ENH: jail cleanup and fill in missing for 0.9

2014-01-07 09:34:39 +11:00 · 2014-01-07 09:34:39 +11:00 · a31c76f126
parent bc5809ead0
commit a31c76f126
1 changed files with 116 additions and 39 deletions
--- a/config/jail.conf
+++ b/config/jail.conf
@ -290,9 +290,9 @@ filter   = sshd
 action   = bsd-ipfw[port=ssh,table=1]
 logpath  = /var/log/auth.log

-# PF is a BSD based firewall
-[sshd-pf]

+[sshd-pf]
+# PF is a BSD based firewall
 filter  = sshd
 action  = pf
 logpath = /var/log/sshd.log
@ -313,6 +313,7 @@ filter   = sshd
 action   = osx-afctl[bantime=600]
 logpath  = /var/log/secure.log
 maxretry = 5
+
 #
 # HTTP servers
 #
@ -322,14 +323,13 @@ maxretry = 5
 port     = http,https
 logpath  = /var/log/apache*/*error.log

-# Ban hosts which agent identifies spammer robots crawling the web
-# for email addresses. The mail outputs are buffered.

 [apache-badbots]
-
+# Ban hosts which agent identifies spammer robots crawling the web
+# for email addresses. The mail outputs are buffered.
 port     = http,https
 logpath  = /var/log/apache*/*access.log
-		   /var/www/*/logs/access_log
+          /var/www/*/logs/access_log
 bantime  = 172800
 maxretry = 1

@ -345,6 +345,15 @@ maxretry = 6

 port     = http,https
 logpath  = /var/log/apache*/*error.log
+          /var/www/*/logs/error_log
+maxretry = 2
+
+
+[apache-nohome]
+
+port     = http,https
+logpath  = /var/log/apache*/*error.log
+          /var/www/*/logs/error_log
 maxretry = 2


@ -352,6 +361,7 @@ maxretry = 2

 port     = http,https
 logpath  = /var/log/apache*/*error.log
+          /var/www/*/logs/error_log
 maxretry = 2


@ -370,20 +380,24 @@ logpath = /var/log/nginx/error.log
 port    = http,https
 logpath = /var/www/*/logs/access_log

+
 [suhosin]

-filter  = suhosin
-# Same as above for mod_auth
-# It catches wrong authentifications
-logpath = /var/log/lighttpd/error.log
-
-
-[lighttpd-auth]
-
 port    = http,https
 logpath = /var/log/lighttpd/error.log


+[lighttpd-auth]
+# Same as above for Apache's mod_auth
+# It catches wrong authentifications
+port    = http,https
+logpath = /var/log/lighttpd/error.log
+
+
+#
+# Webmail and groupware servers
+#
+
 [roundcube-auth]

 port     = http,https
@ -392,23 +406,35 @@ logpath  = /var/log/roundcube/userlogins

 [openwebmail]

-port     = http,https
+port     = http,https`
 logpath  = /var/log/openwebmail.log`

+
+[horde]
+
+port     = http,https
+logpath  = /var/log/horde/horde.log
+
+
+[groupoffice]
+
+port     = http,https
+logpath  = /home/groupoffice/log/info.log
+
+
 [sogo-auth]
 # Monitor SOGo groupware server
 # without proxy this would be:
 # port    = 20000
-
 port     = http,https
 logpath  = /var/log/sogo/sogo.log


-[3proxy]
-
-port    = 3128
-logpath = /var/log/3proxy.log

+#
+# Web Applications
+#
+#

 [guacamole]

@ -422,43 +448,61 @@ port    = 10000
 logpath = /var/log/auth.log


-# ... custom jails
+#
+# HTTP Proxy servers
+#
+#

-# This jail demonstrates the use of wildcards in "logpath".
-# Moreover, it is possible to give other files on a new line.
-[apache-tcpwrapper]
+[squid]

-filter	 = apache-auth
-action   = hostsdeny
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
+port     =  80,443,3128,8080
+logpath = /var/log/squid/access.log
+
+
+[3proxy]
+
+port    = 3128
+logpath = /var/log/3proxy.log

 #
 # FTP servers
 #


-# The hosts.deny path can be defined with the "file" argument if it is
-# not in /etc.
 [proftpd]

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = /var/log/proftpd/proftpd.log

+
 [pure-ftpd]

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = /var/log/auth.log
 maxretry = 6

-[vsftpd]
+
+[gssftpd-iptables]

 port     = ftp,ftp-data,ftps,ftps-data
-logpath  = /var/log/vsftpd.log
+logpath  = /var/log/daemon.log
+maxretry = 6
+
+
+[wuftpd]
+
+port     = ftp,ftp-data,ftps,ftps-data
+logpath  = /var/log/daemon.log
+maxretry = 6
+
+
+[vsftpd]
 # or overwrite it in jails.local to be
 # logpath = /var/log/auth.log
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
+port     = ftp,ftp-data,ftps,ftps-data
+logpath  = /var/log/vsftpd.log


 # Do not ban anybody. Just report information about the remote host.
@ -488,22 +532,30 @@ bantime  = 1800
 # ASSP SMTP Proxy Jail
 [assp]

-port     = smtp,ssmtp,submission
+port     = smtp,465,submission
 logpath  = /root/path/to/assp/logs/maillog.txt


 [courier-smtp]

-port     = smtp,ssmtp,submission
+port     = smtp,465,submission
 logpath  = /var/log/mail.log


 [postfix]

-port     = smtp,ssmtp,submission
+port     = smtp,465,submission
 logpath  = /var/log/mail.log


+[qmail-rbl]
+
+port     = smtp,465,submission
+logpath = /service/qmail/log/main/current
+
+
+# The hosts.deny path can be defined with the "file" argument if it is
+# not in /etc.
 [postfix-tcpwrapper]

 filter   = postfix
@ -532,6 +584,12 @@ port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = /var/log/secure


+[sieve]
+
+port   = smtp,465,submission
+logpath = /var/log/mail*log
+
+
 [solid-pop3d]

 port    = pop3,pop3s
@ -540,12 +598,12 @@ logpath = /var/log/mail.log

 [exim]

-port   = smtp,ssmtp,submission
+port   = smtp,465,submission
 logpath = /var/log/exim/mainlog


 [exim-spam]
-port   = smtp,ssmtp,submission
+port   = smtp,465,submission
 logpath = /var/log/exim/mainlog


@ -556,13 +614,13 @@ logpath = /var/log/exim/mainlog

 [courier-auth]

-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+port     = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s
 logpath  = /var/log/mail.log


 [postfix-sasl]

-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+port     = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
@ -574,6 +632,13 @@ logpath  = /var/log/mail.log
 port   = imap2,imap3,imaps,pop3,pop3s
 logpath = /var/log/maillog

+
+[cyrus-imap]
+
+port   = imap3,imaps
+logpath = /var/log/mail*log
+
+
 #
 # DNS servers
 #
@ -604,6 +669,15 @@ logpath = /var/log/maillog
 port     = domain,953
 logpath  = /var/log/named/security.log

+
+[nsd]
+
+port     = 53
+action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
+           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
+logpath = /var/log/nsd.log
+
+
 #
 # Miscelaneous
 #
@ -617,6 +691,7 @@ action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp",
 logpath  = /var/log/asterisk/messages
 maxretry = 10

+
 #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
 #  use [asterisk] for new jails
 [asterisk-tcp]
@ -689,3 +764,5 @@ logpath  = /var/log/auth.log
 banaction = iptables-multiport-log
 logpath   = /var/log/daemon.log
 maxretry  = 2
+
+