Mercurial > repos > other > Puppet
view modules/fail2ban/files/jail.local @ 337:a79ad974a548
Implement fail2ban for Apache as mod_rewrite
We can't use pure iptables because IPv4 requests come through our
proxy. BUT we're using PROXY, so Apache sees the true IP.
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 16 May 2020 14:05:09 +0100 |
parents | 3e04f35dd0af |
children | 3a1b19f6a054 |
line wrap: on
line source
# Disable ssh-iptables because some versions auto-enable it # and we want to use our own version (which may use non-iptables) [ssh-iptables] enabled = false [ssh-firewall-ban] enabled = true filter = sshd action = firewall-ban[name=SSH,chain=Fail2Ban,port=222] logpath = /var/log/secure maxretry = 3 bantime = 604800 [ssh-user-instaban] enabled = true filter = ibb-sshd-bad-user action = firewall-ban[name=SSH-Instaban,chain=Fail2Ban,port=222] logpath = /var/log/secure maxretry = 1 bantime = 604800 [ssh-key-ban] enabled = true filter = ibb-sshd action = firewall-ban[name=SSH-Key,chain=Fail2Ban,port=222] logpath = /var/log/secure maxretry = 3 findtime = 604800 bantime = 604800 # Disable badbots - we've not seen it used in a month [apache-badbots] enabled = false filter = apache-badbots action = firewall-ban[name=ApacheBadBots,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800 [apache-instaban] enabled = true maxretry = 1 filter = ibb-apache-exploits-instaban action = ibb-apache-ip-block logpath = /var/log/apache/access_*.log findtime = 86400 bantime = 86400 # Disable auth - we've not seen it used in a month [apache-auth] enabled = false maxretry = 5 filter = apache-auth action = firewall-ban[name=ApacheAuth,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/error_*.log findtime = 86400 bantime = 604800 [repeat-offenders] enabled = true maxretry = 2 filter = ibb-repeat-offender action = firewall-ban[name=RepeatOffenders,chain=Fail2Ban,port="80,443,25,465"] logpath = /var/log/fail2ban.log findtime = 2592000 bantime = 2592000 [repeat-offenders-ssh] enabled = true maxretry = 2 filter = ibb-repeat-offender-ssh action = firewall-ban[name=RepeatOffendersSSH,chain=Fail2Ban,port="222"] logpath = /var/log/fail2ban.log findtime = 2592000 bantime = 2592000 [spam-email] enabled = true maxretry = 1 filter = ibb-postfix-spammers action = firewall-ban[name=SpamEmail,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-abuse] enabled = true maxretry = 1 filter = ibb-postfix-malicious action = firewall-ban[name=MailAbuse,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [mail-rejected] enabled = false maxretry = 10 filter = ibb-postfix action = firewall-ban[name=MailRejected,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [sasl] enabled = true maxretry = 10 filter = postfix[mode=auth] action = firewall-ban[name=SASLFailures,chain=Fail2Ban,port="465,25"] logpath = /var/log/maillog findtime = 604800 bantime = 604800 [shellshock] enabled = true maxretry = 1 filter = ibb-apache-shellshock action = firewall-ban[name=Shellshock,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log findtime = 604800 bantime = 604800