiport[name=RoundCube, port="http,https"]
  425. #logpath = /var/log/roundcubemail/userlogins
  426.  
  427.  
  428. # Monitor SOGo groupware server
  429. [sogo-iptables]
  430.  
  431. enabled = false
  432. filter = sogo-auth
  433. # without proxy this would be:
  434. # port = 20000
  435. action = iptables-multiport[name=SOGo, port="http,https"]
  436. logpath = /var/log/sogo/sogo.log
  437.  
  438.  
  439. [groupoffice]
  440.  
  441. enabled = false
  442. filter = groupoffice
  443. action = iptables-multiport[name=groupoffice, port="http,https"]
  444. logpath = /home/groupoffice/log/info.log
  445.  
  446.  
  447. #[openwebmail]
  448. #
  449. #enabled = false
  450. #filter = openwebmail
  451. #logpath = /var/log/openwebmail.log
  452. #action = ipfw
  453. # sendmail-whois[name=openwebmail, dest=you@example.com]
  454. #maxretry = 5
  455.  
  456.  
  457. [horde]
  458.  
  459. enabled = false
  460. filter = horde
  461. logpath = /var/log/horde/horde.log
  462. action = iptables-multiport[name=horde, port="http,https"]
  463. maxretry = 5
  464.  
  465.  
  466. # Ban attackers that try to use PHP's URL-fopen() functionality
  467. # through GET/POST variables. - Experimental, with more than a year
  468. # of usage in production environments.
  469. [php-url-fopen]
  470.  
  471. enabled = false
  472. action = iptables-multiport[name=php-url-open, port="http,https"]
  473. filter = php-url-fopen
  474. logpath = /var/log/apache/access_log
  475. maxretry = 1
  476.  
  477.  
  478. [suhosin]
  479.  
  480. enabled = false
  481. filter = suhosin
  482. action = iptables-multiport[name=suhosin, port="http,https"]
  483. # adapt the following two items as needed
  484. logpath = /var/log/lighttpd/error.log
  485. maxretry = 2
  486.  
  487.  
  488. [lighttpd-auth]
  489.  
  490. enabled = false
  491. filter = lighttpd-auth
  492. action = iptables-multiport[name=lighttpd-auth, port="http,https"]
  493. # adapt the following two items as needed
  494. logpath = /var/log/lighttpd/error.log
  495. maxretry = 2
  496.  
  497.  
  498. # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
  499. # option is overridden in this jail. Moreover, the action "mail-whois" defines
  500. # the variable "name" which contains a comma using "". The characters '' are
  501. # valid too.
  502. #[ssh-ipfw]
  503. #
  504. #enabled = false
  505. #filter = sshd
  506. #action = ipfw[localhost=192.168.0.1]
  507. # sendmail-whois[name="SSH,IPFW", dest=you@example.com]
  508. #logpath = /var/log/messages
  509. #ignoreip = 168.192.0.1
  510.  
  511.  
  512. # !!! WARNING !!!
  513. # Since UDP is connection-less protocol, spoofing of IP and imitation
  514. # of illegal actions is way too simple. Thus enabling of this filter
  515. # might provide an easy way for implementing a DoS against a chosen
  516. # victim. See
  517. # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
  518. # Please DO NOT USE this jail unless you know what you are doing.
  519. #
  520. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  521. # This jail blocks UDP traffic for DNS requests.
  522. # [named-refused-udp]
  523. #
  524. # enabled = false
  525. # filter = named-refused
  526. # action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
  527. # sendmail-whois[name=Named, dest=you@example.com]
  528. # logpath = /var/log/named/security.log
  529. # ignoreip = 168.192.0.1
  530.  
  531. # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  532. # This jail blocks TCP traffic for DNS requests.
  533. #[named-refused-tcp]
  534. #
  535. #enabled = false
  536. #filter = named-refused
  537. #action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
  538. # sendmail-whois[name=Named, dest=you@example.com]
  539. #logpath = /var/lib/named/log/security.log
  540. #ignoreip = 168.192.0.1
  541.  
