Attachment 148856 Details for Bug 230191 – Configuration file

Configuration file

fail2ban.conf (text/plain), 9.13 KB, created by Jonathan Underwood on 2007-02-27 11:14:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jonathan Underwood

Created: 2007-02-27 11:14:51 UTC

Size: 9.13 KB

patch

obsolete

># Fail2Ban configuration file
>#
># $Revision: 484 $
>#
># 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
>
>[DEFAULT]
># Option:  background
># Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
># Values:  [true | false]  Default:  false
>#
>background = false
>
># Option:  locale
># Notes.:  global (cannot be redefined per section) locale to use for
>#          timestamp pattern matching by changing LC_TIME for
>#          fail2ban process. Empty entry sets locale to default one
>#          (usually specified by LC_ALL environment variable).
># Values:  LOCALE  Default:
>#
>locale = 
>
># Option:  logtargets
># Notes.:  log targets. Space separated list of logging targets.
># Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
>#
>logtargets = /var/log/fail2ban.log
>
># Option:  syslog-target
># Notes.:  where to find syslog facility if logtarget SYSLOG.
># Values:  SOCKET HOST HOST:PORT  Default: /dev/log
>#
>syslog-target = /dev/log
>
># Option:  syslog-facility
># Notes.:  which syslog facility to use if logtarget SYSLOG.
># Values:  NUM  Default: 1
>#
>syslog-facility = 1
>
># Option:  pidlock
># Notes.:  path of the PID lock file (must be able to write to file).
># Values:  FILE  Default:  /var/run/fail2ban.pid
>#
>pidlock = /var/run/fail2ban.pid
>
># Option:  maxfailures
># Notes.:  number of failures before IP gets banned.
># Values:  NUM  Default:  5
>#
>maxfailures = 5
>
># Option:  bantime
># Notes.:  number of seconds an IP will be banned. If set to a negative
>#          value, IP will never be unbanned (permanent banning).
># Values:  NUM  Default:  600
>#
>bantime = -600
>
># Option:  findtime
># Notes.:  lifetime in seconds of a "failed" log entry.
># Values:  NUM  Default:  600
>#
>findtime = 600
>
># Option:  ignoreip
># Notes.:  space separated list of IP's to be ignored by fail2ban.
>#          You can use CIDR mask in order to specify a range.
>#          Example:  ignoreip = 192.168.0.1/24 123.45.235.65
># Values:  IP  Default:  
>#
>ignoreip = 
>
># Option:  cmdstart
># Notes.:  command executed once at the start of Fail2Ban
># Values:  CMD  Default:
>#
>cmdstart = 
>
># Option:  cmdend
># Notes.:  command executed once at the end of Fail2Ban.
># Values:  CMD  Default:
>#
>cmdend = 
>
># Option:  polltime
># Notes.:  number of seconds fail2ban sleeps between iterations.
># Values:  NUM  Default:  1
>#
>polltime = 1
>
># Option:  reinittime
># Notes.:  minimal number of seconds between the re-initialization of
>#          firewalls due to external changes in their rules (see fwcheck)
># Values:  NUM  Default:  100
>#
>reinittime = 10
>
># Option:  maxreinits
># Notes.:  maximal number of re-initialization of firewalls due to external
>#          changes. -1 stays for infinite, so only reinittime is of importance
># Values:  NUM  Default:  -1
>#
>maxreinits = -1
>
># NOTE: Interpolations
>#
># fwstart, as well as fwend, fwcheck, fwban, fwunban, use interpolations
># so %(__name__)s  will be substituted by a name of each section
># (unless the option is overriden in a section).
># If you are going to use interpolations in your setup, please make
># sure that you specified options port and protocol (which also has
># an option in DEFAULT).
>#
>
># Option:  fwban
># Notes.:  command executed when banning an IP. Take care that the
>#          command is executed with Fail2Ban user rights.
># Tags:    <ip>  IP address
>#          <failures>  number of failures
>#          <failtime>  unix timestamp of the last failure
>#          <bantime>  unix timestamp of the ban time
># Values:  CMD
># Default: iptables -I INPUT 1 -s <ip> -j DROP
>#
>fwban = shorewall drop <ip>
>
># Option:  fwunban
># Notes.:  command executed when unbanning an IP. Take care that the
>#          command is executed with Fail2Ban user rights.
># Tags:    <ip>  IP address
>#          <bantime>  unix timestamp of the ban time
>#          <unbantime>  unix timestamp of the unban time
># Values:  CMD
># Default: iptables -D INPUT -s <ip> -j DROP
>#
>fwunban = shorewall allow <ip>
>
>[MAIL]
># Option:  enabled
># Notes.:  enable mail notification when banning an IP address.
># Values:  [true | false]  Default:  false
>#
>enabled = false
>
># Option:  host
># Notes.:  host running the mail server.
># Values:  STR  Default:  localhost
>#
>host = localhost
>
># Option:  port
># Notes.:  port of the mail server.
># Values:  INT  Default:  25
>#
>port = 25
>
># Option:  user
># Notes.:  the username for smtp-server if authentification is required.
>#          if user is empty, no authentification is done.
># Values:  STR  Default:  
