committing changes in /etc made by "-bash"
Package changes:
This commit is contained in:
132
fail2ban/jail.conf.rpmsave
Normal file
132
fail2ban/jail.conf.rpmsave
Normal file
@@ -0,0 +1,132 @@
|
||||
# Fail2Ban jail base specification file
|
||||
#
|
||||
# HOW TO ACTIVATE JAILS:
|
||||
#
|
||||
# YOU SHOULD NOT MODIFY THIS FILE.
|
||||
#
|
||||
# It will probably be overwitten or improved in a distribution update.
|
||||
#
|
||||
# Provide customizations in a jail.local file or a jail.d/customisation.local.
|
||||
# For example to change the default bantime for all jails and to enable the
|
||||
# ssh-iptables jail the following (uncommented) would appear in the .local file.
|
||||
# See man 5 jail.conf for details.
|
||||
#
|
||||
# [DEFAULT]
|
||||
# bantime = 3600
|
||||
#
|
||||
# [ssh-iptables]
|
||||
# enabled = true
|
||||
|
||||
|
||||
|
||||
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
|
||||
|
||||
# The DEFAULT allows a global definition of the options. They can be overridden
|
||||
# in each jail afterwards.
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
|
||||
# ban a host which matches an address in this list. Several addresses can be
|
||||
# defined using space separator.
|
||||
ignoreip = 127.0.0.1/8
|
||||
|
||||
# "bantime" is the number of seconds that a host is banned.
|
||||
bantime = 600
|
||||
|
||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||
# seconds.
|
||||
findtime = 600
|
||||
|
||||
# "maxretry" is the number of failures before a host get banned.
|
||||
maxretry = 3
|
||||
|
||||
# "backend" specifies the backend used to get files modification.
|
||||
# Available options are "pyinotify", "gamin", "polling" and "auto".
|
||||
# This option can be overridden in each jail as well.
|
||||
#
|
||||
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
|
||||
# If pyinotify is not installed, Fail2ban will use auto.
|
||||
# gamin: requires Gamin (a file alteration monitor) to be installed.
|
||||
# If Gamin is not installed, Fail2ban will use auto.
|
||||
# polling: uses a polling algorithm which does not require external libraries.
|
||||
# auto: will try to use the following backends, in order:
|
||||
# pyinotify, gamin, polling.
|
||||
backend = auto
|
||||
|
||||
# "usedns" specifies if jails should trust hostnames in logs,
|
||||
# warn when DNS lookups are performed, or ignore all hostnames in logs
|
||||
#
|
||||
# yes: if a hostname is encountered, a DNS lookup will be performed.
|
||||
# warn: if a hostname is encountered, a DNS lookup will be performed,
|
||||
# but it will be logged as a warning.
|
||||
# no: if a hostname is encountered, will not be used for banning,
|
||||
# but it will be logged as info.
|
||||
usedns = no
|
||||
|
||||
|
||||
# This jail corresponds to the standard configuration in Fail2ban.
|
||||
# The mail-whois action send a notification e-mail with a whois request
|
||||
# in the body.
|
||||
|
||||
[ssh]
|
||||
|
||||
enabled = false
|
||||
filter = sshd
|
||||
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
||||
logpath = /var/log/secure
|
||||
maxretry = 5
|
||||
|
||||
|
||||
# Jail for more extended banning of persistent abusers
|
||||
# !!! WARNING !!!
|
||||
# Make sure that your loglevel specified in fail2ban.conf/.local
|
||||
# is not at DEBUG level -- which might then cause fail2ban to fall into
|
||||
# an infinite loop constantly feeding itself with non-informative lines
|
||||
[recidive]
|
||||
enabled = false
|
||||
filter = recidive
|
||||
logpath = /var/log/fail2ban.log
|
||||
action = iptables-allports[name=recidive]
|
||||
bantime = 604800 ; 1 week
|
||||
findtime = 86400 ; 1 day
|
||||
maxretry = 5
|
||||
|
||||
[named-tcp]
|
||||
enabled = false
|
||||
port = domain,953
|
||||
protocol = tcp
|
||||
action = iptables-multiport[name=named, port="53,953" protocol=tcp]
|
||||
filter = named-refused
|
||||
logpath = /var/named/data/security.log
|
||||
|
||||
[named-udp]
|
||||
enabled = false
|
||||
port = domain,953
|
||||
protocol = udp
|
||||
action = iptables-multiport[name=named, port="53,953" protocol=udp]
|
||||
filter = named-refused
|
||||
logpath = /var/named/data/security.log
|
||||
|
||||
[vsftpd]
|
||||
enabled = false
|
||||
filter = vsftpd
|
||||
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
|
||||
logpath = /var/log/vsftpd.log
|
||||
maxretry = 3
|
||||
|
||||
[ngx-botsearch]
|
||||
enabled = false
|
||||
filter = nginx-botsearch
|
||||
action = iptables-multiport[name=ngxbotsearch, port="http,https", protocol=tcp]
|
||||
logpath = /var/log/nginx/*.error.log
|
||||
maxretry = 10
|
||||
|
||||
[php-url-fopen]
|
||||
enabled = false
|
||||
protocol = tcp
|
||||
filter = php-url-fopen
|
||||
action = iptables-multiport[name=php-url-fopen, port"http,https", protocol=tcp]
|
||||
logpath = /var/log/nginx/*.access.log
|
||||
maxretry = 3
|
||||
|
||||
Reference in New Issue
Block a user