DOC: space out jail.conf consistantly

config/jail.conf

@@ -87,8 +87,8 @@ action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
 
-# This jail forces the backend to "polling".
 
+# This jail forces the backend to "polling".
 [sasl-iptables]
 
 enabled  = false
@@ -98,16 +98,18 @@ action   = iptables[name=sasl, port=smtp, protocol=tcp]
            sendmail-whois[name=sasl, dest=you@example.com]
 logpath  = /var/log/mail.log
 
+
 # ASSP SMTP Proxy Jail
 [assp]
-enabled  = false
+
-filter   = assp
+enabled = false
-action = iptables-multiport[name=assp,port="25,465,587"]
+filter  = assp
-logpath  = /root/path/to/assp/logs/maillog.txt
+action  = iptables-multiport[name=assp,port="25,465,587"]
+logpath = /root/path/to/assp/logs/maillog.txt
+
 
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
 # used to avoid banning the user "myuser".
-
 [ssh-tcpwrapper]
 
 enabled     = false
@@ -117,17 +119,18 @@ action      = hostsdeny[daemon_list=sshd]
 ignoreregex = for myuser from
 logpath     = /var/log/sshd.log
 
+
 # Here we use blackhole routes for not requiring any additional kernel support
 # to store large volumes of banned IPs
-
 [ssh-route]
 
-enabled = false
+enabled  = false
-filter = sshd
+filter   = sshd
-action = route
+action   = route
-logpath = /var/log/sshd.log
+logpath  = /var/log/sshd.log
 maxretry = 5
 
+
 # Here we use a combination of Netfilter/Iptables and IPsets
 # for storing large volumes of banned IPs
 #
@@ -141,13 +144,16 @@ action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
 logpath  = /var/log/sshd.log
 maxretry = 5
 
+
 [ssh-iptables-ipset6]
+
 enabled  = false
 filter   = sshd
 action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
 logpath  = /var/log/sshd.log
 maxretry = 5
 
+
 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
 # table number must be unique.
 # 
@@ -155,15 +161,16 @@ maxretry = 5
 # for the table doesn't ready exist.
 #
 [ssh-bsd-ipfw]
+
 enabled  = false
 filter   = sshd
 action   = bsd-ipfw[port=ssh,table=1]
 logpath  = /var/log/auth.log
 maxretry = 5
 
+
 # This jail demonstrates the use of wildcards in "logpath".
 # Moreover, it is possible to give other files on a new line.
-
 [apache-tcpwrapper]
 
 enabled  = false
@@ -173,9 +180,9 @@ logpath  = /var/log/apache*/*error.log
            /home/www/myhomepage/error.log
 maxretry = 6
 
+
 # The hosts.deny path can be defined with the "file" argument if it is
 # not in /etc.
-
 [postfix-tcpwrapper]
 
 enabled  = false
@@ -185,9 +192,9 @@ action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
 logpath  = /var/log/postfix.log
 bantime  = 300
 
+
 # Do not ban anybody. Just report information about the remote host.
 # A notification is sent at most every 600 seconds (bantime).
-
 [vsftpd-notification]
 
 enabled  = false
@@ -197,8 +204,8 @@ logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
 
-# Same as above but with banning the IP address.
 
+# Same as above but with banning the IP address.
 [vsftpd-iptables]
 
 enabled  = false
@@ -209,9 +216,9 @@ logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
 
+
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
-
 [apache-badbots]
 
 enabled  = false
@@ -222,8 +229,8 @@ logpath  = /var/www/*/logs/access_log
 bantime  = 172800
 maxretry = 1
 
-# Use shorewall instead of iptables.
 
+# Use shorewall instead of iptables.
 [apache-shorewall]
 
 enabled  = false
@@ -232,8 +239,8 @@ action   = shorewall
            sendmail[name=Postfix, dest=you@example.com]
 logpath  = /var/log/apache2/error_log
 
-# Monitor roundcube server
 
+# Monitor roundcube server
 [roundcube-iptables]
 
 enabled  = false
@@ -243,7 +250,6 @@ logpath  = /var/log/roundcube/userlogins
 
 
 # Monitor SOGo groupware server
-
 [sogo-iptables]
 
 enabled  = false
@@ -253,41 +259,43 @@ filter   = sogo-auth
 action   = iptables-multiport[name=SOGo, port="http,https"]
 logpath  = /var/log/sogo/sogo.log
 
+
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
-
 [php-url-fopen]
 
-enabled = false
+enabled  = false
-action  = iptables-multiport[name=php-url-open, port="http,https"]
+action   = iptables-multiport[name=php-url-open, port="http,https"]
-filter  = php-url-fopen
+filter   = php-url-fopen
-logpath = /var/www/*/logs/access_log
+logpath  = /var/www/*/logs/access_log
 maxretry = 1
 
+
 [suhosin]
 
