github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Improved configuration files 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 2006-10-01 21:19:56 +00:00
parent c5e8bcc7e6
commit 2bcc036cf2
12 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/action.d/dummy.conf
View File

@ -9,20 +9,20 @@
# Option: fwstart # Option: fwstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default: # Values: CMD
# #
actionstart = touch /tmp/fail2ban.dummy actionstart = touch /tmp/fail2ban.dummy
echo "<init>" >> /tmp/fail2ban.dummy echo "<init>" >> /tmp/fail2ban.dummy
# Option: fwend # Option: fwend
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default: # Values: CMD
# #
actionstop = rm /tmp/fail2ban.dummy actionstop = rm /tmp/fail2ban.dummy
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
# Values: CMD Default: # Values: CMD
# #
actioncheck = actioncheck =
@ -34,7 +34,6 @@ actioncheck =
# <failtime> unix timestamp of the last failure # <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
# #
actionban = echo "+<ip>" >> /tmp/fail2ban.dummy actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
@ -45,10 +44,10 @@ actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time # <unbantime> unix timestamp of the unban time
# Values: CMD # Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
# #
actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy
[Init] [Init]
init = 123 init = 123

9
config/action.d/hostsdeny.conf
View File

@ -9,19 +9,19 @@
# Option: fwstart # Option: fwstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default: # Values: CMD
# #
actionstart = touch <tmpfile> actionstart = touch <tmpfile>
# Option: fwend # Option: fwend
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default: # Values: CMD
# #
actionstop = rm -f <tmpfile> actionstop = rm -f <tmpfile>
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
# Values: CMD Default: # Values: CMD
# #
actioncheck = actioncheck =
@ -33,7 +33,6 @@ actioncheck =
# <failtime> unix timestamp of the last failure # <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
# #
actionban = IP=<ip> && actionban = IP=<ip> &&
echo "ALL: $IP" >> <file> echo "ALL: $IP" >> <file>
@ -45,7 +44,6 @@ actionban = IP=<ip> &&
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time # <unbantime> unix timestamp of the unban time
# Values: CMD # Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
# #
actionunban = IP=<ip> && actionunban = IP=<ip> &&
grep -v "ALL: $IP" <file> > <tmpfile> && grep -v "ALL: $IP" <file> > <tmpfile> &&
@ -64,3 +62,4 @@ file = /etc/hosts.deny
# Values: STR Default: /etc/hostsdeny.failban # Values: STR Default: /etc/hostsdeny.failban
# #
tmpfile = /tmp/hosts.deny.tmp tmpfile = /tmp/hosts.deny.tmp

9
config/action.d/iptables.conf
View File

@ -9,7 +9,7 @@
# Option: fwstart # Option: fwstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default: # Values: CMD
# #
actionstart = iptables -N fail2ban-<name> actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN iptables -A fail2ban-<name> -j RETURN
@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>
# Option: fwend # Option: fwend
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default: # Values: CMD
# #
actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name> actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name> iptables -F fail2ban-<name>
@ -25,7 +25,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
# Values: CMD Default: # Values: CMD
# #
actioncheck = iptables -L INPUT | grep -q fail2ban-<name> actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
@ -37,7 +37,6 @@ actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
# <failtime> unix timestamp of the last failure # <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
# #
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
@ -48,7 +47,6 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time # <unbantime> unix timestamp of the unban time
# Values: CMD # Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
# #
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
@ -69,3 +67,4 @@ port = ssh
# Values: [ tcp | udp | icmp | all ] Default: tcp # Values: [ tcp | udp | icmp | all ] Default: tcp
# #
protocol = tcp protocol = tcp

