github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: jail cleanup and fill in missing for 0.9

pull/568/head
Daniel Black 2014-01-07 09:34:39 +11:00
parent bc5809ead0
commit a31c76f126
1 changed files with 116 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
config/jail.conf
View File

@ -290,9 +290,9 @@ filter = sshd
action = bsd-ipfw[port=ssh,table=1] action = bsd-ipfw[port=ssh,table=1]
logpath = /var/log/auth.log logpath = /var/log/auth.log
# PF is a BSD based firewall
[sshd-pf]
[sshd-pf]
# PF is a BSD based firewall
filter = sshd filter = sshd
action = pf action = pf
logpath = /var/log/sshd.log logpath = /var/log/sshd.log
@ -313,6 +313,7 @@ filter = sshd
action = osx-afctl[bantime=600] action = osx-afctl[bantime=600]
logpath = /var/log/secure.log logpath = /var/log/secure.log
maxretry = 5 maxretry = 5
# #
# HTTP servers # HTTP servers
# #
@ -322,14 +323,13 @@ maxretry = 5
port = http,https port = http,https
logpath = /var/log/apache*/*error.log logpath = /var/log/apache*/*error.log
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
[apache-badbots] [apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
port = http,https port = http,https
logpath = /var/log/apache*/*access.log logpath = /var/log/apache*/*access.log
/var/www/*/logs/access_log /var/www/*/logs/access_log
bantime = 172800 bantime = 172800
maxretry = 1 maxretry = 1
@ -345,6 +345,15 @@ maxretry = 6
port = http,https port = http,https
logpath = /var/log/apache*/*error.log logpath = /var/log/apache*/*error.log
/var/www/*/logs/error_log
maxretry = 2
[apache-nohome]
port = http,https
logpath = /var/log/apache*/*error.log
/var/www/*/logs/error_log
maxretry = 2 maxretry = 2
@ -352,6 +361,7 @@ maxretry = 2
port = http,https port = http,https
logpath = /var/log/apache*/*error.log logpath = /var/log/apache*/*error.log
/var/www/*/logs/error_log
maxretry = 2 maxretry = 2
@ -370,20 +380,24 @@ logpath = /var/log/nginx/error.log
port = http,https port = http,https
logpath = /var/www/*/logs/access_log logpath = /var/www/*/logs/access_log
[suhosin] [suhosin]
filter = suhosin
# Same as above for mod_auth
# It catches wrong authentifications
logpath = /var/log/lighttpd/error.log
[lighttpd-auth]
port = http,https port = http,https
logpath = /var/log/lighttpd/error.log logpath = /var/log/lighttpd/error.log
[lighttpd-auth]
# Same as above for Apache's mod_auth
# It catches wrong authentifications
port = http,https
logpath = /var/log/lighttpd/error.log
#
# Webmail and groupware servers
#
[roundcube-auth] [roundcube-auth]
port = http,https port = http,https
@ -392,23 +406,35 @@ logpath = /var/log/roundcube/userlogins
[openwebmail] [openwebmail]
port = http,https port = http,https`
logpath = /var/log/openwebmail.log` logpath = /var/log/openwebmail.log`
[horde]
port = http,https
logpath = /var/log/horde/horde.log
[groupoffice]
port = http,https
logpath = /home/groupoffice/log/info.log
[sogo-auth] [sogo-auth]
# Monitor SOGo groupware server # Monitor SOGo groupware server
# without proxy this would be: # without proxy this would be:
# port = 20000 # port = 20000
port = http,https port = http,https
logpath = /var/log/sogo/sogo.log logpath = /var/log/sogo/sogo.log
[3proxy]
port = 3128
logpath = /var/log/3proxy.log
#
# Web Applications
#
#
[guacamole] [guacamole]
