view common/fail2ban/jail.local @ 6:b7c30595c97a

Add "Shellshock" exploit Fail2ban rule
author IBBoard <dev@ibboard.co.uk>
date Sun, 28 Sep 2014 08:03:46 +0000
parents 956e484adc12
children 1bb941522ebf
line wrap: on
line source

[ssh-iptables]
enabled = false

[ssh-apf]
enabled  = true
filter   = sshd
action   = apf[name=SSH]
logpath  = /var/log/secure
maxretry = 5
bantime  = 604800

[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = apf[name=ApacheBadBots]
logpath  = /var/log/apache/access_*.log
findtime = 604800
bantime  = 604800

[apache-instaban]
enabled  = true
maxretry = 1
filter   = ibb-apache-exploits-instaban
action   = apf[name=ApacheInstaban]
logpath  = /var/log/apache/access_*.log
findtime = 604800
bantime  = 604800

[apache-auth]
enabled  = true
maxretry = 5
filter   = apache-auth
action   = apf[name=ApacheAuth]
logpath  = /var/log/apache/error_*.log
findtime = 86400
bantime  = 604800

[repeat-offenders]
enabled  = true
maxretry = 2
filter   = ibb-repeat-offender
action   = apf[name=RepeatOffenders]
logpath  = /var/log/fail2ban.log
findtime = 2592000
bantime  = 2592000

[spam-email]
enabled = true
maxretry = 1
filter = ibb-postfix-spammers
action = apf[name=SpamEmail]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[mail-abuse]
enabled = true
maxretry = 1
filter = ibb-postfix-malicious
action = apf[name=MailAbuse]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[mail-rejected]
enabled = true
maxretry = 10
filter = ibb-postfix
action = apf[name=MailRejected]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[sasl]
enabled = true
maxretry = 10
filter = postfix-sasl
action = apf[name=SASLFailures]
logpath = /var/log/maillog
findtime = 604800
bantime  = 604800

[shellshock]
enabled = true
maxretry = 1
filter = ibb-apache-shellshock
action = apf[name=Shellshock]
logpath = /var/log/apache/access_*.log
findtime = 604800
bantime  = 604800