mirror of https://github.com/fail2ban/fail2ban
added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6}, roundcube-auth, sogo-auth, mysqld-auth
Yaroslav Halchenko
parent
4361f4c869
commit
30adad2029
|
|
@ -8,10 +8,12 @@ fail2ban (0.8.9-1) unstable; urgency=low
|
||||||
* debian/jail.conf:
|
* debian/jail.conf:
|
||||||
- added findtime and documentation on those basic options from jail.conf
|
- added findtime and documentation on those basic options from jail.conf
|
||||||
(Closes: #704568)
|
(Closes: #704568)
|
||||||
|
- added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6},
|
||||||
|
roundcube-auth, sogo-auth, mysqld-auth
|
||||||
* debian/control:
|
* debian/control:
|
||||||
- suggest system-log-daemon (Closes: #691001)
|
- suggest system-log-daemon (Closes: #691001)
|
||||||
|
|
||||||
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 13 May 2013 11:03:44 -0400
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 13 May 2013 11:18:20 -0400
|
||||||
|
|
||||||
fail2ban (0.8.8-1+lucid0) UNRELEASED; urgency=low
|
fail2ban (0.8.8-1+lucid0) UNRELEASED; urgency=low
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -161,6 +161,42 @@ filter = sshd-ddos
|
||||||
logpath = /var/log/auth.log
|
logpath = /var/log/auth.log
|
||||||
maxretry = 6
|
maxretry = 6
|
||||||
|
|
||||||
|
|
||||||
|
# Here we use blackhole routes for not requiring any additional kernel support
|
||||||
|
# to store large volumes of banned IPs
|
||||||
|
|
||||||
|
[ssh-route]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = sshd
|
||||||
|
action = route
|
||||||
|
logpath = /var/log/sshd.log
|
||||||
|
maxretry = 6
|
||||||
|
|
||||||
|
# Here we use a combination of Netfilter/Iptables and IPsets
|
||||||
|
# for storing large volumes of banned IPs
|
||||||
|
#
|
||||||
|
# IPset comes in two versions. See ipset -V for which one to use
|
||||||
|
# requires the ipset package and kernel support.
|
||||||
|
[ssh-iptables-ipset4]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
port = ssh
|
||||||
|
filter = sshd
|
||||||
|
banaction = iptables-ipset-proto4
|
||||||
|
logpath = /var/log/sshd.log
|
||||||
|
maxretry = 6
|
||||||
|
|
||||||
|
[ssh-iptables-ipset6]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
port = ssh
|
||||||
|
filter = sshd
|
||||||
|
banaction = iptables-ipset-proto6
|
||||||
|
logpath = /var/log/sshd.log
|
||||||
|
maxretry = 6
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# HTTP servers
|
# HTTP servers
|
||||||
#
|
#
|
||||||
|
|
@ -233,6 +269,25 @@ port = http,https
|
||||||
filter = lighttpd-auth
|
filter = lighttpd-auth
|
||||||
logpath = /var/log/lighttpd/error.log
|
logpath = /var/log/lighttpd/error.log
|
||||||
|
|
||||||
|
# Monitor roundcube server
|
||||||
|
|
||||||
|
[roundcube-auth]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = roundcube-auth
|
||||||
|
port = http,https
|
||||||
|
logpath = /var/log/roundcube/userlogins
|
||||||
|
|
||||||
|
|
||||||
|
[sogo-auth]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = sogo-auth
|
||||||
|
port = http, https
|
||||||
|
# without proxy this would be:
|
||||||
|
# port = 20000
|
||||||
|
logpath = /var/log/sogo/sogo.log
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# FTP servers
|
# FTP servers
|
||||||
|
|
@ -328,6 +383,17 @@ port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
|
||||||
filter = dovecot
|
filter = dovecot
|
||||||
logpath = /var/log/mail.log
|
logpath = /var/log/mail.log
|
||||||
|
|
||||||
|
# To log wrong MySQL access attempts add to /etc/my.cnf:
|
||||||
|
# log-error=/var/log/mysqld.log
|
||||||
|
# log-warning = 2
|
||||||
|
[mysqld-auth]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = mysqld-auth
|
||||||
|
port = 3306
|
||||||
|
logpath = /var/log/mysqld.log
|
||||||
|
|
||||||
|
|
||||||
# DNS Servers
|
# DNS Servers
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue