some fixes to fail2ban filters and jail.local
This commit is contained in:
ChiefGyk
parent
5265839681
commit
b76c9330c5
|
|
@ -14,15 +14,15 @@ action = %(action_mwl)s
|
|||
[ssh]
|
||||
maxretry = 7
|
||||
bantime = 3600
|
||||
# action = sendmail-whois-lines[name=ssh, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=ssh, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
|
||||
[ssh-ddos]
|
||||
enabled = true
|
||||
# action = sendmail-whois-lines[name=ssh-ddos, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=ssh-ddos, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
|
||||
[sasl]
|
||||
enabled = true
|
||||
# action = sendmail-whois-lines[name=sasl, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=sasl, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
|
||||
|
||||
[nginx]
|
||||
|
|
@ -30,14 +30,14 @@ enabled = true
|
|||
enabled = true
|
||||
filter = nginx-http-auth
|
||||
port = http,https
|
||||
# action = sendmail-whois-lines[name=nginx-http-auth, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=nginx-http-auth, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
|
||||
[nginx-badbots]
|
||||
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = nginx-badbots
|
||||
# action = sendmail-whois-lines[name=nginx-badbots, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=nginx-badbots, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = /var/log/nginx/access.log
|
||||
maxretry = 2
|
||||
|
||||
|
|
@ -46,14 +46,14 @@ enabled = true
|
|||
filter = dovecotimap
|
||||
findtime = 30
|
||||
maxretry = 20
|
||||
# action = sendmail-whois-lines[name=dovecot, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=dovecot, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = /var/log/mail.log
|
||||
|
||||
[recidive]
|
||||
enabled = true
|
||||
maxretry = 10
|
||||
action = iptables-allports[name=recidive]
|
||||
# sendmail-whois-lines[name=recidive, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
sendmail-whois-lines[name=recidive, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
|
||||
# In the recidive section of jail.conf the action contains:
|
||||
#
|
||||
|
|
@ -67,19 +67,18 @@ action = iptables-allports[name=recidive]
|
|||
# can't be delivered to fail2ban@$HOSTNAME.
|
||||
|
||||
# Copied from ChiefGyk's OwnCloud
|
||||
# [owncloud]
|
||||
# enabled = true
|
||||
# filter = owncloud
|
||||
# action = sendmail-whois-lines[name=owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
# logpath = STORAGE_ROOT/owncloud/owncloud.log
|
||||
# maxretry = 20
|
||||
# findtime = 300
|
||||
# bantime = 300
|
||||
[owncloud]
|
||||
enabled = true
|
||||
filter = owncloud
|
||||
action = sendmail-whois-lines[name=owncloud, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = STORAGE_ROOT/owncloud/owncloud.log
|
||||
maxretry = 20
|
||||
findtime = 300
|
||||
|
||||
[miab-management]
|
||||
enabled = true
|
||||
filter = miab-management-daemon
|
||||
# action = sendmail-whois-lines[name=miab-management, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=miab-management, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
port = http,https
|
||||
logpath = /var/log/syslog
|
||||
maxretry = 20
|
||||
|
|
@ -89,25 +88,16 @@ findtime = 30
|
|||
enabled = true
|
||||
port = http,https
|
||||
filter = miab-munin
|
||||
# action = sendmail-whois-lines[name=miab-munin, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=miab-munin, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = /var/log/nginx/access.log
|
||||
maxretry = 20
|
||||
findtime = 30
|
||||
|
||||
[miab-owncloud]
|
||||
enabled = true
|
||||
port = http,https
|
||||
filter = miab-owncloud
|
||||
# action = sendmail-whois-lines[name=miab-owncloud, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
logpath = STORAGE_ROOT/owncloud/owncloud.log
|
||||
maxretry = 20
|
||||
findtime = 120
|
||||
|
||||
[miab-postfix587]
|
||||
enabled = true
|
||||
port = 587
|
||||
filter = miab-postfix-submission
|
||||
# action = sendmail-whois-lines[name=miab-postfix-submission, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=miab-postfix-submission, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = /var/log/mail.log
|
||||
maxretry = 20
|
||||
findtime = 30
|
||||
|
|
@ -116,7 +106,7 @@ findtime = 30
|
|||
enabled = true
|
||||
port = http,https
|
||||
filter = miab-roundcube
|
||||
action = sendmail-whois-lines[name=miab-roundcube, dest="<USER>@<DOMAIN>.<TLD>,<USER2>@<DOMAIN2>.<TLD2>,fail2ban@blocklist.de", sender=fail2ban@box.<SERVER>.<TLD>, sendername="Fail2Ban"]
|
||||
action = sendmail-whois-lines[name=miab-roundcube, dest="admin@$DOMAIN", sender=fail2ban@$DOMAIN, sendername="Fail2Ban"]
|
||||
logpath = /var/log/roundcubemail/errors
|
||||
maxretry = 20
|
||||
findtime = 30
|
||||
|
|
|
|||
|
|
@ -311,6 +311,7 @@ restart_service resolvconf
|
|||
# ### Fail2Ban Service
|
||||
|
||||
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
|
||||
# ChiefGyk commented out a filter to use my own temporarily. May be removed later on line 322
|
||||
cat conf/fail2ban/jail.local \
|
||||
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
||||
> /etc/fail2ban/jail.local
|
||||
|
|
@ -318,7 +319,7 @@ cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
|
|||
cp conf/fail2ban/nginx.conf /etc/fail2ban/filter.d/nginx.conf
|
||||
cp conf/fail2ban/miab-management-daemon.conf /etc/fail2ban/filter.d/miab-management-daemon.conf
|
||||
cp conf/fail2ban/miab-munin.conf /etc/fail2ban/filter.d/miab-munin.conf
|
||||
cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf
|
||||
#cp conf/fail2ban/miab-owncloud.conf /etc/fail2ban/filter.d/miab-owncloud.conf
|
||||
cp conf/fail2ban/miab-postfix-submission.conf /etc/fail2ban/filter.d/miab-postfix-submission.conf
|
||||
cp conf/fail2ban/miab-roundcube.conf /etc/fail2ban/filter.d/miab-roundcube.conf
|
||||
cp conf/fail2ban/owncloud.conf /etc/fail2ban/filter.d/owncloud.conf
|
||||
|
|
|
|||
Loading…
Reference in New Issue