mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.7 KiB
97 lines
2.7 KiB
# Fail2Ban configuration file
|
|
#
|
|
# $Revision$
|
|
|
|
[DEFAULT]
|
|
|
|
# firewall: select the firewall system to use. Actually,
|
|
# the available options are: iptables, ipfwadm, ipfw
|
|
firewall = iptables
|
|
|
|
# ipfw-start-rule: set the first rule number used by Fail2Ban.
|
|
# This option is only used if firewall = ipfw.
|
|
ipfw-start-rule = 100
|
|
|
|
# background: true to start fail2ban as a daemon. Output
|
|
# is redirect to logfile.
|
|
background = false
|
|
|
|
# debug: true to enable debug mode. More verbose output
|
|
# and bypass root user test.
|
|
debug = false
|
|
|
|
# pidlock: the path of the PID lock file. Fail2Ban must be
|
|
# able to write into that file.
|
|
#pidlock = /var/run/fail2ban.pid
|
|
|
|
# logfile: the path of the file for logging messages of
|
|
# fail2ban.
|
|
logfile = /var/log/fail2ban.log
|
|
|
|
# maxretry: the number of retry before IP gets ban.
|
|
maxretry = 3
|
|
|
|
# bantime: the number of seconds an IP will be ban.
|
|
bantime = 600
|
|
|
|
# ignoreip: a space separated list that contains IP which
|
|
# will be ignore by fail2ban. Example:
|
|
# ignoreip = 192.168.0.1 123.45.235.65
|
|
ignoreip =
|
|
|
|
# interface: the interface name on which the IP will be
|
|
# banned.
|
|
interface = eth0
|
|
|
|
# polltime: the number of seconds that fail2ban sleeps
|
|
# between two iteration (check for IP to unban - parse
|
|
# log file). 1 is a good value.
|
|
polltime = 1
|
|
|
|
# You can define a new section for each log file to check for
|
|
# password failure. Each section has to define the following
|
|
# options: logfile, timeregex, timepattern, failregex.
|
|
|
|
[Apache]
|
|
# enabled: is this section active ?
|
|
enabled = true
|
|
|
|
# logfile: file to monitor.
|
|
logfile = log-test/apache
|
|
|
|
# timeregex: regular expression which have to match the
|
|
# timestamp of an Apache log event.
|
|
# [Wed Jan 05 15:08:01 2005]
|
|
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
|
|
|
|
# timepattern: indicates the "timeregex" fields signification.
|
|
# Notice that '%' must be espaced with '%'.
|
|
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
|
|
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
|
|
|
|
# failregex: regular expression which have to match the
|
|
# message written in the log file in case of password failure.
|
|
failregex = authentication failure|user .* not found
|
|
|
|
[SSH]
|
|
# enabled: is this section active ?
|
|
enabled = true
|
|
|
|
# logfile: file to monitor.
|
|
logfile = log-test/current
|
|
|
|
# timeregex: regular expression which have to match the
|
|
# timestamp of an Apache log event.
|
|
# Mar 7 17:53:28
|
|
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
|
|
# timepattern: indicates the "timeregex" fields signification.
|
|
# Notice that '%' must be espaced with '%'.
|
|
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
|
|
timepattern = %%b %%d %%H:%%M:%%S
|
|
|
|
# failregex: regular expression which have to match the
|
|
# message written in the log file in case of password failure.
|
|
failregex = Authentication failure|Failed password
|
|
|