diff --git a/CHANGELOG b/CHANGELOG index 368e85fd..640637a0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -15,6 +15,7 @@ ver. 0.7.4 (2006/??/??) - beta - Added "-s" option to specify the socket path and "socket" option in "fail2ban.conf" - Added "backend" option in "jail.conf" +- Added more filters/actions and jail samples ver. 0.7.3 (2006/09/28) - beta ---------- diff --git a/MANIFEST b/MANIFEST index 8471b676..3a93f473 100644 --- a/MANIFEST +++ b/MANIFEST @@ -62,6 +62,7 @@ config/action.d/iptables.conf config/action.d/mail-whois.conf config/action.d/mail.conf config/action.d/hostsdeny.conf +config/action.d/shorewall.conf config/fail2ban.conf man/fail2ban-client.1 man/fail2ban-client.h2m diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf new file mode 100644 index 00000000..984f91b2 --- /dev/null +++ b/config/action.d/shorewall.conf @@ -0,0 +1,47 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# $Revision: 394 $ +# + +[Definition] + +# Option: fwstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: fwend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: fwcheck +# Notes.: command executed once before each fwban command +# Values: CMD +# +actioncheck = + +# Option: fwban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +# unix timestamp of the last failure +# unix timestamp of the ban time +# Values: CMD +# +actionban = shorewall reject + +# Option: fwunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# unix timestamp of the ban time +# unix timestamp of the unban time +# Values: CMD +# +actionunban = shorewall allow diff --git a/config/jail.conf b/config/jail.conf index 02c3576a..3716d783 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -15,6 +15,10 @@ ignoreip = 127.0.0.1 bantime = 600 maxretry = 3 +# "backend" specifies the backend used to get files modification. Available +# options are "gamin", "polling" and "auto". +backend = auto + # This jail corresponds to the standard configuration in Fail2ban 0.6. # The mail-whois action send a notification e-mail with a whois request @@ -38,10 +42,13 @@ action = iptables[name=ProFTPD, port=ftp, protocol=tcp] logpath = /var/log/proftpd/proftpd.log maxretry = 6 +# This jail forces the backend to "polling". + [sasl-iptables] enabled = false filter = sasl +backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] mail-whois[name=sasl, dest=yourmail@mail.com] logpath = /var/log/mail.log @@ -104,3 +111,13 @@ action = mail-whois[name=VSFTPD, dest=yourmail@mail.com] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 + +# Use shorewall instead of iptables. + +[apache-shorewall] + +enabled = false +filter = apache-noscript +action = shorewall + mail[name=Postfix, dest=yourmail@mail.com] +logpath = /var/log/apache2/error_log diff --git a/setup.py b/setup.py index 588dfc7c..b9896166 100755 --- a/setup.py +++ b/setup.py @@ -30,6 +30,7 @@ from distutils.core import setup from version import version from os.path import isfile, join from sys import exit, argv +from glob import glob longdesc = ''' Fail2Ban scans log files like /var/log/pwdfail or @@ -60,31 +61,13 @@ setup( ], data_files = [ ('/etc/fail2ban', - [ - 'config/fail2ban.conf', - 'config/jail.conf' - ] + glob("config/*.conf") ), ('/etc/fail2ban/filter.d', - [ - 'config/filter.d/vsftpd.conf', - 'config/filter.d/apache-auth.conf', - 'config/filter.d/apache-noscript.conf', - 'config/filter.d/proftpd.conf', - 'config/filter.d/sasl.conf', - 'config/filter.d/sshd.conf', - 'config/filter.d/couriersmtp.conf', - 'config/filter.d/postfix.conf', - 'config/filter.d/qmail.conf' - ] + glob("config/filter.d/*.conf") ), ('/etc/fail2ban/action.d', - [ - 'config/action.d/iptables.conf', - 'config/action.d/mail-whois.conf', - 'config/action.d/mail.conf', - 'config/action.d/hostsdeny.conf' - ] + glob("config/action.d/*.conf") ) ] )