Mercurial > repos > other > Puppet
comparison modules/fail2ban/files/jail.local @ 292:3e04f35dd0af
Turn Fail2ban setup into a module
We now:
* Don't have a large class outside a module
* Build "bad SSH users" config from a list
(easier to understand/see diffs in than a long line)
* Use modern EPP files
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 18 Jan 2020 15:17:03 +0000 |
parents | common/fail2ban/jail.local@23c4f6a38b57 |
children | a79ad974a548 |
comparison
equal
deleted
inserted
replaced
291:d2ae0b786b49 | 292:3e04f35dd0af |
---|---|
1 # Disable ssh-iptables because some versions auto-enable it | |
2 # and we want to use our own version (which may use non-iptables) | |
3 [ssh-iptables] | |
4 enabled = false | |
5 | |
6 [ssh-firewall-ban] | |
7 enabled = true | |
8 filter = sshd | |
9 action = firewall-ban[name=SSH,chain=Fail2Ban,port=222] | |
10 logpath = /var/log/secure | |
11 maxretry = 3 | |
12 bantime = 604800 | |
13 | |
14 [ssh-user-instaban] | |
15 enabled = true | |
16 filter = ibb-sshd-bad-user | |
17 action = firewall-ban[name=SSH-Instaban,chain=Fail2Ban,port=222] | |
18 logpath = /var/log/secure | |
19 maxretry = 1 | |
20 bantime = 604800 | |
21 | |
22 [ssh-key-ban] | |
23 enabled = true | |
24 filter = ibb-sshd | |
25 action = firewall-ban[name=SSH-Key,chain=Fail2Ban,port=222] | |
26 logpath = /var/log/secure | |
27 maxretry = 3 | |
28 findtime = 604800 | |
29 bantime = 604800 | |
30 | |
31 | |
32 [apache-badbots] | |
33 enabled = true | |
34 filter = apache-badbots | |
35 action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"] | |
36 logpath = /var/log/apache/access_*.log | |
37 findtime = 604800 | |
38 bantime = 604800 | |
39 | |
40 [apache-instaban] | |
41 enabled = true | |
42 maxretry = 1 | |
43 filter = ibb-apache-exploits-instaban | |
44 action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"] | |
45 logpath = /var/log/apache/access_*.log | |
46 findtime = 86400 | |
47 bantime = 86400 | |
48 | |
49 [apache-auth] | |
50 enabled = true | |
51 maxretry = 5 | |
52 filter = apache-auth | |
53 action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"] | |
54 logpath = /var/log/apache/error_*.log | |
55 findtime = 86400 | |
56 bantime = 604800 | |
57 | |
58 [repeat-offenders] | |
59 enabled = true | |
60 maxretry = 2 | |
61 filter = ibb-repeat-offender | |
62 action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"] | |
63 logpath = /var/log/fail2ban.log | |
64 findtime = 2592000 | |
65 bantime = 2592000 | |
66 | |
67 [repeat-offenders-ssh] | |
68 enabled = true | |
69 maxretry = 2 | |
70 filter = ibb-repeat-offender-ssh | |
71 action = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"] | |
72 logpath = /var/log/fail2ban.log | |
73 findtime = 2592000 | |
74 bantime = 2592000 | |
75 | |
76 [spam-email] | |
77 enabled = true | |
78 maxretry = 1 | |
79 filter = ibb-postfix-spammers | |
80 action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"] | |
81 logpath = /var/log/maillog | |
82 findtime = 604800 | |
83 bantime = 604800 | |
84 | |
85 [mail-abuse] | |
86 enabled = true | |
87 maxretry = 1 | |
88 filter = ibb-postfix-malicious | |
89 action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"] | |
90 logpath = /var/log/maillog | |
91 findtime = 604800 | |
92 bantime = 604800 | |
93 | |
94 [mail-rejected] | |
95 enabled = true | |
96 maxretry = 10 | |
97 filter = ibb-postfix | |
98 action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"] | |
99 logpath = /var/log/maillog | |
100 findtime = 604800 | |
101 bantime = 604800 | |
102 | |
103 [sasl] | |
104 enabled = true | |
105 maxretry = 10 | |
106 filter = postfix[mode=auth] | |
107 action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"] | |
108 logpath = /var/log/maillog | |
109 findtime = 604800 | |
110 bantime = 604800 | |
111 | |
112 [shellshock] | |
113 enabled = true | |
114 maxretry = 1 | |
115 filter = ibb-apache-shellshock | |
116 action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"] | |
117 logpath = /var/log/apache/access_*.log | |
118 findtime = 604800 | |
119 bantime = 604800 |