1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# Fail2Ban configuration file.
#
# This file was composed for Debian systems from the original one
# provided now under /usr/share/doc/fail2ban/examples/jail.conf
# for additional examples.
#
# To avoid merges during upgrades DO NOT MODIFY THIS FILE
# and rather provide your changes in /etc/fail2ban/jail.local
#
# Author: Yaroslav O. Halchenko <debian@onerussian.com>
#
# $Revision: 281 $
#
# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
bantime = 600
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
# This issue left ToDo, so polling is default backend for now
backend = polling
#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost
# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]
# Following actions can be chosen as an alternatives to the above action.
# To activate, just copy/paste+uncomment chosen 2 (excluding comments) lines
# into jail.local
# Default action to take: ban & send an e-mail with whois report
# to the destemail.
# action = iptables[name=%(__name__)s, port=%(port)s]
# mail-whois[name=%(__name__)s, dest=%(destemail)s]
# Default action to take: ban & send an e-mail with whois report
# and relevant log lines to the destemail.
# action = iptables[name=%(__name__)s, port=%(port)s]
# mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
# Next jails corresponds to the standard configuration in Fail2ban 0.6
# which was shipped in Debian. Please enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true
#
# in /etc/fail2ban/jail.local.
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
#
# HTTP servers
#
[apache]
enabled = false
port = http
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6
[apache-noscript]
enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
#
# FTP servers
#
[vsftpd]
enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 6
[proftpd]
enabled = false
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[wuftpd]
enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6
#
# Mail servers
#
[postfix]
enabled = false
port = smtp
filter = postfix
logpath = /var/log/postfix.log
[couriersmtp]
enabled = false
port = smtp
filter = couriersmtp
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp
filter = sasl
logpath = /var/log/mail.log
|
