Mercurial > repos > other > Puppet
annotate common/fail2ban/jail.local @ 64:3bb824dabaae puppet-3.6
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
Less painful than I expected :)
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 13 Sep 2015 20:48:18 +0100 |
parents | e5c999fa15e2 |
children | 1a985a58dea5 |
rev | line source |
---|---|
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
6
diff
changeset
|
1 # Disable ssh-iptables because some versions auto-enable it |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
6
diff
changeset
|
2 # and we want to use our own version (which may use non-iptables) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 [ssh-iptables] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 enabled = false |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
6
diff
changeset
|
6 [ssh-firewall-ban] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 filter = sshd |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
9 action = firewall-ban[name=SSH,chain=Fail2Ban,port=22] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 logpath = /var/log/secure |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 maxretry = 5 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 [apache-badbots] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 filter = apache-badbots |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
17 action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 logpath = /var/log/apache/access_*.log |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 [apache-instaban] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 maxretry = 1 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 filter = ibb-apache-exploits-instaban |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
26 action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 logpath = /var/log/apache/access_*.log |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 [apache-auth] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 maxretry = 5 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 filter = apache-auth |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
35 action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 logpath = /var/log/apache/error_*.log |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 findtime = 86400 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 [repeat-offenders] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 maxretry = 2 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 filter = ibb-repeat-offender |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
44 action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="1:65535"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 logpath = /var/log/fail2ban.log |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 findtime = 2592000 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 bantime = 2592000 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 [spam-email] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 maxretry = 1 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 filter = ibb-postfix-spammers |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
53 action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 logpath = /var/log/maillog |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 [mail-abuse] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 maxretry = 1 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 filter = ibb-postfix-malicious |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
62 action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 logpath = /var/log/maillog |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 [mail-rejected] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 maxretry = 10 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 filter = ibb-postfix |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
71 action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 logpath = /var/log/maillog |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 bantime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 [sasl] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 enabled = true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
78 maxretry = 10 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
79 filter = postfix-sasl |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
80 action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
81 logpath = /var/log/maillog |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 findtime = 604800 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 bantime = 604800 |
6
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
84 |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
85 [shellshock] |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
86 enabled = true |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
87 maxretry = 1 |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
88 filter = ibb-apache-shellshock |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
63
diff
changeset
|
89 action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"] |
6
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
90 logpath = /var/log/apache/access_*.log |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
91 findtime = 604800 |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
92 bantime = 604800 |