# Fail2Ban configuration file. # # This file was composed for Debian systems from the original one # provided now under /usr/share/doc/fail2ban/examples/jail.conf # for additional examples. # # To avoid merges during upgrades DO NOT MODIFY THIS FILE # and rather provide your changes in /etc/fail2ban/jail.local # # Author: Yaroslav O. Halchenko # # $Revision: 281 $ # # The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 bantime = 600 maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". # yoh: For some reason Debian shipped python-gamin didn't work as expected # This issue left ToDo, so polling is default backend for now backend = polling # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = root@localhost # Default action to take: ban only action = iptables[name=%(__name__)s, port=%(port)s] # Following actions can be chosen as an alternatives to the above action. # To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines # into jail.local # Default action to take: ban & send an e-mail with whois report # to the destemail. # action = iptables[name=%(__name__)s, port=%(port)s] # mail-whois[name=%(__name__)s, dest=%(destemail)s] # Default action to take: ban & send an e-mail with whois report # and relevant log lines to the destemail. # action = iptables[name=%(__name__)s, port=%(port)s] # mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s] # Next jails corresponds to the standard configuration in Fail2ban 0.6 # which was shipped in Debian. Please enable any defined here jail by including # # [SECTION_NAME] # enabled = true # # in /etc/fail2ban/jail.local. # [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 # # HTTP servers # [apache] enabled = false port = http filter = apache-auth logpath = /var/log/apache*/*access.log maxretry = 6 [apache-noscript] enabled = false port = http filter = apache-noscript logpath = /var/log/apache*/*error.log maxretry = 6 # # FTP servers # [vsftpd] enabled = false port = ftp filter = vsftpd logpath = /var/log/vsftpd.log # or overwrite it in jails.local to be # logpath = /var/log/auth.log # if you want to rely on PAM failed login attempts # vsftpd's failregex should match both of those formats maxretry = 6 [proftpd] enabled = false port = ftp filter = proftpd logpath = /var/log/proftpd/proftpd.log maxretry = 6 [wuftpd] enabled = false port = ftp filter = wuftpd logpath = /var/log/auth.log maxretry = 6 # # Mail servers # [postfix] enabled = false port = smtp filter = postfix logpath = /var/log/postfix.log [couriersmtp] enabled = false port = smtp filter = couriersmtp logpath = /var/log/mail.log [sasl] enabled = false port = smtp filter = sasl logpath = /var/log/mail.log