Merge branch 'debian' into build

* debian: 2 new jails: xinetd-fail, apache-overflows added to jails.conf minor: adjusted comment for named jails to come closer to upstream BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted
2008-03-05 23:30:41 -05:00 · 2008-03-05 23:30:41 -05:00 · 21a7928c64
parent eede41f62b a88fd271c4
commit 21a7928c64
1 changed files with 32 additions and 6 deletions
--- a/debian/jail.conf
+++ b/debian/jail.conf
@ -109,6 +109,15 @@ port     = anyport
 logpath  = /var/log/auth.log
 maxretry = 6

+[xinetd-fail]
+
+enabled   = false
+filter    = xinetd-fail
+port      = all
+banaction = iptables-multiport-log
+logpath   = /var/log/daemon.log
+maxretry  = 2
+

 [ssh-ddos]

@ -127,7 +136,7 @@ maxretry = 6
 enabled = false
 port	= http,https
 filter	= apache-auth
-logpath = /var/log/apache*/*access.log
+logpath = /var/log/apache*/*error.log
 maxretry = 6

 # default action is now multiport, so apache-multiport jail was left
@ -137,7 +146,7 @@ maxretry = 6
 enabled   = false
 port	  = http,https
 filter	  = apache-auth
-logpath   = /var/log/apache*/*access.log
+logpath   = /var/log/apache*/*error.log
 maxretry  = 6

 [apache-noscript]
@ -148,6 +157,14 @@ filter  = apache-noscript
 logpath = /var/log/apache*/*error.log
 maxretry = 6

+[apache-overflows]
+
+enabled = false
+port    = http,https
+filter  = apache-overflows
+logpath = /var/log/apache*/*error.log
+maxretry = 2
+
 #
 # FTP servers
 #
@ -226,12 +243,21 @@ logpath  = /var/log/mail.log

 # DNS Servers

-# Mention: by default logging is off with bind installation.
-# Need smth like
+
+# These jails block attacks against named (bind9). By default, logging is off
+# with bind9 installation. You will need something like this:
+#
 # logging {
-#       channel security_file { file "/var/log/named/security.log" versions 3 size 30m; severity dynamic; print-time yes; };
-# 		category security { security_file; };
+#     channel security_file {
+#         file "/var/log/named/security.log" versions 3 size 30m;
+#         severity dynamic;
+#         print-time yes;
+#     };
+#     category security {
+#         security_file;
+#     };
 # }
+#
 # in your named.conf to provide proper logging

 # Word of Caution: