forked from pool/fail2ban
6be289add4
Updated patch information in the .changes and the spec file OBS-URL: https://build.opensuse.org/request/show/245601 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=47
257 lines
6.6 KiB
Diff
257 lines
6.6 KiB
Diff
diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf
|
|
--- fail2ban-0.8.14.orig/config/jail.conf 2014-08-19 22:23:33.000000000 +0200
|
|
+++ fail2ban-0.8.14/config/jail.conf 2014-08-20 17:39:21.428256837 +0200
|
|
@@ -80,7 +80,7 @@
|
|
enabled = false
|
|
filter = pam-generic
|
|
action = iptables-allports[name=pam,protocol=all]
|
|
-logpath = /var/log/secure
|
|
+logpath = /var/log/messages
|
|
|
|
|
|
[xinetd-fail]
|
|
@@ -97,7 +97,7 @@
|
|
filter = sshd
|
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 5
|
|
|
|
|
|
@@ -106,7 +106,7 @@
|
|
enabled = false
|
|
filter = sshd-ddos
|
|
action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 2
|
|
|
|
|
|
@@ -135,7 +135,7 @@
|
|
filter = gssftpd
|
|
action = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
|
|
sendmail-whois[name=GSSFTPd, dest=you@example.com]
|
|
-logpath = /var/log/daemon.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 6
|
|
|
|
|
|
@@ -144,7 +144,7 @@
|
|
enabled = false
|
|
filter = pure-ftpd
|
|
action = iptables[name=pureftpd, port=ftp, protocol=tcp]
|
|
-logpath = /var/log/pureftpd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 6
|
|
|
|
|
|
@@ -153,7 +153,7 @@
|
|
enabled = false
|
|
filter = wuftpd
|
|
action = iptables[name=wuftpd, port=ftp, protocol=tcp]
|
|
-logpath = /var/log/daemon.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 6
|
|
|
|
|
|
@@ -162,7 +162,7 @@
|
|
enabled = false
|
|
filter = sendmail-auth
|
|
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
|
|
-logpath = /var/log/mail.log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[sendmail-reject]
|
|
@@ -170,7 +170,7 @@
|
|
enabled = false
|
|
filter = sendmail-reject
|
|
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
|
|
-logpath = /var/log/mail.log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
# This jail forces the backend to "polling".
|
|
@@ -181,7 +181,7 @@
|
|
backend = polling
|
|
action = iptables[name=sasl, port=smtp, protocol=tcp]
|
|
sendmail-whois[name=sasl, dest=you@example.com]
|
|
-logpath = /var/log/mail.log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
# ASSP SMTP Proxy Jail
|
|
@@ -202,7 +202,7 @@
|
|
action = hostsdeny[daemon_list=sshd]
|
|
sendmail-whois[name=SSH, dest=you@example.com]
|
|
ignoreregex = for myuser from
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
|
|
|
|
# Here we use blackhole routes for not requiring any additional kernel support
|
|
@@ -212,7 +212,7 @@
|
|
enabled = false
|
|
filter = sshd
|
|
action = route
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 5
|
|
|
|
|
|
@@ -226,7 +226,7 @@
|
|
enabled = false
|
|
filter = sshd
|
|
action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 5
|
|
|
|
|
|
@@ -235,7 +235,7 @@
|
|
enabled = false
|
|
filter = sshd
|
|
action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 5
|
|
|
|
|
|
@@ -329,7 +329,7 @@
|
|
enabled = false
|
|
filter = cyrus-imap
|
|
action = iptables-multiport[name=cyrus-imap,port="143,993"]
|
|
-logpath = /var/log/mail*log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[courierlogin]
|
|
@@ -337,7 +337,7 @@
|
|
enabled = false
|
|
filter = courierlogin
|
|
action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
|
|
-logpath = /var/log/mail*log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[couriersmtp]
|
|
@@ -345,7 +345,7 @@
|
|
enabled = false
|
|
filter = couriersmtp
|
|
action = iptables-multiport[name=couriersmtp,port="25,465,587"]
|
|
-logpath = /var/log/mail*log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[qmail-rbl]
|
|
@@ -361,7 +361,7 @@
|
|
enabled = false
|
|
filter = sieve
|
|
action = iptables-multiport[name=sieve,port="25,465,587"]
|
|
-logpath = /var/log/mail*log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
# Do not ban anybody. Just report information about the remote host.
|
|
@@ -396,7 +396,8 @@
|
|
filter = apache-badbots
|
|
action = iptables-multiport[name=BadBots, port="http,https"]
|
|
sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
|
|
-logpath = /var/www/*/logs/access_log
|
|
+logpath = /var/log/apache/access_log
|
|
+ /var/log/apache2/*/access_log
|
|
bantime = 172800
|
|
maxretry = 1
|
|
|
|
@@ -466,7 +467,7 @@
|
|
enabled = false
|
|
action = iptables-multiport[name=php-url-open, port="http,https"]
|
|
filter = php-url-fopen
|
|
-logpath = /var/www/*/logs/access_log
|
|
+logpath = /var/log/apache/access_log
|
|
maxretry = 1
|
|
|
|
|
|
@@ -500,7 +501,7 @@
|
|
filter = sshd
|
|
action = ipfw[localhost=192.168.0.1]
|
|
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
|
|
-logpath = /var/log/auth.log
|
|
+logpath = /var/log/messages
|
|
ignoreip = 168.192.0.1
|
|
|
|
|
|
@@ -531,7 +532,7 @@
|
|
filter = named-refused
|
|
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
|
|
sendmail-whois[name=Named, dest=you@example.com]
|
|
-logpath = /var/log/named/security.log
|
|
+logpath = /var/lib/named/log/security.log
|
|
ignoreip = 168.192.0.1
|
|
|
|
|
|
@@ -601,7 +602,7 @@
|
|
filter = mysqld-auth
|
|
action = iptables[name=mysql, port=3306, protocol=tcp]
|
|
sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
|
|
-logpath = /var/log/mysqld.log
|
|
+logpath = /var/log/mysql/mysqld.log
|
|
maxretry = 5
|
|
|
|
|
|
@@ -610,7 +611,7 @@
|
|
enabled = false
|
|
filter = mysqld-auth
|
|
action = iptables[name=mysql, port=3306, protocol=tcp]
|
|
-logpath = /var/log/daemon.log
|
|
+logpath = /var/log/mysql/mysqld.log
|
|
maxretry = 5
|
|
|
|
|
|
@@ -637,7 +638,7 @@
|
|
enabled = false
|
|
filter = sshd
|
|
action = pf
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 5
|
|
|
|
|
|
@@ -723,7 +724,7 @@
|
|
enabled = false
|
|
filter = dovecot
|
|
action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
|
|
-logpath = /var/log/mail.log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[dovecot-auth]
|
|
@@ -731,7 +732,7 @@
|
|
enabled = false
|
|
filter = dovecot
|
|
action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
|
|
-logpath = /var/log/secure
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[solid-pop3d]
|
|
@@ -739,7 +740,7 @@
|
|
enabled = false
|
|
filter = solid-pop3d
|
|
action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
|
|
-logpath = /var/log/mail.log
|
|
+logpath = /var/log/mail
|
|
|
|
|
|
[selinux-ssh]
|
|
@@ -761,7 +762,7 @@
|
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
|
|
blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
|
|
-logpath = /var/log/sshd.log
|
|
+logpath = /var/log/messages
|
|
maxretry = 20
|
|
|
|
|