  542.  
  543. [nsd]
  544.  
  545. enabled = false
  546. filter = nsd
  547. action = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
  548. iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
  549. logpath = /var/log/nsd.log
  550.  
  551.  
  552. #[asterisk]
  553. #
  554. #enabled = false
  555. #filter = asterisk
  556. #action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  557. # iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  558. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  559. #logpath = /var/log/asterisk/messages
  560. #maxretry = 10
  561.  
  562.  
  563. [freeswitch]
  564.  
  565. enabled = false
  566. filter = freeswitch
  567. logpath = /var/log/freeswitch.log
  568. maxretry = 10
  569. action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
  570. iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
  571.  
  572. [ejabberd-auth]
  573.  
  574. enabled = false
  575. filter = ejabberd-auth
  576. logpath = /var/log/ejabberd/ejabberd.log
  577. action = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
  578.  
  579. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  580. # use [asterisk] for new jails
  581. #[asterisk-tcp]
  582. #
  583. #enabled = false
  584. #filter = asterisk
  585. #action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  586. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  587. #logpath = /var/log/asterisk/messages
  588. #maxretry = 10
  589.  
  590.  
  591. # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
  592. # use [asterisk] for new jails
  593. #[asterisk-udp]
  594. #
  595. #enabled = false
  596. #filter = asterisk
  597. #action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  598. # sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
  599. #logpath = /var/log/asterisk/messages
  600. #maxretry = 10
  601.  
  602.  
  603. #[mysqld-iptables]
  604. #
  605. #enabled = false
  606. #filter = mysqld-auth
  607. #action = iptables[name=mysql, port=3306, protocol=tcp]
  608. # sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
  609. #logpath = /var/log/mysql/mysqld.log
  610. #maxretry = 5
  611.  
  612.  
  613. [mysqld-syslog]
  614.  
  615. enabled = false
  616. filter = mysqld-auth
  617. action = iptables[name=mysql, port=3306, protocol=tcp]
  618. logpath = /var/log/mysql/mysqld.log
  619. maxretry = 5
  620.  
  621.  
  622. # Jail for more extended banning of persistent abusers
  623. # !!! WARNING !!!
  624. # Make sure that your loglevel specified in fail2ban.conf/.local
  625. # is not at DEBUG level -- which might then cause fail2ban to fall into
  626. # an infinite loop constantly feeding itself with non-informative lines
  627. [recidive]
  628.  
  629. enabled = false
  630. filter = recidive
  631. logpath = /var/log/fail2ban.log
  632. action = iptables-allports[name=recidive,protocol=all]
  633. sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
  634. bantime = 604800 ; 1 week
  635. findtime = 86400 ; 1 day
  636. maxretry = 5
  637.  
  638.  
  639. # PF is a BSD based firewall
  640. [ssh-pf]
  641.  
  642. enabled = false
  643. filter = sshd
  644. action = pf
  645. logpath = /var/log/messages
  646. maxretry = 5
  647.  
  648.  
  649. [3proxy]
  650.  
  651. enabled = false
  652. filter = 3proxy
  653. action = iptables[name=3proxy, port=3128, protocol=tcp]
  654. logpath = /var/log/3proxy.log
  655.  
  656.  
  657. [exim]
  658.  
  659. enabled = false
  660. filter = exim
  661. action = iptables-multiport[name=exim,port="25,465,587"]
  662. logpath = /var/log/exim/mainlog
  663.  
  664.  
  665. [exim-spam]
  666.  
  667. enabled = false
  668. filter = exim-spam
  669. action = iptables-multiport[name=exim-spam,port="25,465,587"]
  670. logpath = /var/log/exim/mainlog
  671.  
  672.  
  673. [perdition]
  674.  
  675. enabled = false
  676. filter = perdition
  677. action = iptables-multiport[name=perdition,port="110,143,993,995"]
  678. logpath = /var/log/maillog
  679.  
  680.  
