zira-etc/fail2ban/jail.conf

# Fail2Ban jail base specification file
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwitten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [ssh-iptables]
# enabled = true



# Comments: use '#' for comment lines and ';' (following a space) for inline comments

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#              If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#              If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# auto:      will try to use the following backends, in order:
#              pyinotify, gamin, polling.
backend = auto

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a DNS lookup will be performed.
# warn:  if a hostname is encountered, a DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
usedns = no


# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh]

enabled  = false
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/secure
maxretry = 5


# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local
#   is not at DEBUG level -- which might then cause fail2ban to fall into
#   an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
action   = iptables-allports[name=recidive]
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
maxretry = 5

[named-tcp]
enabled  = false
port     = domain,953
protocol = tcp
action   = iptables-multiport[name=named, port="53,953" protocol=tcp]
filter   = named-refused
logpath  = /var/named/data/security.log

[named-udp]
enabled  = false
port     = domain,953
protocol = udp
action   = iptables-multiport[name=named, port="53,953" protocol=udp]
filter   = named-refused
logpath  = /var/named/data/security.log

[vsftpd]
enabled  = false
filter   = vsftpd
action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath  = /var/log/vsftpd.log
maxretry = 3

[ngx-botsearch]
enabled = false
filter = nginx-botsearch
action = iptables-multiport[name=ngxbotsearch, port="http,https", protocol=tcp]
logpath = /var/log/nginx/*.error.log
maxretry = 10

[php-url-fopen]
enabled = false
protocol = tcp
filter = php-url-fopen
action = iptables-multiport[name=php-url-fopen, port"http,https", protocol=tcp]
logpath = /var/log/nginx/*.access.log
maxretry = 3