mirror of https://github.com/fail2ban/fail2ban
ENH: framework for distro paths
Daniel Black
parent
1a1e3bec86
commit
83266eb668
|
|
@ -33,12 +33,26 @@ lighttpd_error_log = /var/log/lighttpd/error.log
|
|||
suhosin_log = %(syslog_user)s %(lighttpd_error_log)s
|
||||
|
||||
# defaults to ftp or local2 if ftp doesn't exist
|
||||
proftpd_log = %(syslog_ftp)s
|
||||
proftpd_log = %(syslog_ftp)s
|
||||
|
||||
# http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
|
||||
# defaults to ftp but can be overwritten.
|
||||
pureftpd_log = %(syslog_ftp)s
|
||||
|
||||
# ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
|
||||
#
|
||||
wuftpd_log = %(syslog_ftp)s
|
||||
|
||||
# syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
|
||||
# No distro seems to set it to syslog by default
|
||||
# If syslog set it defaults to ftp facility if exists at compile time otherwise falls back to daemonlog.
|
||||
vsftpd_log = /var/log/vsftpd.log
|
||||
|
||||
# Technically syslog_facility in main.cf can overwrite but no-one sane does this.
|
||||
postfix_log = %(syslog_mail_warn)s
|
||||
|
||||
dovecot_log = %(syslog_mail_warn)s
|
||||
|
||||
# Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
|
||||
solidpop3d_log = %(syslog_local0)s
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ syslog_auth = /var/log/auth.log
|
|||
|
||||
syslog_daemon = /var/log/daemon.log
|
||||
|
||||
syslog_local0 = /var/log/messages
|
||||
|
||||
syslog_user = /var/log/user.log
|
||||
|
||||
|
|
@ -29,7 +30,6 @@ apache_error_log = /var/log/apache2/*error.log
|
|||
|
||||
apache_access_log = /var/log/apache2/*access.log
|
||||
|
||||
|
||||
lighttpd_error_log = /var/log/lighttpd/error.log
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ after = paths-overrides.local
|
|||
|
||||
syslog_mail = /var/log/maillog
|
||||
|
||||
syslog_mail_warn = /var/log/mail.warn
|
||||
syslog_mail_warn = /var/log/maillog
|
||||
|
||||
syslog_authpriv = /var/log/secure
|
||||
|
||||
|
|
@ -19,12 +19,14 @@ syslog_user = /var/log/messages
|
|||
|
||||
syslog_ftp = /var/log/messages
|
||||
|
||||
syslog_daemon = /var/log/messages
|
||||
|
||||
# Or should this be /etc/httpd/logs/.. since is the original symlink?
|
||||
syslog_local0 = /var/log/messages
|
||||
|
||||
apache_error_log = /var/log/httpd/error_log
|
||||
|
||||
apache_access_log = /var/log/httpd/access_log
|
||||
apache_error_log = /var/log/httpd/*error_log
|
||||
|
||||
apache_access_log = /var/log/httpd/*access_log
|
||||
|
||||
# /etc/proftpd/proftpd.conf (ExtendedLog for Anonymous)
|
||||
# proftpd_log = /var/log/proftpd/auth.log
|
||||
|
|
|
|||
|
|
@ -8,14 +8,20 @@ after = paths-overrides.local
|
|||
|
||||
[DEFAULT]
|
||||
|
||||
# http://www.freebsd.org/doc/handbook/configtuning-syslog.html
|
||||
#
|
||||
syslog_mail = /var/log/maillog
|
||||
|
||||
syslog_mail_warn = /var/log/maillog
|
||||
|
||||
syslog_authpriv = /var/log/auth.log
|
||||
|
||||
# note - is only ftp.info - if notice /var/log/messages may be needed
|
||||
syslog_ftp = /var/log/xferlog
|
||||
|
||||
syslog_ftp = ???
|
||||
syslog_daemon = /var/log/messages
|
||||
|
||||
syslog_local0 = /var/log/messages
|
||||
|
||||
# Linux things
|
||||
# we fake to avoid parse error in startups
|
||||
|
|
|
|||
|
|
@ -479,7 +479,7 @@ logpath = /var/log/3proxy.log
|
|||
[proftpd]
|
||||
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = /var/log/proftpd/proftpd.log
|
||||
logpath = %(proftpd_log)s
|
||||
|
||||
|
||||
[pure-ftpd]
|
||||
|
|
@ -492,14 +492,14 @@ maxretry = 6
|
|||
[gssftpd]
|
||||
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = /var/log/daemon.log
|
||||
logpath = %(syslog_daemon)s
|
||||
maxretry = 6
|
||||
|
||||
|
||||
[wuftpd]
