github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

DOC: init -> Init, defination -> Defination. Improved intro

pull/143/merge^2
Daniel Black 2013-03-23 09:17:40 +11:00
parent 8ce986e9f9
commit 847c474b11
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
man/jail.conf.5
View File

@ -12,14 +12,20 @@ Fail2ban has three configuration file types. Action files are the commands for b
Filter files tell fail2ban how authentication failures occur, and Jail configurations that map the two together. Filter files tell fail2ban how authentication failures occur, and Jail configurations that map the two together.
There are *.conf files that are distributed by fail2ban and *.local file that contain user overwritten files. There are *.conf files that are distributed by fail2ban and *.local file that contain user overwritten files.
It is recommend that *.conf files are not changed. *.local files are where users overwrite their default settings. It is recommended that *.conf files are not changed. *.local files are where users overwrite their default settings.
For instance if you require the default [ssh-iptables-ipset] jail create a jail.local with The jail.conf file is For instance if you require the default [ssh-iptables-ipset] jail create a jail.local to extend jail.conf (
the configuration for the fail2ban server. Only overwride the settings you need to change and the rest come from the configuration for the fail2ban server). The jail.local file will be the following if you only need to enable
the default *.conf file. it:
.TP
\fBjail.local\fR
[ssh-iptables-ipset] [ssh-iptables-ipset]
enabled = true enabled = true
.TP
Only overwride the settings you need to change and the rest of the configuration comes from the corresponding
*.conf file.
.SH DEFAULT .SH DEFAULT
The following options are applicable to all jails. Their meaning is in the default jail.conf file. The following options are applicable to all jails. Their meaning is in the default jail.conf file.
@ -42,16 +48,16 @@ Action files specify which commands are executed to ban an IP address. They are
Like jail.conf files if you desire local changes create a [actionname].local file in the /etc/fail2ban/action.d directory Like jail.conf files if you desire local changes create a [actionname].local file in the /etc/fail2ban/action.d directory
and override the required settings. and override the required settings.
The action files are ini files that have two sections, \fBdefination\fR and \fBinit\fR . The action files are ini files that have two sections, \fBDefination\fR and \fBInit\fR .
The [init] section allows for settings relevant to the action. In jail.conf/jail.local these can be overwritten for a particular jail. The [Init] section allows for settings relevant to the action. In jail.conf/jail.local these can be overwritten for a particular jail.
The commands are specified in the [defination] section as below.. The commands are specified in the [Defination] section as below..
The commands are executed through a system shell so shell redirection and process control is allowed. The commands should The commands are executed through a system shell so shell redirection and process control is allowed. The commands should
return 0 to indicate success which will prevent fail2ban attempting to retry (up to \fBmaxretry\fR times to ban the IP again. return 0 to indicate success which will prevent fail2ban attempting to retry (up to \fBmaxretry\fR times to ban the IP again.
The following action parameters are in the [defination] section. The following action parameters are in the [Defination] section.
.TP .TP
\fBactionstart\fR \fBactionstart\fR
This is the commands that are executed when the jail starts. This is the commands that are executed when the jail starts.
@ -68,7 +74,7 @@ This is the command that bans the IP address.
\fBactionunban\fR \fBactionunban\fR
This is the command that unbans the IP address after \fBbantime\fR. This is the command that unbans the IP address after \fBbantime\fR.
Tags are in <>. All the elements of [init] are tags that are replaced in all action commands. Tags can be added by the Tags are in <>. All the elements of [Init] are tags that are replaced in all action commands. Tags can be added by the
\fBfail2ban-client\fR using the setctag command. \fBfail2ban-client\fR using the setctag command.
More that one command is allowed. Each command needs to be on a new line and indented with whitespace with no blank lines. The following defines More that one command is allowed. Each command needs to be on a new line and indented with whitespace with no blank lines. The following defines
@ -101,7 +107,7 @@ These are used to identify failed authenicate attempts in logs and to extract th
Like action files, filter files are ini files. The main section is the [Definition] section. Like action files, filter files are ini files. The main section is the [Definition] section.
There are two filter definations used in the [defination] section, failregex and ignoreregex. There are two filter definations used in the [Defination] section, failregex and ignoreregex.
Other definations are allowed and can be used to substitue into other definations with %(defnname). For example. Other definations are allowed and can be used to substitue into other definations with %(defnname). For example.
baduseragents = IE|wget baduseragents = IE|wget
@ -124,11 +130,11 @@ Filters can also have a section called [INCLUDES]. This is used to read other co
.TP .TP
\fBbefore\fR \fBbefore\fR
indicates that this file is read before the [defination] section. indicates that this file is read before the [Defination] section.
.TP .TP
\fBafter\fR \fBafter\fR
indicates that this file is read after the [defination] section. indicates that this file is read after the [Defination] section.
.SH AUTHOR .SH AUTHOR
Fail2ban Written by Cyril Jaquier <cyril.jaquier@fail2ban.org> with many contributions by Yaroslav O. Halchenko <debian@onerussian.com>. Fail2ban Written by Cyril Jaquier <cyril.jaquier@fail2ban.org> with many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.