You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fail2ban/config/fail2ban.conf.default

97 lines
2.7 KiB

# Fail2Ban configuration file
#
# $Revision$
[DEFAULT]
# firewall: select the firewall system to use. Actually,
# the available options are: iptables, ipfwadm, ipfw
firewall = iptables
# ipfw-start-rule: set the first rule number used by Fail2Ban.
# This option is only used if firewall = ipfw.
ipfw-start-rule = 100
# background: true to start fail2ban as a daemon. Output
# is redirect to logfile.
background = false
# debug: true to enable debug mode. More verbose output
# and bypass root user test.
debug = false
# pidlock: the path of the PID lock file. Fail2Ban must be
# able to write into that file.
#pidlock = /var/run/fail2ban.pid
# logfile: the path of the file for logging messages of
# fail2ban.
logfile = /var/log/fail2ban.log
# maxretry: the number of retry before IP gets ban.
maxretry = 3
# bantime: the number of seconds an IP will be ban.
bantime = 600
# ignoreip: a space separated list that contains IP which
# will be ignore by fail2ban. Example:
# ignoreip = 192.168.0.1 123.45.235.65
ignoreip =
# interface: the interface name on which the IP will be
# banned.
interface = eth0
# polltime: the number of seconds that fail2ban sleeps
# between two iteration (check for IP to unban - parse
# log file). 1 is a good value.
polltime = 1
# You can define a new section for each log file to check for
# password failure. Each section has to define the following
# options: logfile, timeregex, timepattern, failregex.
[Apache]
# enabled: is this section active ?
enabled = true
# logfile: file to monitor.
logfile = log-test/apache
# timeregex: regular expression which have to match the
# timestamp of an Apache log event.
# [Wed Jan 05 15:08:01 2005]
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
# timepattern: indicates the "timeregex" fields signification.
# Notice that '%' must be espaced with '%'.
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
# failregex: regular expression which have to match the
# message written in the log file in case of password failure.
failregex = authentication failure|user .* not found
[SSH]
# enabled: is this section active ?
enabled = true
# logfile: file to monitor.
logfile = log-test/current
# timeregex: regular expression which have to match the
# timestamp of an Apache log event.
# Mar 7 17:53:28
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
# timepattern: indicates the "timeregex" fields signification.
# Notice that '%' must be espaced with '%'.
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
timepattern = %%b %%d %%H:%%M:%%S
# failregex: regular expression which have to match the
# message written in the log file in case of password failure.
failregex = Authentication failure|Failed password