|
||||
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = /var/log/daemon.log
|
||||
logpath = %(wuftpd_log)s
|
||||
maxretry = 6
|
||||
|
||||
|
||||
|
|
@ -509,7 +509,7 @@ maxretry = 6
|
|||
# if you want to rely on PAM failed login attempts
|
||||
# vsftpd's failregex should match both of those formats
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = /var/log/vsftpd.log
|
||||
logpath = %(vsftpd_log)s
|
||||
|
||||
|
||||
# Do not ban anybody. Just report information about the remote host.
|
||||
|
|
@ -518,7 +518,7 @@ logpath = /var/log/vsftpd.log
|
|||
|
||||
filter = vsftpd
|
||||
action = sendmail-whois[name=VSFTPD, dest=you@example.com]
|
||||
logpath = /var/log/vsftpd.log
|
||||
logpath = %(vsftpd_log)s
|
||||
maxretry = 5
|
||||
bantime = 1800
|
||||
|
||||
|
|
@ -528,7 +528,7 @@ bantime = 1800
|
|||
|
||||
filter = vsftpd
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = /var/log/syslog
|
||||
logpath = %(syslog_ftp)s
|
||||
maxretry = 5
|
||||
bantime = 1800
|
||||
|
||||
|
|
@ -546,13 +546,13 @@ logpath = /root/path/to/assp/logs/maillog.txt
|
|||
[courier-smtp]
|
||||
|
||||
port = smtp,465,submission
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(syslog_mail)s
|
||||
|
||||
|
||||
[postfix]
|
||||
|
||||
port = smtp,465,submission
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(postfix_log)s
|
||||
|
||||
|
||||
[qmail-rbl]
|
||||
|
|
@ -569,13 +569,13 @@ logpath = /service/qmail/log/main/current
|
|||
filter = postfix
|
||||
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
|
||||
sendmail[name=Postfix, dest=you@example.com]
|
||||
logpath = /var/log/postfix.log
|
||||
logpath = %(postfix_log)s
|
||||
bantime = 300
|
||||
|
||||
|
||||
[sendmail-spam]
|
||||
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(syslog_mail_warn)s
|
||||
|
||||
|
||||
# dovecot defaults to logging to the mail syslog facility
|
||||
|
|
@ -583,26 +583,26 @@ logpath = /var/log/mail.log
|
|||
[dovecot]
|
||||
|
||||
port = pop3,pop3s,imap,imaps,submission,465,sieve
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(syslog_mail_warn)s
|
||||
|
||||
|
||||
[dovecot-auth]
|
||||
|
||||
filter = dovecot
|
||||
port = pop3,pop3s,imap,imaps,submission,465,sieve
|
||||
logpath = /var/log/secure
|
||||
logpath = %(dovecot_log)s
|
||||
|
||||
|
||||
[sieve]
|
||||
|
||||
port = smtp,465,submission
|
||||
logpath = /var/log/mail*log
|
||||
logpath = %(dovecot_log)s
|
||||
|
||||
|
||||
[solid-pop3d]
|
||||
|
||||
port = pop3,pop3s
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(solidpop3d_log)s
|
||||
|
||||
|
||||
[exim]
|
||||
|
|
@ -629,7 +629,7 @@ logpath = /opt/kerio/mailserver/store/logs/security.log
|
|||
[courier-auth]
|
||||
|
||||
port = smtp,465,submission,imap3,imaps,pop3,pop3s
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(syslog_mail)s
|
||||
|
||||
|
||||
[postfix-sasl]
|
||||
|
|
@ -638,7 +638,7 @@ port = smtp,465,submission,imap3,imaps,pop3,pop3s
|
|||
# You might consider monitoring /var/log/mail.warn instead if you are
|
||||
# running postfix since it would provide the same log lines at the
|
||||
# "warn" level but overall at the smaller filesize.
|
||||
logpath = /var/log/mail.log
|
||||
logpath = %(postfix_log)s
|
||||
|
||||
|
||||
[perdition]
|
||||
|
|
@ -656,13 +656,13 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
|
|||
[cyrus-imap]
|
||||
|
||||
port = imap3,imaps
|
||||
logpath = /var/log/mail*log
|
||||
logpath = %(syslog_mail)s
|
||||
|
||||
|
||||
[uwimap-auth]
|
||||
|
||||
port = imap3,imaps
|
||||
logpath = /var/log/mail*log
|
||||
logpath = %(syslog_mail)s
|
||||
|
||||
|
||||
#
|
||||
|
|
@ -768,7 +768,7 @@ maxretry = 5
|
|||
|
||||
port = 3306
|
||||
filter = mysqld-auth
|
||||
logpath = /var/log/daemon.log
|
||||
logpath = %(syslog_daemon)s
|
||||
maxretry = 5
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue