diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf --- fail2ban-0.8.14.orig/config/jail.conf 2014-08-19 22:23:33.000000000 +0200 +++ fail2ban-0.8.14/config/jail.conf 2014-08-20 17:39:21.428256837 +0200 @@ -80,7 +80,7 @@ enabled = false filter = pam-generic action = iptables-allports[name=pam,protocol=all] -logpath = /var/log/secure +logpath = /var/log/messages [xinetd-fail] @@ -97,7 +97,7 @@ filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -106,7 +106,7 @@ enabled = false filter = sshd-ddos action = iptables[name=SSHDDOS, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 2 @@ -135,7 +135,7 @@ filter = gssftpd action = iptables[name=GSSFTPd, port=ftp, protocol=tcp] sendmail-whois[name=GSSFTPd, dest=you@example.com] -logpath = /var/log/daemon.log +logpath = /var/log/messages maxretry = 6 @@ -144,7 +144,7 @@ enabled = false filter = pure-ftpd action = iptables[name=pureftpd, port=ftp, protocol=tcp] -logpath = /var/log/pureftpd.log +logpath = /var/log/messages maxretry = 6 @@ -153,7 +153,7 @@ enabled = false filter = wuftpd action = iptables[name=wuftpd, port=ftp, protocol=tcp] -logpath = /var/log/daemon.log +logpath = /var/log/messages maxretry = 6 @@ -162,7 +162,7 @@ enabled = false filter = sendmail-auth action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [sendmail-reject] @@ -170,7 +170,7 @@ enabled = false filter = sendmail-reject action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail # This jail forces the backend to "polling". @@ -181,7 +181,7 @@ backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=you@example.com] -logpath = /var/log/mail.log +logpath = /var/log/mail # ASSP SMTP Proxy Jail @@ -202,7 +202,7 @@ action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from -logpath = /var/log/sshd.log +logpath = /var/log/messages # Here we use blackhole routes for not requiring any additional kernel support @@ -212,7 +212,7 @@ enabled = false filter = sshd action = route -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -226,7 +226,7 @@ enabled = false filter = sshd action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -235,7 +235,7 @@ enabled = false filter = sshd action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -329,7 +329,7 @@ enabled = false filter = cyrus-imap action = iptables-multiport[name=cyrus-imap,port="143,993"] -logpath = /var/log/mail*log +logpath = /var/log/mail [courierlogin] @@ -337,7 +337,7 @@ enabled = false filter = courierlogin action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"] -logpath = /var/log/mail*log +logpath = /var/log/mail [couriersmtp] @@ -345,7 +345,7 @@ enabled = false filter = couriersmtp action = iptables-multiport[name=couriersmtp,port="25,465,587"] -logpath = /var/log/mail*log +logpath = /var/log/mail [qmail-rbl] @@ -361,7 +361,7 @@ enabled = false filter = sieve action = iptables-multiport[name=sieve,port="25,465,587"] -logpath = /var/log/mail*log +logpath = /var/log/mail # Do not ban anybody. Just report information about the remote host. @@ -396,7 +396,8 @@ filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] -logpath = /var/www/*/logs/access_log +logpath = /var/log/apache/access_log + /var/log/apache2/*/access_log bantime = 172800 maxretry = 1 @@ -466,7 +467,7 @@ enabled = false action = iptables-multiport[name=php-url-open, port="http,https"] filter = php-url-fopen -logpath = /var/www/*/logs/access_log +logpath = /var/log/apache/access_log maxretry = 1 @@ -500,7 +501,7 @@ filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=you@example.com] -logpath = /var/log/auth.log +logpath = /var/log/messages ignoreip = 168.192.0.1 @@ -531,7 +532,7 @@ filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, dest=you@example.com] -logpath = /var/log/named/security.log +logpath = /var/lib/named/log/security.log ignoreip = 168.192.0.1 @@ -601,7 +602,7 @@ filter = mysqld-auth action = iptables[name=mysql, port=3306, protocol=tcp] sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com] -logpath = /var/log/mysqld.log +logpath = /var/log/mysql/mysqld.log maxretry = 5 @@ -610,7 +611,7 @@ enabled = false filter = mysqld-auth action = iptables[name=mysql, port=3306, protocol=tcp] -logpath = /var/log/daemon.log +logpath = /var/log/mysql/mysqld.log maxretry = 5 @@ -637,7 +638,7 @@ enabled = false filter = sshd action = pf -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -723,7 +724,7 @@ enabled = false filter = dovecot action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [dovecot-auth] @@ -731,7 +732,7 @@ enabled = false filter = dovecot action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] -logpath = /var/log/secure +logpath = /var/log/mail [solid-pop3d] @@ -739,7 +740,7 @@ enabled = false filter = solid-pop3d action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [selinux-ssh] @@ -761,7 +762,7 @@ action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 20