DOC: space out jail.conf consistantly

2013-10-30 20:34:06 +11:00 · 2013-10-30 20:34:06 +11:00 · 7ab909d056
parent 95f3f38682
commit 7ab909d056
1 changed files with 80 additions and 40 deletions
--- a/config/jail.conf
+++ b/config/jail.conf
@ -87,8 +87,8 @@ action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6

-# This jail forces the backend to "polling".

+# This jail forces the backend to "polling".
 [sasl-iptables]

 enabled  = false
@ -98,16 +98,18 @@ action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, dest=you@example.com]
 logpath  = /var/log/mail.log

+
 # ASSP SMTP Proxy Jail
 [assp]
-enabled  = false
-filter   = assp
-action = iptables-multiport[name=assp,port="25,465,587"]
-logpath  = /root/path/to/assp/logs/maillog.txt
+
+enabled = false
+filter  = assp
+action  = iptables-multiport[name=assp,port="25,465,587"]
+logpath = /root/path/to/assp/logs/maillog.txt
+

 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
 # used to avoid banning the user "myuser".
-
 [ssh-tcpwrapper]

 enabled     = false
@ -117,17 +119,18 @@ action      = hostsdeny[daemon_list=sshd]
 ignoreregex = for myuser from
 logpath     = /var/log/sshd.log

+
 # Here we use blackhole routes for not requiring any additional kernel support
 # to store large volumes of banned IPs
-
 [ssh-route]

-enabled = false
-filter = sshd
-action = route
-logpath = /var/log/sshd.log
+enabled  = false
+filter   = sshd
+action   = route
+logpath  = /var/log/sshd.log
 maxretry = 5

+
 # Here we use a combination of Netfilter/Iptables and IPsets
 # for storing large volumes of banned IPs
 #
@ -141,13 +144,16 @@ action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
 logpath  = /var/log/sshd.log
 maxretry = 5

+
 [ssh-iptables-ipset6]
+
 enabled  = false
 filter   = sshd
 action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
 logpath  = /var/log/sshd.log
 maxretry = 5

+
 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
 # table number must be unique.
 # 
@ -155,15 +161,16 @@ maxretry = 5
 # for the table doesn't ready exist.
 #
 [ssh-bsd-ipfw]
+
 enabled  = false
 filter   = sshd
 action   = bsd-ipfw[port=ssh,table=1]
 logpath  = /var/log/auth.log
 maxretry = 5

+
 # This jail demonstrates the use of wildcards in "logpath".
 # Moreover, it is possible to give other files on a new line.
-
 [apache-tcpwrapper]

 enabled  = false
@ -173,9 +180,9 @@ logpath  = /var/log/apache*/*error.log
           /home/www/myhomepage/error.log
 maxretry = 6

+
 # The hosts.deny path can be defined with the "file" argument if it is
 # not in /etc.
-
 [postfix-tcpwrapper]

 enabled  = false
@ -185,9 +192,9 @@ action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
 logpath  = /var/log/postfix.log
 bantime  = 300

+
 # Do not ban anybody. Just report information about the remote host.
 # A notification is sent at most every 600 seconds (bantime).
-
 [vsftpd-notification]

 enabled  = false
@ -197,8 +204,8 @@ logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800

-# Same as above but with banning the IP address.

+# Same as above but with banning the IP address.
 [vsftpd-iptables]

 enabled  = false
@ -209,9 +216,9 @@ logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800

+
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
-
 [apache-badbots]

 enabled  = false
@ -222,8 +229,8 @@ logpath  = /var/www/*/logs/access_log
 bantime  = 172800
 maxretry = 1

-# Use shorewall instead of iptables.

+# Use shorewall instead of iptables.
 [apache-shorewall]

 enabled  = false
@ -232,8 +239,8 @@ action   = shorewall
           sendmail[name=Postfix, dest=you@example.com]
 logpath  = /var/log/apache2/error_log

-# Monitor roundcube server

+# Monitor roundcube server
 [roundcube-iptables]

 enabled  = false
@ -243,7 +250,6 @@ logpath  = /var/log/roundcube/userlogins


 # Monitor SOGo groupware server
-
 [sogo-iptables]

 enabled  = false
@ -253,41 +259,43 @@ filter   = sogo-auth
 action   = iptables-multiport[name=SOGo, port="http,https"]
 logpath  = /var/log/sogo/sogo.log

+
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
-
 [php-url-fopen]

-enabled = false
-action  = iptables-multiport[name=php-url-open, port="http,https"]
-filter  = php-url-fopen
-logpath = /var/www/*/logs/access_log
+enabled  = false
+action   = iptables-multiport[name=php-url-open, port="http,https"]
+filter   = php-url-fopen
+logpath  = /var/www/*/logs/access_log
 maxretry = 1