  681. [uwimap-auth]
  682.  
  683. enabled = false
  684. filter = uwimap-auth
  685. action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
  686. logpath = /var/log/maillog
  687.  
  688.  
  689. [osx-ssh-ipfw]
  690.  
  691. enabled = false
  692. filter = sshd
  693. action = osx-ipfw
  694. logpath = /var/log/secure.log
  695. maxretry = 5
  696.  
  697.  
  698. [ssh-apf]
  699.  
  700. enabled = false
  701. filter = sshd
  702. action = apf[name=SSH]
  703. logpath = /var/log/secure
  704. maxretry = 5
  705.  
  706.  
  707. [osx-ssh-afctl]
  708.  
  709. enabled = false
  710. filter = sshd
  711. action = osx-afctl[bantime=600]
  712. logpath = /var/log/secure.log
  713. maxretry = 5
  714.  
  715.  
  716. [webmin-auth]
  717.  
  718. enabled = false
  719. filter = webmin-auth
  720. action = iptables-multiport[name=webmin,port="10000"]
  721. logpath = /var/log/auth.log
  722.  
  723.  
  724. # dovecot defaults to logging to the mail syslog facility
  725. # but can be set by syslog_facility in the dovecot configuration.
  726. [dovecot]
  727.  
  728. enabled = false
  729. filter = dovecot
  730. action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  731. logpath = /var/log/mail
  732.  
  733.  
  734. [dovecot-auth]
  735.  
  736. enabled = false
  737. filter = dovecot
  738. action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
  739. logpath = /var/log/mail
  740.  
  741.  
  742. [solid-pop3d]
  743.  
  744. enabled = false
  745. filter = solid-pop3d
  746. action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
  747. logpath = /var/log/mail
  748.  
  749.  
  750. [selinux-ssh]
  751. enabled = false
  752. filter = selinux-ssh
  753. action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
  754. logpath = /var/log/audit/audit.log
  755. maxretry = 5
  756.  
  757. # See the IMPORTANT note in action.d/blocklist_de.conf for when to
  758. # use this action
  759. #
  760. # Report block via blocklist.de fail2ban reporting service API
  761. # See action.d/blocklist_de.conf for more information
  762. #[ssh-blocklist]
  763. #
  764. #enabled = false
  765. #filter = sshd
  766. #action = iptables[name=SSH, port=ssh, protocol=tcp]
  767. # sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
  768. # blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
  769. #logpath = /var/log/messages
  770. #maxretry = 20
  771.  
  772.  
  773. # consider low maxretry and a long bantime
  774. # nobody except your own Nagios server should ever probe nrpe
  775. [nagios]
  776. enabled = false
  777. filter = nagios
  778. action = iptables[name=Nagios, port=5666, protocol=tcp]
  779. sendmail-whois[name=Nagios, dest=admin@serpack.de, sender=fail2ban@serpack.de, sendername="Fail2Ban"]
  780. logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
  781. maxretry = 1
  782.  
  783. [postfix-banhammer]
  784. enabled = true
  785. port = smtp,ssmtp
  786. filter = postfix
  787. action = iptables-multiport[name=PFIX, port='smtp,465,submission', protocol=tcp]
  788. logpath = /var/log/maillog
  789. maxretry = 3
  790. bantime = 7200
  791.  
  792. [dovecot-banhammer]
  793. enabled = true
  794. filter = dovecot
  795. action = iptables-multiport[name=DCOT, port='pop3,pop3s,imap,imaps', protocol=tcp]
  796. logpath = /var/log/maillog
  797. findtime = 300
  798. maxretry = 10
  799. bantime = 1800
  800.  
  801. [sasl-banhammer]
  802. enabled = true
  803. port = smtp,ssmtp
  804. filter = postfix-sasl
  805. action = iptables-multiport[name=SASL, port='smtp,465,submission', protocol=tcp]
  806. logpath = /var/log/maillog
  807. findtime = 300
  808. maxretry = 10
  809. bantime = 1800
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!