Mercurial > repos > other > Puppet
view common/fail2ban/jail.local @ 113:34302ede8d87 puppet-3.6
Make sure our websites load after ALL other Apache config
If we don't do this then <IfModule> statements in vhosts
probably won't work, because the load will be done in named
config file that seems to get parsed *after* the vhost
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 04 Jun 2016 14:07:37 +0100 |
parents | 1a985a58dea5 |
children | 103a3630e9b2 |
line wrap: on
line source
# Disable ssh-iptables because some versions auto-enable it # and we want to use our own version (which may use non-iptables) [ssh-iptables] enabled = false [ssh-firewall-ban] enabled = true filter = sshd action = firewall-ban[name=SSH,chain=Fail2Ban,port=22] logpath = /var/log/secure maxretry = 5 bantime = 604800 [apache-badbots] enabled = true filter = apache-badbots action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800 [apache-instaban] enabled = true maxretry = 1 filter = ibb-apache-exploits-instaban action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800 [apache-auth] enabled = true maxretry = 5 filter = apache-auth action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/error_*.log findtime = 86400 bantime = 604800 [repeat-offenders] enabled = true maxretry = 2 filter = ibb-repeat-offender action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"] logpath = /var/log/fail2ban.log findtime = 2592000 bantime = 2592000 [spam-email] enabled = true maxretry = 1 filter = ibb-postfix-spammers action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-abuse] enabled = true maxretry = 1 filter = ibb-postfix-malicious action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-rejected] enabled = true maxretry = 10 filter = ibb-postfix action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [sasl] enabled = true maxretry = 10 filter = postfix-sasl action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [shellshock] enabled = true maxretry = 1 filter = ibb-apache-shellshock action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800