+
 [suhosin]

-enabled = false
-filter  = suhosin
-action  = iptables-multiport[name=suhosin, port="http,https"]
+enabled  = false
+filter   = suhosin
+action   = iptables-multiport[name=suhosin, port="http,https"]
 # adapt the following two items as needed
-logpath = /var/log/lighttpd/error.log
+logpath  = /var/log/lighttpd/error.log
 maxretry = 2

+
 [lighttpd-auth]

-enabled = false
-filter  = lighttpd-auth
-action  = iptables-multiport[name=lighttpd-auth, port="http,https"]
+enabled  = false
+filter   = lighttpd-auth
+action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
 # adapt the following two items as needed
-logpath = /var/log/lighttpd/error.log
+logpath  = /var/log/lighttpd/error.log
 maxretry = 2

+
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
 # option is overridden in this jail. Moreover, the action "mail-whois" defines
 # the variable "name" which contains a comma using "". The characters '' are
 # valid too.
-
 [ssh-ipfw]

 enabled  = false
@ -297,6 +305,7 @@ action   = ipfw[localhost=192.168.0.1]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1

+
 # These jails block attacks against named (bind9). By default, logging is off
 # with bind9 installation. You will need something like this:
 #
@ -332,7 +341,6 @@ ignoreip = 168.192.0.1
 # ignoreip = 168.192.0.1

 # This jail blocks TCP traffic for DNS requests.
-
 [named-refused-tcp]

 enabled  = false
@ -342,6 +350,7 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1

+
 [asterisk]

 enabled  = false
@ -353,6 +362,7 @@ logpath  = /var/log/asterisk/messages
 maxretry = 10

 #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
+#  use [asterisk] for new jails
 [asterisk-tcp]

 enabled  = false
@ -362,6 +372,9 @@ action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10

+
+#  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
+#  use [asterisk] for new jails
 [asterisk-udp]

 enabled  = false
@ -371,6 +384,7 @@ action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10

+
 # To log wrong MySQL access attempts add to /etc/my.cnf:
 # log-error=/var/log/mysqld.log
 # log-warning = 2
@ -383,6 +397,7 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/mysqld.log
 maxretry = 5

+
 # If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
 [mysqld-syslog-iptables]

@ -392,6 +407,7 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/daemon.log
 maxretry = 5

+
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
 #   Make sure that your loglevel specified in fail2ban.conf/.local
@ -408,14 +424,16 @@ bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5

+
 # PF is a BSD based firewall
 [ssh-pf]

-enabled=false
-filter = sshd
-action = pf
+enabled  = false
+filter   = sshd
+action   = pf
 logpath  = /var/log/sshd.log
-maxretry=5
+maxretry = 5
+

 [3proxy]

@ -424,70 +442,92 @@ filter  = 3proxy
 action  = iptables[name=3proxy, port=3128, protocol=tcp]
 logpath = /var/log/3proxy.log

+
 [exim]
+
 enabled = false
-filter = exim
-action = iptables-multiport[name=exim,port="25,465,587"]
+filter  = exim
+action  = iptables-multiport[name=exim,port="25,465,587"]
 logpath = /var/log/exim/mainlog

+
 [exim-spam]
+
 enabled = false
 filter = exim-spam
 action = iptables-multiport[name=exim-spam,port="25,465,587"]
 logpath = /var/log/exim/mainlog

+
 [perdition]
+
 enabled = false
 filter = perdition
 action = iptables-multiport[name=perdition,port="110,143,993,995"]
 logpath = /var/log/maillog

+
 [uwimap-auth]
+
 enabled = false
 filter = uwimap-auth
 action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
 logpath = /var/log/maillog

+
 [osx-ssh-ipfw]
+
 enabled = false
 filter = sshd
 action = osx-ipfw
 logpath = /var/log/secure.log

+
 [ssh-apf]
+
 enabled = false
 filter  = sshd
 action  = apf[name=SSH]
 logpath = /var/log/secure

+
 [osx-ssh-afctl]
+
 enabled = false
 filter = sshd
 action = osx-afctl[bantime=600]
 logpath = /var/log/secure.log

+
 [webmin-auth]
+
 enabled = false
 filter = webmin-auth
 action = iptables-multiport[name=webmin,port="10000"]
 logpath  = /var/log/auth.log

+
 # dovecot defaults to logging to the mail syslog facility
 # but can be set by syslog_facility in the dovecot configuration.
 [dovecot]
+
 enabled = false
 filter = dovecot
 action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/mail.log

+
 [dovecot-auth]
+
 enabled = false
 filter = dovecot
 action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/secure

+
 [selinux-ssh]
 enabled = false
 filter = selinux-ssh
 action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
 logpath = /var/log/audit/audit.log
+