>#
>user = 
>
># Option:  password
># Notes.:  the smtp-user's password if authentification is required.
># Values:  STR  Default:  
>#
>password = 
>
># Option:  from
># Notes.:  e-mail address of the sender.
># Values:  MAIL  Default:  fail2ban
>#
>from = fail2ban
>
># Option:  to
># Notes.:  e-mail addresses of the receiver. Addresses are space
>#          separated.
># Values:  MAIL  Default:  root
>#
>to = root
>
># Option:  localtime
># Notes.:  report local time (including timezone) or GMT
># Values:  [true | false]  Default:  false
>#
>localtime = true
>
># Option:  subject
># Notes.:  subject of the e-mail.
># Tags:    <section> active section (eg ssh, apache, etc)
>#          <ip>  IP address
>#          <failures>  number of failures
>#          <failtime>  unix timestamp of the last failure
># Values:  TEXT  Default:  [Fail2Ban] <section>: Banned <ip>
>#
>subject = [Fail2Ban] <section>: Banned <ip>
>
># Option:  message
># Notes.:  message of the e-mail.
># Tags:    <section> active section (eg ssh, apache, etc)
>#          <ip>  IP address
>#          <failures>  number of failures
>#          <failtime>  unix timestamp of the last failure
>#          <br>  new line
># Values:  TEXT  Default:
>#
>message = Hi,<br>
>          The IP <ip> has just been banned by Fail2Ban after
>          <failures> attempts against <section>.<br>
>          Regards,<br>
>          Fail2Ban
>
># You can define a new section for each log file to check for
># password failure. Each section has to define the following
># options: logfile, fwban, fwunban, timeregex, timepattern,
># failregex.
>
>
>[Apache]
># Option:  enabled
># Notes.:  enable monitoring for this section.
># Values:  [true | false]  Default:  false
>#
>enabled = false
>
># Option:  logfile
># Notes.:  logfile to monitor.
># Values:  FILE  Default:  /var/log/httpd/access_log
>#
>logfile = /var/log/httpd/access_log
>
># Option:  timeregex
># Notes.:  regex to match timestamp in Apache logfile. For TAI64N format,
>#          use timeregex = @[0-9a-f]{24}
># Values:  [Wed Jan 05 15:08:01 2005]
># Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
>#
>timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
>
># Option:  timepattern
># Notes.:  format used in "timeregex" fields definition. Note that '%' must be
>#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
>#          For TAI64N format, use timepattern = tai64n
># Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
>#
>timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
>
># Option:  failregex
># Notes.:  regex to match the password failure messages in the logfile.
># Values:  TEXT  Default:  authentication failure|user .* not found
>#
>failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
>
>
>[VSFTPD]
># Option: enabled
># Notes.: enable monitoring for this section.
># Values: [true | false] Default: false
>#
>enabled = false
>
># Option: logfile
># Notes.: logfile to monitor.
># Values: FILE Default: /var/log/secure
>#
>logfile = /var/log/vsftpd.log
>
># Option: timeregex
># Notes.: regex to match timestamp in VSFTPD logfile.
># Values: [Mar 7 17:53:28]
># Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
>#
>timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
>
># Option: timepattern
># Notes.: format used in "timeregex" fields definition. Note that '%' must be
># escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
># Values: TEXT Default: %%b %%d %%H:%%M:%%S
>#
>timepattern = %%b %%d %%H:%%M:%%S
>
># Option: failregex
># Notes.: regex to match the password failures messages in the logfile.
># Values: TEXT Default: Authentication failure|Failed password|Invalid user
>#
>failregex = vsftpd: $pam_unix$ authentication failure; .* rhost=(?P<host>\S+)
>
>
>[SSH]
># Option:  enabled
># Notes.:  enable monitoring for this section.
># Values:  [true | false]  Default:  true
>#
>enabled = true
>
># Option:  logfile
># Notes.:  logfile to monitor.
># Values:  FILE  Default:  /var/log/secure
>#
>logfile = /var/log/secure
>
># Option:  timeregex
># Notes.:  regex to match timestamp in SSH logfile. For TAI64N format,
>#          use timeregex = @[0-9a-f]{24}
># Values:  [Mar  7 17:53:28]
># Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
>#
>timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
>
># Option:  timepattern
># Notes.:  format used in "timeregex" fields definition. Note that '%' must be
>#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
>#          For TAI64N format, use timepattern = tai64n
># Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
>#
>timepattern = %%b %%d %%H:%%M:%%S
>
># Option:  failregex
># Notes.:  regex to match the password failures messages in the logfile.
># Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
>#
>failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

Actions: View

Attachments on bug 230191: 148856 | 160888 | 299356