github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

debian/jail.conf: adopted few jails from "upstreams" jail.conf: asterisk, recidive, lighttpd, php-url-open

pull/808/head
Yaroslav Halchenko 2012-07-31 16:16:55 -04:00
parent 1163450227
commit 59e95b053e
2 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -14,6 +14,9 @@ fail2ban (0.8.7-1) experimental; urgency=low
- wu-ftpd: added failregex for use against syslog. Switch to monitor syslog - wu-ftpd: added failregex for use against syslog. Switch to monitor syslog
(instead of auth.log) by default (Closes: #514239) (instead of auth.log) by default (Closes: #514239)
- anchor chain name in actioncheck's for iptables actions (Closes: #672228) - anchor chain name in actioncheck's for iptables actions (Closes: #672228)
* debian/jail.conf:
- adopted few jails from "upstreams" jail.conf: asterisk, recidive,
lighttpd, php-url-open
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 31 Jul 2012 14:04:02 -0400 -- Yaroslav Halchenko <debian@onerussian.com> Tue, 31 Jul 2012 14:04:02 -0400

68
debian/jail.conf vendored
View File

@ -191,6 +191,41 @@ filter = apache-overflows
logpath = /var/log/apache*/*error.log logpath = /var/log/apache*/*error.log
maxretry = 2 maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
[php-url-fopen]
enabled = false
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
# A simple PHP-fastcgi jail which works with lighttpd.
# If you run a lighttpd server, then you probably will
# find these kinds of messages in your error_log:
# ALERT tried to register forbidden variable GLOBALS
# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
[lighttpd-fastcgi]
enabled = false
port = http,https
filter = lighttpd-fastcgi
logpath = /var/log/lighttpd/error.log
# Same as above for mod_auth
# It catches wrong authentifications
[lighttpd-auth]
enabled = false
port = http,https
filter = lighttpd-auth
logpath = /var/log/lighttpd/error.log
# #
# FTP servers # FTP servers
# #
@ -327,3 +362,36 @@ protocol = tcp
filter = named-refused filter = named-refused
logpath = /var/log/named/security.log logpath = /var/log/named/security.log
# Multiple jails, 1 per protocol, are necessary ATM:
# see https://github.com/fail2ban/fail2ban/issues/37
[asterisk-tcp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = tcp
logpath = /var/log/asterisk/messages
[asterisk-udp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/messages
# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
# Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled = false
filter = recidive
logpath = /var/log/fail2ban.log
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5