81 lines
3.7 KiB
Plaintext
81 lines
3.7 KiB
Plaintext
################################################################################
|
|
########## jail.local managed by Puppet ##########
|
|
########## manual changes will be overwritten !!! ##########
|
|
################################################################################
|
|
########## full reference available under ##########
|
|
########## https://confdroid.com/2017/08/fail2ban-jail-conf/ ##########
|
|
################################################################################
|
|
|
|
[INCLUDES]
|
|
|
|
before = paths-<%= @fn_jail_paths %>.conf
|
|
|
|
[DEFAULT]
|
|
ignoreip = <%= @fn_ignoreip %>
|
|
ignorecommand = <%= @fn_ignorecommand %>
|
|
bantime = <%= @fn_bantime %>
|
|
findtime = <%= @fn_findtime %>
|
|
maxretry = <%= @fn_maxretry %>
|
|
backend = <%= @fn_backend %>
|
|
usedns = <%= @fn_usedns %>
|
|
logencoding = <%= @fn_logencoding %>
|
|
enabled = <%= @fn_enabled %>
|
|
filter = <%= @fn_enabled %>
|
|
destemail = <%= @fn_destemail %>
|
|
sender = <%= @fn_sender %>
|
|
mta = <%= @fn_sender %>
|
|
protocol = <%= @fn_protocol %>
|
|
chain = <%= @fn_chain %>
|
|
port = <%= @fn_port %>
|
|
fail2ban_agent = <%= @fn_fail2ban_agent %>
|
|
banaction = <%= @fn_banaction %>
|
|
banaction_allports = <%= @fn_banaction_allports %>
|
|
|
|
action_ = <%= @fn_action_ %>
|
|
action_mw = <%= @fn_action_mw %>
|
|
|
|
# ban & send an e-mail with whois report and relevant log lines
|
|
# to the destemail.
|
|
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
|
|
|
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
|
|
#
|
|
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
|
|
# to the destemail.
|
|
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
|
|
|
|
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
|
|
# to the destemail.
|
|
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
|
|
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
|
|
|
# Report block via blocklist.de fail2ban reporting service API
|
|
#
|
|
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
|
|
# use this action. Create a file jail.d/blocklist_de.local containing
|
|
# [Init]
|
|
# blocklist_de_apikey = {api key from registration]
|
|
#
|
|
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
|
|
|
|
# Report ban via badips.com, and use as blacklist
|
|
#
|
|
# See BadIPsAction docstring in config/action.d/badips.py for
|
|
# documentation for this action.
|
|
#
|
|
# NOTE: This action relies on banaction being present on start and therefore
|
|
# should be last action defined for a jail.
|
|
#
|
|
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
|
|
#
|
|
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
|
|
#
|
|
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
|
|
|
|
# Choose default action. To change, just override value of 'action' with the
|
|
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
|
|
# globally (section [DEFAULT]) or per specific section
|
|
action = %(action_)s
|