Mercurial > repos > other > Puppet

comparison modules/fail2ban/files/jail.local @ 292:3e04f35dd0af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Turn Fail2ban setup into a module We now: * Don't have a large class outside a module * Build "bad SSH users" config from a list (easier to understand/see diffs in than a long line) * Use modern EPP files
author IBBoard <dev@ibboard.co.uk>
date Sat, 18 Jan 2020 15:17:03 +0000
parents common/fail2ban/jail.local@23c4f6a38b57
children a79ad974a548
comparison
equal deleted inserted replaced
291:d2ae0b786b49 292:3e04f35dd0af
1 # Disable ssh-iptables because some versions auto-enable it
2 # and we want to use our own version (which may use non-iptables)
3 [ssh-iptables]
4 enabled = false
5
6 [ssh-firewall-ban]
7 enabled = true
8 filter = sshd
9 action = firewall-ban[name=SSH,chain=Fail2Ban,port=222]
10 logpath = /var/log/secure
11 maxretry = 3
12 bantime = 604800
13
14 [ssh-user-instaban]
15 enabled = true
16 filter = ibb-sshd-bad-user
17 action = firewall-ban[name=SSH-Instaban,chain=Fail2Ban,port=222]
18 logpath = /var/log/secure
19 maxretry = 1
20 bantime = 604800
21
22 [ssh-key-ban]
23 enabled = true
24 filter = ibb-sshd
25 action = firewall-ban[name=SSH-Key,chain=Fail2Ban,port=222]
26 logpath = /var/log/secure
27 maxretry = 3
28 findtime = 604800
29 bantime = 604800
30
31
32 [apache-badbots]
33 enabled = true
34 filter = apache-badbots
35 action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"]
36 logpath = /var/log/apache/access_*.log
37 findtime = 604800
38 bantime = 604800
39
40 [apache-instaban]
41 enabled = true
42 maxretry = 1
43 filter = ibb-apache-exploits-instaban
44 action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"]
45 logpath = /var/log/apache/access_*.log
46 findtime = 86400
47 bantime = 86400
48
49 [apache-auth]
50 enabled = true
51 maxretry = 5
52 filter = apache-auth
53 action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"]
54 logpath = /var/log/apache/error_*.log
55 findtime = 86400
56 bantime = 604800
57
58 [repeat-offenders]
59 enabled = true
60 maxretry = 2
61 filter = ibb-repeat-offender
62 action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"]
63 logpath = /var/log/fail2ban.log
64 findtime = 2592000
65 bantime = 2592000
66
67 [repeat-offenders-ssh]
68 enabled = true
69 maxretry = 2
70 filter = ibb-repeat-offender-ssh
71 action = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"]
72 logpath = /var/log/fail2ban.log
73 findtime = 2592000
74 bantime = 2592000
75
76 [spam-email]
77 enabled = true
78 maxretry = 1
79 filter = ibb-postfix-spammers
80 action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"]
81 logpath = /var/log/maillog
82 findtime = 604800
83 bantime = 604800
84
85 [mail-abuse]
86 enabled = true
87 maxretry = 1
88 filter = ibb-postfix-malicious
89 action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"]
90 logpath = /var/log/maillog
91 findtime = 604800
92 bantime = 604800
93
94 [mail-rejected]
95 enabled = true
96 maxretry = 10
97 filter = ibb-postfix
98 action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"]
99 logpath = /var/log/maillog
100 findtime = 604800
101 bantime = 604800
102
103 [sasl]
104 enabled = true
105 maxretry = 10
106 filter = postfix[mode=auth]
107 action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"]
108 logpath = /var/log/maillog
109 findtime = 604800
110 bantime = 604800
111
112 [shellshock]
113 enabled = true
114 maxretry = 1
115 filter = ibb-apache-shellshock
116 action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"]
117 logpath = /var/log/apache/access_*.log
118 findtime = 604800
119 bantime = 604800