Added fail2ban Config files
This commit is contained in:
Bram Prieshof
19
config/fail2ban/filter-vsftpd.local
Normal file
19
config/fail2ban/filter-vsftpd.local
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
# Fail2Ban filter for vsftp
|
||||||
|
#
|
||||||
|
# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
|
||||||
|
# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
|
||||||
|
# incoming ip address rather than domain names.
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
|
||||||
|
_daemon = vsftpd
|
||||||
|
|
||||||
|
failregex = ^%(__prefix_line)s%(__pam_re)s\s+Permission denied; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
||||||
|
^ \[pid \d+\] \[.+\]\s+FTP response: Client "::ffff:<HOST>",\s*"530 Permission denied\."\s*$
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
6
config/fail2ban/jail-vsftp.local
Normal file
6
config/fail2ban/jail-vsftp.local
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
[vsftpd]
|
||||||
|
enabled = true
|
||||||
|
port = ftp,ftp-data,ftps,ftps-data
|
||||||
|
logpath = %(vsftpd_log)s
|
||||||
|
maxretry = 5
|
||||||
|
bantime = 60m
|
||||||
52
config/fail2ban/jail.local
Normal file
52
config/fail2ban/jail.local
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
# External command that will take an tagged arguments to ignore, e.g. <ip>,
|
||||||
|
# and return true if the IP is to be ignored. False otherwise.
|
||||||
|
#
|
||||||
|
# ignorecommand = /path/to/command <ip>
|
||||||
|
ignorecommand =
|
||||||
|
|
||||||
|
# "bantime" is the number of seconds that a host is banned.
|
||||||
|
bantime = 10m
|
||||||
|
|
||||||
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||||
|
# seconds.
|
||||||
|
findtime = 10m
|
||||||
|
|
||||||
|
# "maxretry" is the number of failures before a host get banned.
|
||||||
|
maxretry = 5
|
||||||
|
|
||||||
|
backend = auto
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# ACTIONS
|
||||||
|
#
|
||||||
|
|
||||||
|
# Some options used for actions
|
||||||
|
|
||||||
|
# Destination email address used solely for the interpolations in
|
||||||
|
# jail.{conf,local,d/*} configuration files.
|
||||||
|
destemail = root@localhost
|
||||||
|
|
||||||
|
# Sender email address used solely for some actions
|
||||||
|
sender = root@<fq-hostname>
|
||||||
|
|
||||||
|
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
|
||||||
|
# mailing. Change mta configuration parameter to mail if you want to
|
||||||
|
# revert to conventional 'mail'.
|
||||||
|
mta = sendmail
|
||||||
|
|
||||||
|
# Default protocol
|
||||||
|
protocol = tcp
|
||||||
|
|
||||||
|
# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
|
||||||
|
chain = <known/chain>
|
||||||
|
|
||||||
|
# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
|
||||||
|
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
|
||||||
|
|
||||||
|
#
|
||||||
|
# Action shortcuts. To be used to define action parameter
|
||||||
|
|
||||||
|
banaction = ufw
|
||||||
|
banaction_allports = ufw
|
||||||
Reference in New Issue
Block a user