[DEFAULT] # # ACTIONS # # Some options used for actions # Sender email address used solely for some actions sender = fail2ban@ # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overridden globally or per # section within jail.local file banaction = iptables-multiport # ban & send an information e-mail to the destemail. No e-mail if unban. # # Note: # sendmail-ban must be configured. See action.d/sendmail-ban.local # action_mb = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-ban[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an information e-mail to the destemail. Also send an # information e-mail if ip was unbanned. # # Note: # sendmail-ban-unban must be configured. See action.d/sendmail-ban-unban.local # action_mbu = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-ban-unban[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] # Choose default action # #action = %(action_mb)s #action = %(action_mbu)s action = %(action_)s # # JAIL # [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log findtime = 600 maxretry = 6 bantime = 86400 [postfix-rbl] enabled = true [postfix-sasl] enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s filter = postfix[mode=auth] port = smtp,465,submission,imap2,imaps,pop3,pop3s findtime = 360 maxretry = 30 bantime = 3600 [postfix-sasl-dos] enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s port = smtp,465,submission filter = postfix[mode=sasl-dos] #logpath = /var/log/mail.log logpath = %(postfix_log)s backend = %(postfix_backend)s findtime = 60 maxretry = 20 bantime = 10800 [dovecot] enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s #action = %(action_mbu)s port = pop3,pop3s,imap2,imaps,submission,465 filter = dovecot[mode=sql] #mode = sql logpath = /var/log/dovecot/dovecot.log maxretry = 20 #maxretry = 4 findtime = 1200 bantime = 1800 [roundcube-auth] # If using logfile 'userlogins', take care option parameter 'log_logins' is set to tru: # '$config['log_logins'] = true;' # # Otherwise use logfile 'errors' enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s #action = %(action_mbu)s port = http,https logpath = /var/www//logs/userlogins #logpath = /var/www//logs/errors maxretry = 5 #maxretry = 4 findtime = 60 bantime = 3600 #bantime = 21600 [pure-ftpd] enabled = false action = %(action_mbu)s logpath = /var/log/pure-ftpd/ftp.log findtime = 300 maxretry = 5 bantime = 43200 # - Replaced with 'wordpress-hard' and 'wordpress-soft' #[wp-login] #enabled = false #action = %(action_mbu)s #filter = wp-login #port = http,https #logpath = /var/log/apache2/ip_requests.log #maxretry = 10 #findtime = 600 #bantime = 10800 # # #[wp-xmlrpc] #enabled = false #action = %(action_mbu)s #filter = wp-xmlrpc #port = http,https #logpath = /var/log/apache2/ip_requests.log #maxretry = 5 #findtime = 600 #bantime = 10800 [wordpress-hard] enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s filter = wordpress-hard logpath = /var/log/auth.log maxretry = 3 findtime = 600 bantime = 10800 port = http,https [wordpress-soft] enabled = false # - Take care to allowh 'whois' requests from this mashine. Maybe # - you have configure your firewall action = %(action_mwl)s filter = wordpress-soft logpath = /var/log/auth.log maxretry = 5 findtime = 600 bantime = 10800 port = http,https