github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

ENH: purge excessive jail variations

pull/634/head
Daniel Black 11 years ago
parent
721b1473f0
commit
666fd5eceb
3 changed files with 13 additions and 172 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      config/common-paths.conf
  2. 1
      config/fedora-paths.conf
  3. 183
      config/jail.conf

1
config/common-paths.conf
Unescape View File

@ -54,3 +54,4 @@ dovecot_log = %(syslog_mail_warn)s
# Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
solidpop3d_log = %(syslog_local0)s
mysql_log = %(syslog_daemon)s

1
config/fedora-paths.conf
Unescape View File

@ -32,3 +32,4 @@ apache_access_log = /var/log/httpd/*access_log
# proftpd_log = /var/log/proftpd/auth.log
# Tested and it worked out in /var/log/messages so assuming syslog_ftp for now.
mysql_log = /var/lib/mysql/mysqld.log

183
config/jail.conf
Unescape View File

@ -222,102 +222,6 @@ logpath = %(auditd_log)s
maxretry = 5
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".
[ssh-tcpwrapper]
filter = sshd
action = hostsdeny[daemon_list=sshd]
sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath = %(sshd_log)s
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs
[sshd-route]
filter = sshd
action = route
logpath = %(sshd_log)s
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
[sshd-iptables-ipset4]
filter = sshd
action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
logpath = %(sshd_log)s
[sshd-iptables-ipset6]
filter = sshd
action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
logpath = %(sshd_log)s
[sshd-apf]
filter = sshd
action = apf[name=SSH]
logpath = %(sshd_log)s
maxretry = 5
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
# the variable "name" which contains a comma using "". The characters '' are
# valid too.
[sshd-ipfw]
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath = %(sshd_log)s
# bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
# table number must be unique.
#
# This will create a deny rule for that table ONLY if a rule
# for the table doesn't ready exist.
#
[sshd-bsd-ipfw]
filter = sshd
action = bsd-ipfw[port=ssh,table=1]
logpath = %(sshd_log)s
[sshd-pf]
# PF is a BSD based firewall
filter = sshd
action = pf
logpath = %(sshd_log)s
maxretry= 5
# ipfw for osx (less capabilities that BSD)
[osx-sshd-ipfw]
filter = sshd
action = osx-ipfw
logpath = %(sshd_log)s
[osx-sshd-afctl]
filter = sshd
action = osx-afctl[bantime=600]
logpath = %(sshd_log)s
maxretry = 5
#
# HTTP servers
#
@ -518,26 +422,6 @@ port = ftp,ftp-data,ftps,ftps-data
logpath = %(vsftpd_log)s
# Do not ban anybody. Just report information about the remote host.
# A notification is sent at most every 600 seconds (bantime).
[vsftpd-notification]
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = %(vsftpd_log)s
maxretry = 5
bantime = 1800
# Same as above but with banning the IP address.
[vsftpd-iptables]
filter = vsftpd
port = ftp,ftp-data,ftps,ftps-data
logpath = %(syslog_ftp)s
maxretry = 5
bantime = 1800
#
# Mail servers
#
@ -580,33 +464,10 @@ port = smtp,465,submission
logpath = /service/qmail/log/main/current
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper]
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=you@example.com]
logpath = %(postfix_log)s
bantime = 300
[sendmail-spam]
logpath = %(syslog_mail_warn)s
# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]
port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(syslog_mail_warn)s
[dovecot-auth]
filter = dovecot
port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
@ -628,12 +489,15 @@ logpath = %(solidpop3d_log)s
port = smtp,465,submission
logpath = /var/log/exim/mainlog
[exim-spam]
port = smtp,465,submission
logpath = /var/log/exim/mainlog
[kerio]
port = imap,smtp,imaps,465
logpath = /opt/kerio/mailserver/store/logs/security.log
@ -746,46 +610,21 @@ logpath = /var/log/freeswitch.log
maxretry = 10
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
# use [asterisk] for new jails
[asterisk-tcp]
filter = asterisk
port = 5060,5061
logpath = /var/log/asterisk/messages
maxretry = 10
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
# use [asterisk] for new jails
[asterisk-udp]
filter = asterisk
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/messages
maxretry = 10
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
# equivalent section:
# log-error=/var/log/mysqld.log
# log-warning = 2
[mysqld-auth]
port = 3306
logpath = /var/log/mysqld.log
maxretry = 5
# This requires my.cnf to contain (check the mysql version supports this)
#
# for syslog (daemon facility)
# [mysqld_safe]
# syslog
[mysqld-syslog]
#
# for own logfile
# [mysqld]
# log-error=/var/log/mysqld.log
[mysqld-auth]
port = 3306
filter = mysqld-auth
logpath = %(syslog_daemon)s
logpath = %(mysql_log)s
maxretry = 5

Write Preview
Loading…
Cancel
Save