2015-07-02 09:19:37 +00:00
|
|
|
# Fail2Ban configuration file for Mail-in-a-Box
|
|
|
|
|
2015-12-07 13:45:59 +00:00
|
|
|
[DEFAULT]
|
|
|
|
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
|
|
|
# ping services over the public interface so we should whitelist that address of
|
|
|
|
# ours too. The string is substituted during installation.
|
|
|
|
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
|
|
|
|
2016-06-26 14:57:59 +00:00
|
|
|
action = %(action_mwl)s
|
|
|
|
|
2015-03-08 00:13:55 +00:00
|
|
|
# JAILS
|
2016-06-26 15:03:30 +00:00
|
|
|
# Uncomment actions out with proper addresses once blocklist.de is configured, I like to send it to two email addresses, in addition to blocklist.de
|
2015-03-08 00:13:55 +00:00
|
|
|
|
2015-07-02 15:55:43 +00:00
|
|
|
[ssh]
|
|
|
|
maxretry = 7
|
|
|
|
bantime = 3600
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=ssh, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
|
2015-03-08 00:13:55 +00:00
|
|
|
[ssh-ddos]
|
|
|
|
enabled = true
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=ssh-ddos, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2015-03-08 00:13:55 +00:00
|
|
|
|
|
|
|
[sasl]
|
|
|
|
enabled = true
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=sasl, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
|
|
|
|
|
|
|
|
[nginx]
|
|
|
|
|
|
|
|
enabled = true
|
|
|
|
filter = nginx-http-auth
|
|
|
|
port = http,https
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=nginx-http-auth, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
|
|
|
|
[nginx-badbots]
|
|
|
|
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = nginx-badbots
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=nginx-badbots, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
logpath = /var/log/nginx/access.log
|
|
|
|
maxretry = 2
|
2015-03-08 00:13:55 +00:00
|
|
|
|
|
|
|
[dovecot]
|
2016-06-26 14:57:59 +00:00
|
|
|
enabled = true
|
|
|
|
filter = dovecotimap
|
2015-07-06 12:44:53 +00:00
|
|
|
findtime = 30
|
|
|
|
maxretry = 20
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=dovecot, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 15:03:30 +00:00
|
|
|
logpath = /var/log/mail.log
|
2015-07-07 11:37:42 +00:00
|
|
|
|
|
|
|
[recidive]
|
|
|
|
enabled = true
|
|
|
|
maxretry = 10
|
2016-03-26 08:04:51 +00:00
|
|
|
action = iptables-allports[name=recidive]
|
2016-06-27 08:13:56 +00:00
|
|
|
sendmail-whois-lines[name=recidive, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
|
2016-03-26 12:37:33 +00:00
|
|
|
# In the recidive section of jail.conf the action contains:
|
|
|
|
#
|
|
|
|
# action = iptables-allports[name=recidive]
|
|
|
|
# sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
|
|
|
|
#
|
|
|
|
# The last line on the action will sent an email to the configured address. This mail will
|
|
|
|
# notify the administrator that someone has been repeatedly triggering one of the other jails.
|
|
|
|
# By default we don't configure this address and no action is required from the admin anyway.
|
|
|
|
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
|
|
|
|
# can't be delivered to fail2ban@$HOSTNAME.
|
2016-06-26 14:57:59 +00:00
|
|
|
|
|
|
|
# Copied from ChiefGyk's OwnCloud
|
2016-06-27 08:13:56 +00:00
|
|
|
[owncloud]
|
|
|
|
enabled = true
|
|
|
|
filter = owncloud
|
|
|
|
action = sendmail-whois-lines[name=owncloud, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
|
|
|
logpath = STORAGE_ROOT/owncloud/owncloud.log
|
|
|
|
maxretry = 20
|
|
|
|
findtime = 300
|
2016-06-26 14:57:59 +00:00
|
|
|
|
|
|
|
[miab-management]
|
|
|
|
enabled = true
|
|
|
|
filter = miab-management-daemon
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=miab-management, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
port = http,https
|
|
|
|
logpath = /var/log/syslog
|
|
|
|
maxretry = 20
|
|
|
|
findtime = 30
|
|
|
|
|
|
|
|
[miab-munin]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = miab-munin
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=miab-munin, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
logpath = /var/log/nginx/access.log
|
|
|
|
maxretry = 20
|
|
|
|
findtime = 30
|
|
|
|
|
|
|
|
[miab-postfix587]
|
|
|
|
enabled = true
|
|
|
|
port = 587
|
|
|
|
filter = miab-postfix-submission
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=miab-postfix-submission, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
logpath = /var/log/mail.log
|
|
|
|
maxretry = 20
|
|
|
|
findtime = 30
|
|
|
|
|
|
|
|
[miab-roundcube]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = miab-roundcube
|
2016-06-27 08:13:56 +00:00
|
|
|
action = sendmail-whois-lines[name=miab-roundcube, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
2016-06-26 14:57:59 +00:00
|
|
|
logpath = /var/log/roundcubemail/errors
|
|
|
|
maxretry = 20
|
|
|
|
findtime = 30
|
|
|
|
|