# Fail2Ban configuration file
#
# $Revision: 1.8 $
#
# 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de

[DEFAULT]
# Option:  firewall
# Notes.:  select the firewall system to use.
# Values:  [iptables | ipfwadm | ipfw]  Default:  iptables
#
firewall = iptables

# Option:  ipfw-start-rule
# Notes.:  set first firewall rule number used (only used if firewall = ipfw).
# Values:  NUM  Default:  100
#
ipfw-start-rule = 100

# Option:  background
# Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
# Values:  [true | false]  Default:  false
#
background = true

# Option:  debug
# Notes.:  enable debug mode. More verbose output and bypass root user test.
# Values:  [true | false]  Default:  false
#
debug = false

# Option:  pidlock
# Notes.:  path of the PID lock file (must be able to write to file).
# Values:  FILE  Default:  /var/run/fail2ban.pid
#
pidlock = /var/run/fail2ban.pid

# Option:  logfile
# Notes.:  logfile for logging fail2ban messages.
# Values:  FILE  Default:  /var/log/fail2ban.log
#
logfile = /var/log/fail2ban.log

# Option:  maxretry
# Notes.:  number of retrys before IP gets banned.
# Values:  NUM  Default:  3
#
maxretry = 5

# Option:  bantime
# Notes.:  number of seconds an IP will be banned.
# Values:  NUM  Default:  600
#
bantime = 600

# Option:  ignoreip
# Notes.:  space separated list of IP's to be ignored by fail2ban
#          Example:  ignoreip = 192.168.0.1 123.45.235.65
# Values:  IP  Default:  
#
ignoreip = 

# Option:  interface
# Notes.:  interface name on which the IP will be banned.
# Values:  INT  Default:  eth0
#
interface = eth0

# Option:  polltime
# Notes.:  number of seconds fail2ban sleeps between iterations.
# Values:  NUM  Default:  1
#
polltime = 1

# You can define a new section for each log file to check for
# password failure. Each section has to define the following
# options: logfile, timeregex, timepattern, failregex.

[Apache]
# Option:  enabled
# Notes.:  enable monitoring for this section.
# Values:  [true | false]  Default:  false
#
enabled = false

# Option:  logfile
# Notes.:  logfile to monitor.
# Values:  FILE  Default:  /var/log/apache/access.log
#
logfile = /var/log/apache/access.log

# Option:  timeregex
# Notes.:  regex to match timestamp in Apache logfile.
# Values:  [Wed Jan 05 15:08:01 2005]  
# Default  \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
#
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}

# Option:  timepattern
# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
#
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y

# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile.
# Values:  TEXT  Default:  authentication failure|user .* not found
#
failregex = authentication failure|user .* not found

[SSH]
# Option:  enabled
# Notes.:  enable monitoring for this section.
# Values:  [true | false]  Default:  true
#
enabled = true

# Option:  logfile
# Notes.:  logfile to monitor.
# Values:  FILE  Default:  /var/log/auth.log
#
logfile = /var/log/auth.log

# Option:  timeregex
# Notes.:  regex to match timestamp in SSH logfile.
# Values:  [Mar  7 17:53:28]  
# Default  \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option:  timepattern
# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile.
# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
#
failregex = Authentication failure|Failed password|Invalid user|Illegal user|Failed keyboard-interactive