From 85a4881a9a818b6a746109f74980919296eedad0 Mon Sep 17 00:00:00 2001 From: sebres Date: Fri, 26 Apr 2024 00:25:19 +0200 Subject: [PATCH] content of `debian-files/jail.d_defaults-debian.conf` (banactions only and systemd for sshd) moved to `paths-debian.conf`; remove default backend (systemd) - too dangerous for all jails, because it's hardly to find an error if some jail mistakenly start to monitor journal instead of logfile (even if it exists), but will silently find nothing; sshd jail disabled by default - user have to enable jails in jail.local or jail.d --- config/paths-debian.conf | 5 +++++ debian/debian-files/jail.d_defaults-debian.conf | 7 ------- 2 files changed, 5 insertions(+), 7 deletions(-) delete mode 100644 debian/debian-files/jail.d_defaults-debian.conf diff --git a/config/paths-debian.conf b/config/paths-debian.conf index 1f5ea37d..f3bf4ff0 100644 --- a/config/paths-debian.conf +++ b/config/paths-debian.conf @@ -9,6 +9,11 @@ after = paths-overrides.local [DEFAULT] +banaction = nftables +banaction_allports = nftables[type=allports] + +sshd_backend = systemd + syslog_mail = /var/log/mail.log # control the `mail.warn` setting, see `/etc/rsyslog.d/50-default.conf` (if commented `mail.*` wins). diff --git a/debian/debian-files/jail.d_defaults-debian.conf b/debian/debian-files/jail.d_defaults-debian.conf deleted file mode 100644 index d0d52ae8..00000000 --- a/debian/debian-files/jail.d_defaults-debian.conf +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -banaction = nftables -banaction_allports = nftables[type=allports] -backend = systemd - -[sshd] -enabled = true