annotate common/fail2ban/jail.local @ 64:3bb824dabaae puppet-3.6

Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) Less painful than I expected :)
author IBBoard <dev@ibboard.co.uk>
date Sun, 13 Sep 2015 20:48:18 +0100
parents e5c999fa15e2
children 1a985a58dea5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
35
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents: 6
diff changeset
1 # Disable ssh-iptables because some versions auto-enable it
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents: 6
diff changeset
2 # and we want to use our own version (which may use non-iptables)
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 [ssh-iptables]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 enabled = false
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5
35
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents: 6
diff changeset
6 [ssh-firewall-ban]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
7 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
8 filter = sshd
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
9 action = firewall-ban[name=SSH,chain=Fail2Ban,port=22]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 logpath = /var/log/secure
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 maxretry = 5
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 [apache-badbots]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 filter = apache-badbots
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
17 action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 logpath = /var/log/apache/access_*.log
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22 [apache-instaban]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 maxretry = 1
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 filter = ibb-apache-exploits-instaban
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
26 action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 logpath = /var/log/apache/access_*.log
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31 [apache-auth]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 maxretry = 5
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
34 filter = apache-auth
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
35 action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
36 logpath = /var/log/apache/error_*.log
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 findtime = 86400
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
38 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
40 [repeat-offenders]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
41 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
42 maxretry = 2
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 filter = ibb-repeat-offender
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
44 action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="1:65535"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
45 logpath = /var/log/fail2ban.log
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46 findtime = 2592000
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 bantime = 2592000
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 [spam-email]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51 maxretry = 1
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
52 filter = ibb-postfix-spammers
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
53 action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
54 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
55 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
56 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
57
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
58 [mail-abuse]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
59 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
60 maxretry = 1
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
61 filter = ibb-postfix-malicious
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
62 action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
63 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
64 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
65 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
66
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
67 [mail-rejected]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
68 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
69 maxretry = 10
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
70 filter = ibb-postfix
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
71 action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
72 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
73 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
74 bantime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
75
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
76 [sasl]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
77 enabled = true
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
78 maxretry = 10
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
79 filter = postfix-sasl
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
80 action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
81 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
82 findtime = 604800
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
83 bantime = 604800
6
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
84
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
85 [shellshock]
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
86 enabled = true
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
87 maxretry = 1
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
88 filter = ibb-apache-shellshock
64
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents: 63
diff changeset
89 action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"]
6
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
90 logpath = /var/log/apache/access_*.log
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
91 findtime = 604800
b7c30595c97a Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
92 bantime = 604800