Mercurial > repos > other > Puppet

view modules/fail2ban/files/jail.local @ 292:3e04f35dd0af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Turn Fail2ban setup into a module We now: * Don't have a large class outside a module * Build "bad SSH users" config from a list (easier to understand/see diffs in than a long line) * Use modern EPP files
author IBBoard <dev@ibboard.co.uk>
date Sat, 18 Jan 2020 15:17:03 +0000
parents common/fail2ban/jail.local@23c4f6a38b57
children a79ad974a548
line wrap: on
line source

# Disable ssh-iptables because some versions auto-enable it
# and we want to use our own version (which may use non-iptables)
[ssh-iptables]
enabled = false

[ssh-firewall-ban]
enabled  = true
filter   = sshd
action   = firewall-ban[name=SSH,chain=Fail2Ban,port=222]
logpath  = /var/log/secure
maxretry = 3
bantime  = 604800

[ssh-user-instaban]
enabled  = true
filter   = ibb-sshd-bad-user
action   = firewall-ban[name=SSH-Instaban,chain=Fail2Ban,port=222]
logpath  = /var/log/secure
maxretry = 1
bantime  = 604800

[ssh-key-ban]
enabled  = true
filter   = ibb-sshd
action   = firewall-ban[name=SSH-Key,chain=Fail2Ban,port=222]
logpath  = /var/log/secure
maxretry = 3
findtime = 604800
bantime  = 604800


[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"]
logpath  = /var/log/apache/access_*.log
findtime = 604800
bantime  = 604800

[apache-instaban]
enabled  = true
maxretry = 1
filter   = ibb-apache-exploits-instaban
action   = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"]
logpath  = /var/log/apache/access_*.log
findtime = 86400
bantime  = 86400

[apache-auth]
enabled  = true
maxretry = 5
filter   = apache-auth
action   = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"]
logpath  = /var/log/apache/error_*.log
findtime = 86400
bantime  = 604800

[repeat-offenders]
enabled  = true
maxretry = 2
filter   = ibb-repeat-offender
action   = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"]
logpath  = /var/log/fail2ban.log
findtime = 2592000
bantime  = 2592000

[repeat-offenders-ssh]
enabled  = true
maxretry = 2
filter   = ibb-repeat-offender-ssh
action   = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"]
logpath  = /var/log/fail2ban.log
findtime = 2592000
bantime  = 2592000

[spam-email]
enabled = true
maxretry = 1
filter = ibb-postfix-spammers
action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[mail-abuse]
enabled = true
maxretry = 1
filter = ibb-postfix-malicious
action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[mail-rejected]
enabled = true
maxretry = 10
filter = ibb-postfix
action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[sasl]
enabled = true
maxretry = 10
filter = postfix[mode=auth]
action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[shellshock]
enabled = true
maxretry = 1
filter = ibb-apache-shellshock
action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"]
logpath = /var/log/apache/access_*.log
findtime = 604800
bantime  = 604800