- Improved configuration files

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@394 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-01 21:19:56 +00:00 · 2006-10-01 21:19:56 +00:00 · 2bcc036cf2
parent c5e8bcc7e6
commit 2bcc036cf2
12 changed files with 38 additions and 32 deletions
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@ -9,20 +9,20 @@

 # Option:  fwstart
 # Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstart = touch /tmp/fail2ban.dummy
              echo "<init>" >> /tmp/fail2ban.dummy

 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstop = rm /tmp/fail2ban.dummy

 # Option:  fwcheck
 # Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actioncheck = 

@ -34,7 +34,6 @@ actioncheck =
 #          <failtime>  unix timestamp of the last failure
 #          <bantime>  unix timestamp of the ban time
 # Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
 #
 actionban = echo "+<ip>" >> /tmp/fail2ban.dummy

@ -45,10 +44,10 @@ actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
 #          <bantime>  unix timestamp of the ban time
 #          <unbantime>  unix timestamp of the unban time
 # Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
 #
 actionunban = echo "-<ip>" >> /tmp/fail2ban.dummy

 [Init]

 init = 123
+
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@ -9,19 +9,19 @@

 # Option:  fwstart
 # Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstart = touch <tmpfile>

 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstop = rm -f <tmpfile>

 # Option:  fwcheck
 # Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actioncheck = 

@ -33,7 +33,6 @@ actioncheck =
 #          <failtime>  unix timestamp of the last failure
 #          <bantime>  unix timestamp of the ban time
 # Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
 #
 actionban = IP=<ip> &&
            echo "ALL: $IP" >> <file>
@ -45,7 +44,6 @@ actionban = IP=<ip> &&
 #          <bantime>  unix timestamp of the ban time
 #          <unbantime>  unix timestamp of the unban time
 # Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
 #
 actionunban = IP=<ip> &&
              grep -v "ALL: $IP" <file> > <tmpfile> &&
@ -64,3 +62,4 @@ file = /etc/hosts.deny
 # Values:  STR  Default:  /etc/hostsdeny.failban
 #
 tmpfile = /tmp/hosts.deny.tmp
+
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@ -9,7 +9,7 @@

 # Option:  fwstart
 # Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
@ -17,7 +17,7 @@ actionstart = iptables -N fail2ban-<name>

 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
             iptables -F fail2ban-<name>
@ -25,7 +25,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>

 # Option:  fwcheck
 # Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actioncheck = iptables -L INPUT | grep -q fail2ban-<name>

@ -37,7 +37,6 @@ actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
 #          <failtime>  unix timestamp of the last failure
 #          <bantime>  unix timestamp of the ban time
 # Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
 #
 actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP

@ -48,7 +47,6 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <bantime>  unix timestamp of the ban time
 #          <unbantime>  unix timestamp of the unban time
 # Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
 #
 actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP

@ -69,3 +67,4 @@ port = ssh
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
+
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@ -9,7 +9,7 @@

 # Option:  fwstart
 # Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstart = echo -en "Hi,\n
              The jail <name> has been started successfuly.\n
@ -18,7 +18,7 @@ actionstart = echo -en "Hi,\n

 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstop = echo -en "Hi,\n
             The jail <name> has been stopped.\n
@ -27,7 +27,7 @@ actionstop = echo -en "Hi,\n

 # Option:  fwcheck
 # Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actioncheck = 

@ -39,7 +39,6 @@ actioncheck =
 #          <failtime>  unix timestamp of the last failure
 #          <bantime>  unix timestamp of the ban time
 # Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
 #
 actionban = echo -en "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
@ -56,7 +55,6 @@ actionban = echo -en "Hi,\n
 #          <bantime>  unix timestamp of the ban time
 #          <unbantime>  unix timestamp of the unban time
 # Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
 #
 actionunban = 

@ -69,3 +67,4 @@ name = default
 # Destinataire of the mail
 #
 dest = root
+
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@ -9,7 +9,7 @@

 # Option:  fwstart
 # Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstart = echo -en "Hi,\n
              The jail <name> has been started successfuly.\n
@ -18,7 +18,7 @@ actionstart = echo -en "Hi,\n

 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actionstop = echo -en "Hi,\n
             The jail <name> has been stopped.\n
@ -27,7 +27,7 @@ actionstop = echo -en "Hi,\n

 # Option:  fwcheck
 # Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
+# Values:  CMD
 #
 actioncheck = 

@ -39,7 +39,6 @@ actioncheck =
 #          <failtime>  unix timestamp of the last failure
 #          <bantime>  unix timestamp of the ban time
 # Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
 #
 actionban = echo -en "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
@ -54,7 +53,6 @@ actionban = echo -en "Hi,\n
 #          <bantime>  unix timestamp of the ban time
 #          <unbantime>  unix timestamp of the unban time
 # Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
 #
 actionunban = 

@ -67,3 +65,4 @@ name = default
 # Destinataire of the mail
 #
 dest = root
+
--- a/config/filter.d/apache-auth.conf
+++ b/config/filter.d/apache-auth.conf
@ -9,6 +9,6 @@

 # Option:  failregex
 # Notes.:  regex to match the password failure messages in the logfile.
-# Values:  TEXT  Default:  authentication failure|user .* not found
+# Values:  TEXT
 #
-failregex = authentication failure|user .* not found
+failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@ -9,6 +9,6 @@

 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile.
-# Values:  TEXT  Default:
+# Values:  TEXT
 #
 failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@ -9,6 +9,6 @@

 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile.
-# Values:  TEXT  Default:
+# Values:  TEXT
 #
 failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@ -9,6 +9,6 @@

 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile.
-# Values:  TEXT  Default:
+# Values:  TEXT
 #
 failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -9,7 +9,7 @@

 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile.
-# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
+# Values:  TEXT
 #
 failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@ -9,6 +9,6 @@

 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile.
-# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+# Values: TEXT
 #
 failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
--- a/config/jail.conf
+++ b/config/jail.conf
@ -52,6 +52,17 @@ action   = hostsdeny
           mail-whois[name=SSH, dest=yourmail@mail.com]
 logpath  = /var/log/sshd.log

+# This jail demonstrates the use of wildcards in "logpath".
+# Moreover, it is possible to give other files on a new line.
+
+[apache-tcpwrapper]
+
+enabled  = false
+filter	 = apache-auth
+action   = hostsdeny
+logpath  = /var/log/apache*/*access.log
+           /home/www/myhomepage/access.log
+maxretry = 6

 # The hosts.deny path can be defined with the "file" argument if it is
 # not in /etc.