some fixes to fail2ban filters and jail.local

This commit is contained in:
ChiefGyk 2016-06-27 04:13:56 -04:00
parent 5265839681
commit b76c9330c5
2 changed files with 20 additions and 29 deletions

View File

@ -14,15 +14,15 @@ action = %(action_mwl)s
[ssh] [ssh]
maxretry = 7 maxretry = 7
bantime = 3600 bantime = 3600
# action = sendmail-whois-lines[name=ssh, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=ssh, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
[ssh-ddos] [ssh-ddos]
enabled = true enabled = true
# action = sendmail-whois-lines[name=ssh-ddos, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=ssh-ddos, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
[sasl] [sasl]
enabled = true enabled = true
# action = sendmail-whois-lines[name=sasl, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=sasl, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
[nginx] [nginx]
@ -30,14 +30,14 @@ enabled = true
enabled = true enabled = true
filter = nginx-http-auth filter = nginx-http-auth
port = http,https port = http,https
# action = sendmail-whois-lines[name=nginx-http-auth, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=nginx-http-auth, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
[nginx-badbots] [nginx-badbots]
enabled = true enabled = true
port = http,https port = http,https
filter = nginx-badbots filter = nginx-badbots
# action = sendmail-whois-lines[name=nginx-badbots, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=nginx-badbots, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
maxretry = 2 maxretry = 2
@ -46,14 +46,14 @@ enabled = true
filter = dovecotimap filter = dovecotimap
findtime = 30 findtime = 30
maxretry = 20 maxretry = 20
# action = sendmail-whois-lines[name=dovecot, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=dovecot, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
logpath = /var/log/mail.log logpath = /var/log/mail.log
[recidive] [recidive]
enabled = true enabled = true
maxretry = 10 maxretry = 10
action = iptables-allports[name=recidive] action = iptables-allports[name=recidive]
# sendmail-whois-lines[name=recidive, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] sendmail-whois-lines[name=recidive, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
# In the recidive section of jail.conf the action contains: # In the recidive section of jail.conf the action contains:
# #
@ -67,19 +67,18 @@ action = iptables-allports[name=recidive]
# can't be delivered to fail2ban@$HOSTNAME. # can't be delivered to fail2ban@$HOSTNAME.
# Copied from ChiefGyk's OwnCloud # Copied from ChiefGyk's OwnCloud
# [owncloud] [owncloud]
# enabled = true enabled = true
# filter = owncloud filter = owncloud
# action = sendmail-whois-lines[name=owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=owncloud, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
# logpath = STORAGE_ROOT/owncloud/owncloud.log logpath = STORAGE_ROOT/owncloud/owncloud.log
# maxretry = 20 maxretry = 20
# findtime = 300 findtime = 300
# bantime = 300
[miab-management] [miab-management]
enabled = true enabled = true
filter = miab-management-daemon filter = miab-management-daemon
# action = sendmail-whois-lines[name=miab-management, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=miab-management, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
port = http,https port = http,https
logpath = /var/log/syslog logpath = /var/log/syslog
maxretry = 20 maxretry = 20
@ -89,25 +88,16 @@ findtime = 30
enabled = true enabled = true
port = http,https port = http,https
filter = miab-munin filter = miab-munin
# action = sendmail-whois-lines[name=miab-munin, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=miab-munin, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
maxretry = 20 maxretry = 20
findtime = 30 findtime = 30
[miab-owncloud]
enabled = true
port = http,https
filter = miab-owncloud
# action = sendmail-whois-lines[name=miab-owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
logpath = STORAGE_ROOT/owncloud/owncloud.log
maxretry = 20
findtime = 120
[miab-postfix587] [miab-postfix587]
enabled = true enabled = true
port = 587 port = 587
filter = miab-postfix-submission filter = miab-postfix-submission
# action = sendmail-whois-lines[name=miab-postfix-submission, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=miab-postfix-submission, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
logpath = /var/log/mail.log logpath = /var/log/mail.log
maxretry = 20 maxretry = 20
findtime = 30 findtime = 30
@ -116,7 +106,7 @@ findtime = 30
enabled = true enabled = true
port = http,https port = http,https
filter = miab-roundcube filter = miab-roundcube
action = sendmail-whois-lines[name=miab-roundcube, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"] action = sendmail-whois-lines[name=miab-roundcube, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
logpath = /var/log/roundcubemail/errors logpath = /var/log/roundcubemail/errors
maxretry = 20 maxretry = 20
findtime = 30 findtime = 30

View File

@ -311,6 +311,7 @@ restart_service resolvconf
# ### Fail2Ban Service # ### Fail2Ban Service
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
# ChiefGyk commented out a filter to use my own temporarily. May be removed later on line 322
cat conf/fail2ban/jail.local \ cat conf/fail2ban/jail.local \
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ | sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
> /etc/fail2ban/jail.local > /etc/fail2ban/jail.local
@ -318,7 +319,7 @@ cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
cp conf/fail2ban/nginx.conf /etc/fail2ban/filter.d/nginx.conf cp conf/fail2ban/nginx.conf /etc/fail2ban/filter.d/nginx.conf
cp conf/fail2ban/miab-management-daemon.conf /etc/fail2ban/filter.d/miab-management-daemon.conf cp conf/fail2ban/miab-management-daemon.conf /etc/fail2ban/filter.d/miab-management-daemon.conf
cp conf/fail2ban/miab-munin.conf /etc/fail2ban/filter.d/miab-munin.conf cp conf/fail2ban/miab-munin.conf /etc/fail2ban/filter.d/miab-munin.conf
cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf #cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf
cp conf/fail2ban/miab-postfix-submission.conf /etc/fail2ban/filter.d/miab-postfix-submission.conf cp conf/fail2ban/miab-postfix-submission.conf /etc/fail2ban/filter.d/miab-postfix-submission.conf
cp conf/fail2ban/miab-roundcube.conf /etc/fail2ban/filter.d/miab-roundcube.conf cp conf/fail2ban/miab-roundcube.conf /etc/fail2ban/filter.d/miab-roundcube.conf
cp conf/fail2ban/owncloud.conf /etc/fail2ban/filter.d/owncloud.conf cp conf/fail2ban/owncloud.conf /etc/fail2ban/filter.d/owncloud.conf