Mercurial > repos > other > Puppet
view common/fail2ban/jail.local @ 187:6c260427a94c puppet-3.6
Reduce Apache Instaban ban duration to reduce reboot time
We're getting flooded with hundreds of failures per day, which
keeps nearly 1000 entries in Fail2Ban, which then "unbans" each
and every IP on stop. As the system only does a few unbans per
second then this can take three minutes to stop (e.g. at shutdown)!
May need to alter "repeat offender" in future
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 02 Feb 2019 16:30:40 +0000 |
parents | c76ba5e3685f |
children | 3c03d3d03656 |
line wrap: on
line source
# Disable ssh-iptables because some versions auto-enable it # and we want to use our own version (which may use non-iptables) [ssh-iptables] enabled = false [ssh-firewall-ban] enabled = true filter = sshd action = firewall-ban[name=SSH,chain=Fail2Ban,port=222] logpath = /var/log/secure maxretry = 5 bantime = 604800 [ssh-key-ban] enabled = true filter = ibb-sshd action = firewall-ban[name=SSH,chain=Fail2Ban,port=222] logpath = /var/log/secure maxretry = 5 findtime = 604800 bantime = 604800 [apache-badbots] enabled = true filter = apache-badbots action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800 [apache-instaban] enabled = true maxretry = 1 filter = ibb-apache-exploits-instaban action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 86400 bantime = 86400 [apache-auth] enabled = true maxretry = 5 filter = apache-auth action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/error_*.log findtime = 86400 bantime = 604800 [repeat-offenders] enabled = true maxretry = 2 filter = ibb-repeat-offender action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465,222"] logpath = /var/log/fail2ban.log findtime = 2592000 bantime = 2592000 [spam-email] enabled = true maxretry = 1 filter = ibb-postfix-spammers action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-abuse] enabled = true maxretry = 1 filter = ibb-postfix-malicious action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-rejected] enabled = true maxretry = 10 filter = ibb-postfix action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [sasl] enabled = true maxretry = 10 filter = postfix-sasl action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [shellshock] enabled = true maxretry = 1 filter = ibb-apache-shellshock action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800