fail2ban/config/fail2ban.conf.default

144 lines
3.9 KiB
Plaintext

# Fail2Ban configuration file
#
# $Revision: 1.8 $
#
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de
[DEFAULT]
# Option: firewall
# Notes.: select the firewall system to use.
# Values: [iptables | ipfwadm | ipfw] Default: iptables
#
firewall = iptables
# Option: ipfw-start-rule
# Notes.: set first firewall rule number used (only used if firewall = ipfw).
# Values: NUM Default: 100
#
ipfw-start-rule = 100
# Option: background
# Notes.: start fail2ban as a daemon. Output is redirect to logfile.
# Values: [true | false] Default: false
#
background = true
# Option: debug
# Notes.: enable debug mode. More verbose output and bypass root user test.
# Values: [true | false] Default: false
#
debug = false
# Option: pidlock
# Notes.: path of the PID lock file (must be able to write to file).
# Values: FILE Default: /var/run/fail2ban.pid
#
pidlock = /var/run/fail2ban.pid
# Option: logfile
# Notes.: logfile for logging fail2ban messages.
# Values: FILE Default: /var/log/fail2ban.log
#
logfile = /var/log/fail2ban.log
# Option: maxretry
# Notes.: number of retrys before IP gets banned.
# Values: NUM Default: 3
#
maxretry = 5
# Option: bantime
# Notes.: number of seconds an IP will be banned.
# Values: NUM Default: 600
#
bantime = 600
# Option: ignoreip
# Notes.: space separated list of IP's to be ignored by fail2ban
# Example: ignoreip = 192.168.0.1 123.45.235.65
# Values: IP Default:
#
ignoreip =
# Option: interface
# Notes.: interface name on which the IP will be banned.
# Values: INT Default: eth0
#
interface = eth0
# Option: polltime
# Notes.: number of seconds fail2ban sleeps between iterations.
# Values: NUM Default: 1
#
polltime = 1
# You can define a new section for each log file to check for
# password failure. Each section has to define the following
# options: logfile, timeregex, timepattern, failregex.
[Apache]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = false
# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/apache/access.log
#
logfile = /var/log/apache/access.log
# Option: timeregex
# Notes.: regex to match timestamp in Apache logfile.
# Values: [Wed Jan 05 15:08:01 2005]
# Default \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
#
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%a %%b %%d %%H:%%M:%%S %%Y
#
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile.
# Values: TEXT Default: authentication failure|user .* not found
#
failregex = authentication failure|user .* not found
[SSH]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: true
#
enabled = true
# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/auth.log
#
logfile = /var/log/auth.log
# Option: timeregex
# Notes.: regex to match timestamp in SSH logfile.
# Values: [Mar 7 17:53:28]
# Default \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
failregex = Authentication failure|Failed password|Invalid user|Illegal user|Failed keyboard-interactive