@ -422,43 +448,61 @@ port = 10000
logpath = /var/log/auth.log logpath = /var/log/auth.log
# ... custom jails #
# HTTP Proxy servers
#
#
# This jail demonstrates the use of wildcards in "logpath". [squid]
# Moreover, it is possible to give other files on a new line.
[apache-tcpwrapper]
filter = apache-auth port = 80,443,3128,8080
action = hostsdeny logpath = /var/log/squid/access.log
logpath = /var/log/apache*/*error.log
maxretry = 6
[3proxy]
port = 3128
logpath = /var/log/3proxy.log
# #
# FTP servers # FTP servers
# #
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[proftpd] [proftpd]
port = ftp,ftp-data,ftps,ftps-data port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/proftpd/proftpd.log logpath = /var/log/proftpd/proftpd.log
[pure-ftpd] [pure-ftpd]
port = ftp,ftp-data,ftps,ftps-data port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/auth.log logpath = /var/log/auth.log
maxretry = 6 maxretry = 6
[vsftpd]
[gssftpd-iptables]
port = ftp,ftp-data,ftps,ftps-data port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/vsftpd.log logpath = /var/log/daemon.log
maxretry = 6
[wuftpd]
port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/daemon.log
maxretry = 6
[vsftpd]
# or overwrite it in jails.local to be # or overwrite it in jails.local to be
# logpath = /var/log/auth.log # logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts # if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats # vsftpd's failregex should match both of those formats
port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/vsftpd.log
# Do not ban anybody. Just report information about the remote host. # Do not ban anybody. Just report information about the remote host.
@ -488,22 +532,30 @@ bantime = 1800
# ASSP SMTP Proxy Jail # ASSP SMTP Proxy Jail
[assp] [assp]
port = smtp,ssmtp,submission port = smtp,465,submission
logpath = /root/path/to/assp/logs/maillog.txt logpath = /root/path/to/assp/logs/maillog.txt
[courier-smtp] [courier-smtp]
port = smtp,ssmtp,submission port = smtp,465,submission
logpath = /var/log/mail.log logpath = /var/log/mail.log
[postfix] [postfix]
port = smtp,ssmtp,submission port = smtp,465,submission
logpath = /var/log/mail.log logpath = /var/log/mail.log
[qmail-rbl]
port = smtp,465,submission
logpath = /service/qmail/log/main/current
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper] [postfix-tcpwrapper]
filter = postfix filter = postfix
@ -532,6 +584,12 @@ port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = /var/log/secure logpath = /var/log/secure
[sieve]
port = smtp,465,submission
logpath = /var/log/mail*log
[solid-pop3d] [solid-pop3d]
port = pop3,pop3s port = pop3,pop3s
@ -540,12 +598,12 @@ logpath = /var/log/mail.log
[exim] [exim]
port = smtp,ssmtp,submission port = smtp,465,submission
logpath = /var/log/exim/mainlog logpath = /var/log/exim/mainlog
[exim-spam] [exim-spam]
port = smtp,ssmtp,submission port = smtp,465,submission
logpath = /var/log/exim/mainlog logpath = /var/log/exim/mainlog
@ -556,13 +614,13 @@ logpath = /var/log/exim/mainlog
[courier-auth] [courier-auth]
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s
logpath = /var/log/mail.log logpath = /var/log/mail.log
[postfix-sasl] [postfix-sasl]
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are # You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the # running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize. # "warn" level but overall at the smaller filesize.
@ -574,6 +632,13 @@ logpath = /var/log/mail.log
port = imap2,imap3,imaps,pop3,pop3s port = imap2,imap3,imaps,pop3,pop3s
logpath = /var/log/maillog logpath = /var/log/maillog
[cyrus-imap]
port = imap3,imaps
logpath = /var/log/mail*log
# #
# DNS servers # DNS servers
# #
@ -604,6 +669,15 @@ logpath = /var/log/maillog
port = domain,953 port = domain,953
logpath = /var/log/named/security.log logpath = /var/log/named/security.log
[nsd]
port = 53
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/nsd.log
# #
# Miscelaneous # Miscelaneous
# #
@ -617,6 +691,7 @@ action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp",
logpath = /var/log/asterisk/messages logpath = /var/log/asterisk/messages
maxretry = 10 maxretry = 10
# Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed ) # Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
# use [asterisk] for new jails # use [asterisk] for new jails
[asterisk-tcp] [asterisk-tcp]
@ -689,3 +764,5 @@ logpath = /var/log/auth.log
banaction = iptables-multiport-log banaction = iptables-multiport-log
logpath = /var/log/daemon.log logpath = /var/log/daemon.log
maxretry = 2 maxretry = 2