Initial commit

2017-11-27 04:23:54 +01:00
commit 4dbdf09dc9
42 changed files with 2123 additions and 0 deletions
--- a/0.8.6/jail.local
+++ b/0.8.6/jail.local
@ -0,0 +1,144 @@
+[DEFAULT]
+
+#
+# ACTIONS
+#
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, shorewall, etc) It is used to define
+# action_* variables. Can be overridden globally or per
+# section within jail.local file
+banaction = iptables-multiport-log
+
+mta = sendmail
+
+## - Note:
+## - sendmail-only-ban must be configured. See action.d/sendmail-only-ban.local
+## -
+action_m = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+              %(mta)s-only-ban_unban[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+## - Choose default action
+## -
+#action = %(action_m)s
+action = %(action_)s
+
+
+#
+# JAILS
+#
+
+[ssh]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+findtime = 600
+maxretry = 3
+bantime  = 86400
+
+[ssh-vservers]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /vservers/*/var/log/auth.log
+findtime = 600
+maxretry = 3
+bantime  = 86400
+
+[sasl]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = sasl
+logpath  = /var/log/mail.warn
+findtime = 600
+maxretry = 3
+bantime  = 43200
+
+## - MAC is sending 3 failed SASL requests before
+## - authentication succeeded
+## -
+## - If running a mailserver, consider that fact!
+## -
+[sasl-vservers]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = sasl
+logpath  = /vservers/*/var/log/mail.warn
+findtime = 30
+maxretry = 19
+bantime  = 10800
+
+[postfix]
+enabled  = true
+port     = smtp,ssmtp
+filter   = postfix
+logpath  = /vservers/a.mx/var/log/mail.log
+findtime = 60
+maxretry = 1
+bantime  = 43200
+
+[postfix-auth-dos]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = postfix-auth-dos
+logpath  = /vservers/a.mx/var/log/mail.log
+findtime = 60
+maxretry = 60
+bantime  = 10800
+
+[apache-badbots]
+# Ban hosts which agent identifies spammer robots crawling the web
+# for email addresses. The mail outputs are buffered.
+enabled  = true
+port     = http,https
+filter   = apache-badbots
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+findtime = 10
+maxretry = 1
+bantime  = 172800
+
+[http-dos]
+enabled  = true
+filter   = http-dos
+port     = http,https
+logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
+maxretry = 600
+findtime = 60
+bantime  = 43200
+
+[wp-login]
+enabled  = true
+filter   = wp-login
+port     = http,https
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 60
+bantime  = 86400
+
+[wp-xmlrpc]
+enabled  = true
+filter   = wp-xmlrpc
+port     = http,https
+logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 60
+bantime  = 43200
+
+[owncloud]
+enabled  = true
+filter   = owncloud
+port     = http,https
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 30
+bantime  = 600
+
+[pure-ftpd]
+enabled  = true
+filter   = pure-ftpd
+port     = ftp,ftp-data,ftps,ftps-data
+logpath  = /vservers/*/var/log/pure-ftpd/ftp.log
+maxretry = 5
+findtime = 600
+bantime  = 86400