Added fail2ban Config files
This commit is contained in:
Bram Prieshof
19
config/fail2ban/filter-vsftpd.local
Normal file
19
config/fail2ban/filter-vsftpd.local
Normal file
@@ -0,0 +1,19 @@
|
||||
# Fail2Ban filter for vsftp
|
||||
#
|
||||
# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
|
||||
# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
|
||||
# incoming ip address rather than domain names.
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
|
||||
_daemon = vsftpd
|
||||
|
||||
failregex = ^%(__prefix_line)s%(__pam_re)s\s+Permission denied; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
||||
^ \[pid \d+\] \[.+\]\s+FTP response: Client "::ffff:<HOST>",\s*"530 Permission denied\."\s*$
|
||||
ignoreregex =
|
||||
|
||||
6
config/fail2ban/jail-vsftp.local
Normal file
6
config/fail2ban/jail-vsftp.local
Normal file
@@ -0,0 +1,6 @@
|
||||
[vsftpd]
|
||||
enabled = true
|
||||
port = ftp,ftp-data,ftps,ftps-data
|
||||
logpath = %(vsftpd_log)s
|
||||
maxretry = 5
|
||||
bantime = 60m
|
||||
52
config/fail2ban/jail.local
Normal file
52
config/fail2ban/jail.local
Normal file
@@ -0,0 +1,52 @@
|
||||
# External command that will take an tagged arguments to ignore, e.g. <ip>,
|
||||
# and return true if the IP is to be ignored. False otherwise.
|
||||
#
|
||||
# ignorecommand = /path/to/command <ip>
|
||||
ignorecommand =
|
||||
|
||||
# "bantime" is the number of seconds that a host is banned.
|
||||
bantime = 10m
|
||||
|
||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||
# seconds.
|
||||
findtime = 10m
|
||||
|
||||
# "maxretry" is the number of failures before a host get banned.
|
||||
maxretry = 5
|
||||
|
||||
backend = auto
|
||||
|
||||
|
||||
|
||||
#
|
||||
# ACTIONS
|
||||
#
|
||||
|
||||
# Some options used for actions
|
||||
|
||||
# Destination email address used solely for the interpolations in
|
||||
# jail.{conf,local,d/*} configuration files.
|
||||
destemail = root@localhost
|
||||
|
||||
# Sender email address used solely for some actions
|
||||
sender = root@<fq-hostname>
|
||||
|
||||
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
|
||||
# mailing. Change mta configuration parameter to mail if you want to
|
||||
# revert to conventional 'mail'.
|
||||
mta = sendmail
|
||||
|
||||
# Default protocol
|
||||
protocol = tcp
|
||||
|
||||
# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
|
||||
chain = <known/chain>
|
||||
|
||||
# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
|
||||
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
|
||||
|
||||
#
|
||||
# Action shortcuts. To be used to define action parameter
|
||||
|
||||
banaction = ufw
|
||||
banaction_allports = ufw
|
||||
Reference in New Issue
Block a user