9
config/action.d/mail-whois.conf
View File

@ -9,7 +9,7 @@
# Option: fwstart # Option: fwstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default: # Values: CMD
# #
actionstart = echo -en "Hi,\n actionstart = echo -en "Hi,\n
The jail <name> has been started successfuly.\n The jail <name> has been started successfuly.\n
@ -18,7 +18,7 @@ actionstart = echo -en "Hi,\n
# Option: fwend # Option: fwend
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default: # Values: CMD
# #
actionstop = echo -en "Hi,\n actionstop = echo -en "Hi,\n
The jail <name> has been stopped.\n The jail <name> has been stopped.\n
@ -27,7 +27,7 @@ actionstop = echo -en "Hi,\n
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
# Values: CMD Default: # Values: CMD
# #
actioncheck = actioncheck =
@ -39,7 +39,6 @@ actioncheck =
# <failtime> unix timestamp of the last failure # <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
# #
actionban = echo -en "Hi,\n actionban = echo -en "Hi,\n
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
@ -56,7 +55,6 @@ actionban = echo -en "Hi,\n
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time # <unbantime> unix timestamp of the unban time
# Values: CMD # Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
# #
actionunban = actionunban =
@ -69,3 +67,4 @@ name = default
# Destinataire of the mail # Destinataire of the mail
# #
dest = root dest = root

9
config/action.d/mail.conf
View File

@ -9,7 +9,7 @@
# Option: fwstart # Option: fwstart
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default: # Values: CMD
# #
actionstart = echo -en "Hi,\n actionstart = echo -en "Hi,\n
The jail <name> has been started successfuly.\n The jail <name> has been started successfuly.\n
@ -18,7 +18,7 @@ actionstart = echo -en "Hi,\n
# Option: fwend # Option: fwend
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default: # Values: CMD
# #
actionstop = echo -en "Hi,\n actionstop = echo -en "Hi,\n
The jail <name> has been stopped.\n The jail <name> has been stopped.\n
@ -27,7 +27,7 @@ actionstop = echo -en "Hi,\n
# Option: fwcheck # Option: fwcheck
# Notes.: command executed once before each fwban command # Notes.: command executed once before each fwban command
# Values: CMD Default: # Values: CMD
# #
actioncheck = actioncheck =
@ -39,7 +39,6 @@ actioncheck =
# <failtime> unix timestamp of the last failure # <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# Values: CMD # Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
# #
actionban = echo -en "Hi,\n actionban = echo -en "Hi,\n
The IP <ip> has just been banned by Fail2Ban after The IP <ip> has just been banned by Fail2Ban after
@ -54,7 +53,6 @@ actionban = echo -en "Hi,\n
# <bantime> unix timestamp of the ban time # <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time # <unbantime> unix timestamp of the unban time
# Values: CMD # Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
# #
actionunban = actionunban =
@ -67,3 +65,4 @@ name = default
# Destinataire of the mail # Destinataire of the mail
# #
dest = root dest = root

4
config/filter.d/apache-auth.conf
View File

@ -9,6 +9,6 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failure messages in the logfile. # Notes.: regex to match the password failure messages in the logfile.
# Values: TEXT Default: authentication failure|user .* not found # Values: TEXT
# #
failregex = authentication failure|user .* not found failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)

2
config/filter.d/couriersmtp.conf
View File

@ -9,6 +9,6 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: # Values: TEXT
# #
failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown

2
config/filter.d/postfix.conf
View File

@ -9,6 +9,6 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: # Values: TEXT
# #
failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554 failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554

2
config/filter.d/qmail.conf
View File

@ -9,6 +9,6 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: # Values: TEXT
# #
failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*) failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)

2
config/filter.d/sshd.conf
View File

@ -9,7 +9,7 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user # Values: TEXT
# #
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*) failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

2
config/filter.d/vsftpd.conf
View File

@ -9,6 +9,6 @@
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. # Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user # Values: TEXT
# #
failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*) failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)

11
config/jail.conf
View File

@ -52,6 +52,17 @@ action = hostsdeny
mail-whois[name=SSH, dest=yourmail@mail.com] mail-whois[name=SSH, dest=yourmail@mail.com]
logpath = /var/log/sshd.log logpath = /var/log/sshd.log
# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.
[apache-tcpwrapper]
enabled = false
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache*/*access.log
/home/www/myhomepage/access.log
maxretry = 6
# The hosts.deny path can be defined with the "file" argument if it is # The hosts.deny path can be defined with the "file" argument if it is
# not in /etc. # not in /etc.