other/Puppet: modules/fail2ban/files/jail.local annotate

annotate modules/fail2ban/files/jail.local @ 292:3e04f35dd0af

Turn Fail2ban setup into a module We now: * Don't have a large class outside a module * Build "bad SSH users" config from a list (easier to understand/see diffs in than a long line) * Use modern EPP files

author	IBBoard <dev@ibboard.co.uk>
date	Sat, 18 Jan 2020 15:17:03 +0000
parents	common/fail2ban/jail.local@23c4f6a38b57
children	a79ad974a548

rev	line source
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 6 diff changeset	1 # Disable ssh-iptables because some versions auto-enable it
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 6 diff changeset	2 # and we want to use our own version (which may use non-iptables)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 [ssh-iptables]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 enabled = false
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 6 diff changeset	6 [ssh-firewall-ban]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 filter = sshd
171 103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	9 action = firewall-ban[name=SSH,chain=Fail2Ban,port=222]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 logpath = /var/log/secure
197 23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	11 maxretry = 3
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	12 bantime = 604800
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	13
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	14 [ssh-user-instaban]
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	15 enabled = true
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	16 filter = ibb-sshd-bad-user
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	17 action = firewall-ban[name=SSH-Instaban,chain=Fail2Ban,port=222]
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	18 logpath = /var/log/secure
23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	19 maxretry = 1
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21
171 103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	22 [ssh-key-ban]
103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	23 enabled = true
103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	24 filter = ibb-sshd
196 d3ef339b53a6 Separate the two Fail2ban SSH rules in iptables IBBoard <dev@ibboard.co.uk> parents: 195 diff changeset	25 action = firewall-ban[name=SSH-Key,chain=Fail2Ban,port=222]
171 103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	26 logpath = /var/log/secure
197 23c4f6a38b57 Make Fail2Ban SSH rules more agressive IBBoard <dev@ibboard.co.uk> parents: 196 diff changeset	27 maxretry = 3
175 c76ba5e3685f Add a find time to custom SSH rule as it is low and slow IBBoard <dev@ibboard.co.uk> parents: 171 diff changeset	28 findtime = 604800
171 103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	29 bantime = 604800
103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	30
103a3630e9b2 Tighten up some Fail2Ban rules (including SSH probes with only insecure keys) IBBoard <dev@ibboard.co.uk> parents: 71 diff changeset	31
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	32 [apache-badbots]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	34 filter = apache-badbots
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	35 action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	36 logpath = /var/log/apache/access_*.log
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 findtime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 [apache-instaban]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 maxretry = 1
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 filter = ibb-apache-exploits-instaban
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	44 action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 logpath = /var/log/apache/access_*.log
187 6c260427a94c Reduce Apache Instaban ban duration to reduce reboot time IBBoard <dev@ibboard.co.uk> parents: 175 diff changeset	46 findtime = 86400
6c260427a94c Reduce Apache Instaban ban duration to reduce reboot time IBBoard <dev@ibboard.co.uk> parents: 175 diff changeset	47 bantime = 86400
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 [apache-auth]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 maxretry = 5
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 filter = apache-auth
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	53 action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 logpath = /var/log/apache/error_*.log
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 findtime = 86400
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 [repeat-offenders]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 maxretry = 2
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 filter = ibb-repeat-offender
195 f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	62 action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"]
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	63 logpath = /var/log/fail2ban.log
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	64 findtime = 2592000
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	65 bantime = 2592000
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	66
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	67 [repeat-offenders-ssh]
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	68 enabled = true
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	69 maxretry = 2
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	70 filter = ibb-repeat-offender-ssh
f70831cc2864 Separate out SSH repeats from web/email repeats IBBoard <dev@ibboard.co.uk> parents: 189 diff changeset	71 action = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 logpath = /var/log/fail2ban.log
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 findtime = 2592000
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	74 bantime = 2592000
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	75
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	76 [spam-email]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	77 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	78 maxretry = 1
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	79 filter = ibb-postfix-spammers
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	80 action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	81 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	82 findtime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	83 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	84
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	85 [mail-abuse]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	86 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	87 maxretry = 1
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	88 filter = ibb-postfix-malicious
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	89 action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	90 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	91 findtime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	92 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	93
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	94 [mail-rejected]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	96 maxretry = 10
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 filter = ibb-postfix
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	98 action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	99 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	100 findtime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	101 bantime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	102
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	103 [sasl]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	104 enabled = true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 maxretry = 10
189 3c03d3d03656 Switch to new Postfix SASL filter (no longer a separate file) IBBoard <dev@ibboard.co.uk> parents: 187 diff changeset	106 filter = postfix[mode=auth]
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	107 action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	108 logpath = /var/log/maillog
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	109 findtime = 604800
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	110 bantime = 604800
6 b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	111
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	112 [shellshock]
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	113 enabled = true
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	114 maxretry = 1
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	115 filter = ibb-apache-shellshock
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 63 diff changeset	116 action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"]
6 b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	117 logpath = /var/log/apache/access_*.log
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	118 findtime = 604800
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	119 bantime = 604800

Mercurial > repos > other > Puppet

annotate modules/fail2ban/files/jail.local @ 292:3e04f35dd0af