위키
포럼
도구
바뀐글
랜덤

/etc/fail2ban/fail2ban.conf

Jmnote (토론 | 기여)님의 2013년 11월 27일 (수) 01:03 판 (→‎0.8.11 기본값)
/etc/fail2ban/fail2ban.conf

1 0.8.11 기본값

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 600
findtime  = 600
maxretry = 3
backend = auto
usedns = warn
[ssh-iptables]
enabled  = false
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath  = /var/log/sshd.log
maxretry = 5
[proftpd-iptables]
enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 6
[sasl-iptables]
enabled  = false
filter   = postfix-sasl
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, dest=you@example.com]
logpath  = /var/log/mail.log
[assp]
enabled = false
filter  = assp
action  = iptables-multiport[name=assp,port="25,465,587"]
logpath = /root/path/to/assp/logs/maillog.txt
[ssh-tcpwrapper]
enabled     = false
filter      = sshd
action      = hostsdeny[daemon_list=sshd]
              sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath     = /var/log/sshd.log
[ssh-route]
enabled  = false
filter   = sshd
action   = route
logpath  = /var/log/sshd.log
maxretry = 5
[ssh-iptables-ipset4]
enabled  = false
filter   = sshd
action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/sshd.log
maxretry = 5
[ssh-iptables-ipset6]
enabled  = false
filter   = sshd
action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
logpath  = /var/log/sshd.log
maxretry = 5
[ssh-bsd-ipfw]
enabled  = false
filter   = sshd
action   = bsd-ipfw[port=ssh,table=1]
logpath  = /var/log/auth.log
maxretry = 5
[apache-tcpwrapper]
enabled  = false
filter	 = apache-auth
action   = hostsdeny
logpath  = /var/log/apache*/*error.log
           /home/www/myhomepage/error.log
maxretry = 6
[nginx-http-auth]
enabled = false
filter  = nginx-http-auth
action  = iptables-multiport[name=nginx-http-auth,port="80,443"]
logpath = /var/log/nginx/error.log
[postfix-tcpwrapper]
enabled  = false
filter   = postfix
action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
           sendmail[name=Postfix, dest=you@example.com]
logpath  = /var/log/postfix.log
bantime  = 300
[vsftpd-notification]
enabled  = false
filter   = vsftpd
action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800
[vsftpd-iptables]
enabled  = false
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800
[apache-badbots]
enabled  = false
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath  = /var/www/*/logs/access_log
bantime  = 172800
maxretry = 1
[apache-shorewall]
enabled  = false
filter   = apache-noscript
action   = shorewall
           sendmail[name=Postfix, dest=you@example.com]
logpath  = /var/log/apache2/error_log
[roundcube-iptables]
enabled  = false
filter   = roundcube-auth
action   = iptables-multiport[name=RoundCube, port="http,https"]
logpath  = /var/log/roundcube/userlogins
[sogo-iptables]
enabled  = false
filter   = sogo-auth
action   = iptables-multiport[name=SOGo, port="http,https"]
logpath  = /var/log/sogo/sogo.log
[php-url-fopen]
enabled  = false
action   = iptables-multiport[name=php-url-open, port="http,https"]
filter   = php-url-fopen
logpath  = /var/www/*/logs/access_log
maxretry = 1
[suhosin]
enabled  = false
filter   = suhosin
action   = iptables-multiport[name=suhosin, port="http,https"]
logpath  = /var/log/lighttpd/error.log
maxretry = 2
[lighttpd-auth]
enabled  = false
filter   = lighttpd-auth
action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
logpath  = /var/log/lighttpd/error.log
maxretry = 2
[ssh-ipfw]
enabled  = false
filter   = sshd
action   = ipfw[localhost=192.168.0.1]
           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath  = /var/log/auth.log
ignoreip = 168.192.0.1
[named-refused-tcp]
enabled  = false
filter   = named-refused
action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
           sendmail-whois[name=Named, dest=you@example.com]
logpath  = /var/log/named/security.log
ignoreip = 168.192.0.1
[asterisk]
enabled  = false
filter   = asterisk
action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
           iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10
[asterisk-tcp]
enabled  = false
filter   = asterisk
action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10
[asterisk-udp]
enabled  = false
filter	 = asterisk
action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath  = /var/log/asterisk/messages
maxretry = 10
[mysqld-iptables]
enabled  = false
filter   = mysqld-auth
action   = iptables[name=mysql, port=3306, protocol=tcp]
           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/mysqld.log
maxretry = 5
[mysqld-syslog-iptables]
enabled  = false
filter   = mysqld-auth
action   = iptables[name=mysql, port=3306, protocol=tcp]
logpath  = /var/log/daemon.log
maxretry = 5
[recidive]
enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
action   = iptables-allports[name=recidive]
           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
maxretry = 5
[ssh-pf]
enabled  = false
filter   = sshd
action   = pf
logpath  = /var/log/sshd.log
maxretry = 5
[3proxy]
enabled = false
filter  = 3proxy
action  = iptables[name=3proxy, port=3128, protocol=tcp]
logpath = /var/log/3proxy.log
[exim]
enabled = false
filter  = exim
action  = iptables-multiport[name=exim,port="25,465,587"]
logpath = /var/log/exim/mainlog
[exim-spam]
enabled = false
filter  = exim-spam
action  = iptables-multiport[name=exim-spam,port="25,465,587"]
logpath = /var/log/exim/mainlog
[perdition]
enabled = false
filter  = perdition
action  = iptables-multiport[name=perdition,port="110,143,993,995"]
logpath = /var/log/maillog
[uwimap-auth]
enabled = false
filter  = uwimap-auth
action  = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
logpath = /var/log/maillog
[osx-ssh-ipfw]
enabled  = false
filter   = sshd
action   = osx-ipfw
logpath  = /var/log/secure.log
maxretry = 5
[ssh-apf]
enabled = false
filter  = sshd
action  = apf[name=SSH]
logpath = /var/log/secure
maxretry = 5
[osx-ssh-afctl]
enabled  = false
filter   = sshd
action   = osx-afctl[bantime=600]
logpath  = /var/log/secure.log
maxretry = 5
[webmin-auth]
enabled = false
filter  = webmin-auth
action  = iptables-multiport[name=webmin,port="10000"]
logpath = /var/log/auth.log
[dovecot]
enabled = false
filter  = dovecot
action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
logpath = /var/log/mail.log
[dovecot-auth]
enabled = false
filter  = dovecot
action  = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
logpath = /var/log/secure
[selinux-ssh]
enabled = false
filter  = selinux-ssh
action  = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
logpath  = /var/log/audit/audit.log
maxretry = 5

2 같이 보기

원본 주소 "https://zetawiki.com/w/index.php?title=/etc/fail2ban/fail2ban.conf&oldid=45861"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}