diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local index cbcaf817..661151b1 100644 --- a/conf/fail2ban/jail.local +++ b/conf/fail2ban/jail.local @@ -14,15 +14,15 @@ action = %(action_mwl)s [ssh] maxretry = 7 bantime = 3600 -# action = sendmail-whois-lines[name=ssh, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=ssh, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] [ssh-ddos] enabled = true -# action = sendmail-whois-lines[name=ssh-ddos, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=ssh-ddos, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] [sasl] enabled = true -# action = sendmail-whois-lines[name=sasl, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=sasl, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] [nginx] @@ -30,14 +30,14 @@ enabled = true enabled = true filter = nginx-http-auth port = http,https -# action = sendmail-whois-lines[name=nginx-http-auth, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=nginx-http-auth, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] [nginx-badbots] enabled = true port = http,https filter = nginx-badbots -# action = sendmail-whois-lines[name=nginx-badbots, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=nginx-badbots, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] logpath = /var/log/nginx/access.log maxretry = 2 @@ -46,14 +46,14 @@ enabled = true filter = dovecotimap findtime = 30 maxretry = 20 -# action = sendmail-whois-lines[name=dovecot, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=dovecot, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] logpath = /var/log/mail.log [recidive] enabled = true maxretry = 10 action = iptables-allports[name=recidive] -# sendmail-whois-lines[name=recidive, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] + sendmail-whois-lines[name=recidive, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] # In the recidive section of jail.conf the action contains: # @@ -67,19 +67,18 @@ action = iptables-allports[name=recidive] # can't be delivered to fail2ban@$HOSTNAME. # Copied from ChiefGyk's OwnCloud -# [owncloud] -# enabled = true -# filter = owncloud -# action = sendmail-whois-lines[name=owncloud, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] -# logpath = STORAGE_ROOT/owncloud/owncloud.log -# maxretry = 20 -# findtime = 300 -# bantime = 300 +[owncloud] +enabled = true +filter = owncloud +action = sendmail-whois-lines[name=owncloud, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] +logpath = STORAGE_ROOT/owncloud/owncloud.log +maxretry = 20 +findtime = 300 [miab-management] enabled = true filter = miab-management-daemon -# action = sendmail-whois-lines[name=miab-management, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=miab-management, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] port = http,https logpath = /var/log/syslog maxretry = 20 @@ -89,25 +88,16 @@ findtime = 30 enabled = true port = http,https filter = miab-munin -# action = sendmail-whois-lines[name=miab-munin, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=miab-munin, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] logpath = /var/log/nginx/access.log maxretry = 20 findtime = 30 -[miab-owncloud] -enabled = true -port = http,https -filter = miab-owncloud -# action = sendmail-whois-lines[name=miab-owncloud, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] -logpath = STORAGE_ROOT/owncloud/owncloud.log -maxretry = 20 -findtime = 120 - [miab-postfix587] enabled = true port = 587 filter = miab-postfix-submission -# action = sendmail-whois-lines[name=miab-postfix-submission, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=miab-postfix-submission, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] logpath = /var/log/mail.log maxretry = 20 findtime = 30 @@ -116,7 +106,7 @@ findtime = 30 enabled = true port = http,https filter = miab-roundcube -action = sendmail-whois-lines[name=miab-roundcube, dest="@.,@.,fail2ban@blocklist.de", sender=fail2ban@box.., sendername="Fail2Ban"] +action = sendmail-whois-lines[name=miab-roundcube, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"] logpath = /var/log/roundcubemail/errors maxretry = 20 findtime = 30 diff --git a/setup/system.sh b/setup/system.sh index 93470577..9b9b3530 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -311,6 +311,7 @@ restart_service resolvconf # ### Fail2Ban Service # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh +# ChiefGyk commented out a filter to use my own temporarily. May be removed later on line 322 cat conf/fail2ban/jail.local \ | sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ > /etc/fail2ban/jail.local @@ -318,7 +319,7 @@ cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf cp conf/fail2ban/nginx.conf /etc/fail2ban/filter.d/nginx.conf cp conf/fail2ban/miab-management-daemon.conf /etc/fail2ban/filter.d/miab-management-daemon.conf cp conf/fail2ban/miab-munin.conf /etc/fail2ban/filter.d/miab-munin.conf -cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf +#cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf cp conf/fail2ban/miab-postfix-submission.conf /etc/fail2ban/filter.d/miab-postfix-submission.conf cp conf/fail2ban/miab-roundcube.conf /etc/fail2ban/filter.d/miab-roundcube.conf cp conf/fail2ban/owncloud.conf /etc/fail2ban/filter.d/owncloud.conf