# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 617 $ # # The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 192.168.1.4 # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". This option can be overridden in # each jail too (use "gamin" for a jail and "polling" for another). # # gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin # is not installed, Fail2ban will use polling. # polling: uses a polling algorithm which does not require external libraries. # auto: will choose Gamin if available and polling otherwise. backend = auto [ssh-iptables] enabled = true filter = sshd action = iptables-new[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=receiver@lithiumfox.com, sender=notify@lithiumfox.com] logpath = /var/log/secure maxretry = 5 [kernel-iptables] enabled = true filter = kernel action = iptables-allports[name=kernel, protocol=all] sendmail-whois[name=KERNEL, dest=k2patel@sify.com, sender=notify@test.com] logpath = /var/log/messages maxretry = 2 [proftpd-iptables] enabled = true filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] sendmail-whois[name=ProFTPD, dest=receiver@lithiumfox.com] logpath = /var/log/secure maxretry = 6 [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=receiver@lithiumfox.com] logpath = /var/log/maillog [apache-tcpwrapper] enabled = true filter = apache-auth action = hostsdeny logpath = /var/log/httpd/*error_log maxretry = 6 [postfix-tcpwrapper] enabled = true filter = postfix action = hostsdeny sendmail[name=Postfix, dest=receiver@lithiumfox.com] logpath = /var/log/maillog bantime = 300 [courierpop3] enabled = true port = pop3 filter = courierlogin action = iptables[name=%(__name__)s, port=%(port)s] logpath = /var/log/maillog maxretry = 5 [courierimap] enabled = true port = imap2 filter = courierlogin action = iptables[name=%(__name__)s, port=%(port)s] logpath = /var/log/maillog maxretry = 5 [ssh-tcpwrapper] enabled = false filter = sshd action = hostsdeny sendmail-whois[name=SSH, dest=you@mail.com] ignoreregex = for myuser from logpath = /var/log/secure [vsftpd-notification] enabled = false filter = vsftpd action = sendmail-whois[name=VSFTPD, dest=you@mail.com] logpath = /var/log/secure maxretry = 5 bantime = 1800 [vsftpd-iptables] enabled = false filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] sendmail-whois[name=VSFTPD, dest=you@mail.com] logpath = /var/log/secure maxretry = 5 bantime = 1800 [apache-badbots] enabled = false filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com] logpath = /var/log/httpd/*access_log bantime = 172800 maxretry = 1 [apache-shorewall] enabled = false filter = apache-noscript action = shorewall sendmail[name=Apache, dest=you@mail.com] logpath = /var/log/httpd/error_log [ssh-ipfw] enabled = false filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=receiver@lithiumfox.com] logpath = /var/log/secure ignoreip = 168.192.0.1 [named-refused-udp] enabled = false filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=udp] sendmail-whois[name=Named, dest=receiver@lithiumfox.com] logpath = /var/log/secure ignoreip = 168.192.0.1 [named-refused-tcp] enabled = false filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, dest=receiver@lithiumfox.com] logpath = /var/log/secure ignoreip = 168.192.0.1