some fixes to fail2ban filters and jail.local

conf/fail2ban/jail.local

@@ -14,15 +14,15 @@ action = %(action_mwl)s
 [ssh]
 maxretry = 7
 bantime = 3600
-# action = sendmail-whois-lines[name=ssh, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=ssh, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 	
 [ssh-ddos]
 enabled  = true
-# action = sendmail-whois-lines[name=ssh-ddos, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=ssh-ddos, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 
 [sasl]
 enabled  = true
-# action   = sendmail-whois-lines[name=sasl, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action   = sendmail-whois-lines[name=sasl, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 
 
 [nginx]
@@ -30,14 +30,14 @@ enabled  = true
 enabled  = true
 filter   = nginx-http-auth
 port     = http,https
-# action   = sendmail-whois-lines[name=nginx-http-auth, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action   = sendmail-whois-lines[name=nginx-http-auth, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 
 [nginx-badbots]
 
 enabled  = true
 port     = http,https
 filter   = nginx-badbots
-# action   = sendmail-whois-lines[name=nginx-badbots, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action   = sendmail-whois-lines[name=nginx-badbots, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 logpath  = /var/log/nginx/access.log
 maxretry = 2
 
@@ -46,14 +46,14 @@ enabled  = true
 filter   = dovecotimap
 findtime = 30
 maxretry = 20
-# action   = sendmail-whois-lines[name=dovecot, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action   = sendmail-whois-lines[name=dovecot, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 logpath  = /var/log/mail.log
 
 [recidive]
 enabled  = true
 maxretry = 10
 action   = iptables-allports[name=recidive]
-#		sendmail-whois-lines[name=recidive, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+		sendmail-whois-lines[name=recidive, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 
 # In the recidive section of jail.conf the action contains:
 #
@@ -67,19 +67,18 @@ action   = iptables-allports[name=recidive]
 # can't be delivered to fail2ban@$HOSTNAME.
 
 # Copied from ChiefGyk's OwnCloud
-# [owncloud]
+[owncloud]
-# enabled = true
+enabled = true
-# filter = owncloud
+filter = owncloud
-# action = sendmail-whois-lines[name=owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=owncloud, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
-# logpath = STORAGE_ROOT/owncloud/owncloud.log
+logpath = STORAGE_ROOT/owncloud/owncloud.log
-# maxretry = 20
+maxretry = 20
-# findtime = 300
+findtime = 300
-# bantime = 300
 
 [miab-management]
 enabled = true
 filter = miab-management-daemon
-# action = sendmail-whois-lines[name=miab-management, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=miab-management, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 port = http,https
 logpath = /var/log/syslog
 maxretry = 20
@@ -89,25 +88,16 @@ findtime = 30
 enabled  = true
 port     = http,https
 filter   = miab-munin
-# action = sendmail-whois-lines[name=miab-munin, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=miab-munin, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 logpath  = /var/log/nginx/access.log
 maxretry = 20
 findtime = 30
 
-[miab-owncloud]
-enabled  = true
-port     = http,https
-filter   = miab-owncloud
-# action = sendmail-whois-lines[name=miab-owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
-logpath  = STORAGE_ROOT/owncloud/owncloud.log
-maxretry = 20
-findtime = 120
-
 [miab-postfix587]
 enabled  = true
 port     = 587
 filter   = miab-postfix-submission
-# action = sendmail-whois-lines[name=miab-postfix-submission, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=miab-postfix-submission, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 logpath  = /var/log/mail.log
 maxretry = 20
 findtime = 30
@@ -116,7 +106,7 @@ findtime = 30
 enabled  = true
 port     = http,https
 filter   = miab-roundcube
-action = sendmail-whois-lines[name=miab-roundcube, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
+action = sendmail-whois-lines[name=miab-roundcube, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
 logpath  = /var/log/roundcubemail/errors
 maxretry = 20
 findtime = 30

setup/system.sh

@@ -311,6 +311,7 @@ restart_service resolvconf
 # ### Fail2Ban Service
 
 # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
+# ChiefGyk commented out a filter to use my own temporarily. May be removed later on line 322
 cat conf/fail2ban/jail.local \
 	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
 	> /etc/fail2ban/jail.local
@@ -318,7 +319,7 @@ cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
 cp conf/fail2ban/nginx.conf /etc/fail2ban/filter.d/nginx.conf
 cp conf/fail2ban/miab-management-daemon.conf /etc/fail2ban/filter.d/miab-management-daemon.conf
 cp conf/fail2ban/miab-munin.conf /etc/fail2ban/filter.d/miab-munin.conf
-cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf
+#cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf
 cp conf/fail2ban/miab-postfix-submission.conf /etc/fail2ban/filter.d/miab-postfix-submission.conf
 cp conf/fail2ban/miab-roundcube.conf /etc/fail2ban/filter.d/miab-roundcube.conf
 cp conf/fail2ban/owncloud.conf /etc/fail2ban/filter.d/owncloud.conf