-enabled = false
+enabled  = false
-filter  = suhosin
+filter   = suhosin
-action  = iptables-multiport[name=suhosin, port="http,https"]
+action   = iptables-multiport[name=suhosin, port="http,https"]
 # adapt the following two items as needed
-logpath = /var/log/lighttpd/error.log
+logpath  = /var/log/lighttpd/error.log
 maxretry = 2
 
+
 [lighttpd-auth]
 
-enabled = false
+enabled  = false
-filter  = lighttpd-auth
+filter   = lighttpd-auth
-action  = iptables-multiport[name=lighttpd-auth, port="http,https"]
+action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
 # adapt the following two items as needed
-logpath = /var/log/lighttpd/error.log
+logpath  = /var/log/lighttpd/error.log
 maxretry = 2
 
+
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
 # option is overridden in this jail. Moreover, the action "mail-whois" defines
 # the variable "name" which contains a comma using "". The characters '' are
 # valid too.
-
 [ssh-ipfw]
 
 enabled  = false
@@ -297,6 +305,7 @@ action   = ipfw[localhost=192.168.0.1]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
 
+
 # These jails block attacks against named (bind9). By default, logging is off
 # with bind9 installation. You will need something like this:
 #
@@ -332,7 +341,6 @@ ignoreip = 168.192.0.1
 # ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
-
 [named-refused-tcp]
 
 enabled  = false
@@ -342,6 +350,7 @@ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
 logpath  = /var/log/named/security.log
 ignoreip = 168.192.0.1
 
+
 [asterisk]
 
 enabled  = false
@@ -353,6 +362,7 @@ logpath  = /var/log/asterisk/messages
 maxretry = 10
 
 #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
+#  use [asterisk] for new jails
 [asterisk-tcp]
 
 enabled  = false
@@ -362,6 +372,9 @@ action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 
+
+#  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
+#  use [asterisk] for new jails
 [asterisk-udp]
 
 enabled  = false
@@ -371,6 +384,7 @@ action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 
+
 # To log wrong MySQL access attempts add to /etc/my.cnf:
 # log-error=/var/log/mysqld.log
 # log-warning = 2
@@ -383,6 +397,7 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/mysqld.log
 maxretry = 5
 
+
 # If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
 [mysqld-syslog-iptables]
 
@@ -392,6 +407,7 @@ action   = iptables[name=mysql, port=3306, protocol=tcp]
 logpath  = /var/log/daemon.log
 maxretry = 5
 
+
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
 #   Make sure that your loglevel specified in fail2ban.conf/.local
@@ -408,14 +424,16 @@ bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5
 
+
 # PF is a BSD based firewall
 [ssh-pf]
 
-enabled=false
+enabled  = false
-filter = sshd
+filter   = sshd
-action = pf
+action   = pf
 logpath  = /var/log/sshd.log
-maxretry=5
+maxretry = 5
+
 
 [3proxy]
 
@@ -424,70 +442,92 @@ filter  = 3proxy
 action  = iptables[name=3proxy, port=3128, protocol=tcp]
 logpath = /var/log/3proxy.log
 
+
 [exim]
+
 enabled = false
-filter = exim
+filter  = exim
-action = iptables-multiport[name=exim,port="25,465,587"]
+action  = iptables-multiport[name=exim,port="25,465,587"]
 logpath = /var/log/exim/mainlog
 
+
 [exim-spam]
+
 enabled = false
 filter = exim-spam
 action = iptables-multiport[name=exim-spam,port="25,465,587"]
 logpath = /var/log/exim/mainlog
 
+
 [perdition]
+
 enabled = false
 filter = perdition
 action = iptables-multiport[name=perdition,port="110,143,993,995"]
 logpath = /var/log/maillog
 
+
 [uwimap-auth]
+
 enabled = false
 filter = uwimap-auth
 action = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
 logpath = /var/log/maillog
 
+
 [osx-ssh-ipfw]
+
 enabled = false
 filter = sshd
 action = osx-ipfw
 logpath = /var/log/secure.log
 
+
 [ssh-apf]
+
 enabled = false
 filter  = sshd
 action  = apf[name=SSH]
 logpath = /var/log/secure
 
+
 [osx-ssh-afctl]
+
 enabled = false
 filter = sshd
 action = osx-afctl[bantime=600]
 logpath = /var/log/secure.log
 
+
 [webmin-auth]
+
 enabled = false
 filter = webmin-auth
 action = iptables-multiport[name=webmin,port="10000"]
 logpath  = /var/log/auth.log
 
+
 # dovecot defaults to logging to the mail syslog facility
 # but can be set by syslog_facility in the dovecot configuration.
 [dovecot]
+
 enabled = false
 filter = dovecot
 action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/mail.log
 
+
 [dovecot-auth]
+
 enabled = false
 filter = dovecot
 action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
 logpath = /var/log/secure
 
+
 [selinux-ssh]
 enabled = false
 filter = selinux-ssh
 action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
 logpath = /var/log/audit/audit.log
+