Custom defaults for jails
This commit is contained in:
Asif Bacchus
parent
0507954f56
commit
38ef9c4086
66
etc/fail2ban/jail.local
Normal file
66
etc/fail2ban/jail.local
Normal file
@ -0,0 +1,66 @@
|
||||
[DEFAULT]
|
||||
|
||||
### List of IP addresses to ignore (aka NEVER ban). This is usually just the
|
||||
### localhost but could also be static IPs of admin machines that remotely
|
||||
### connect, etc.
|
||||
## You can use an IP address, CIDR mask or DNS host here. Multiple addresses
|
||||
## can be separated by a space or comma.
|
||||
## Suggest: 127.0.0.1/8 (IP4 localhost subnet) and ::1 (IP6 localhost)
|
||||
ignoreip = 127.0.0.1/8 ::1
|
||||
|
||||
### Amount of time (in seconds) than an offending system should be banned.
|
||||
## Suggest 1800 (30 min). This is long enough to discourage probe 'scripts'.
|
||||
bantime = 1800
|
||||
|
||||
### Timeframes: A system is banned if it generates 'maxretry' number of
|
||||
### connection attempts within 'findtime' seconds. This can be either, or
|
||||
### a combination of, invalid login attempts, port-probes, connections to a
|
||||
### closed port, etc.
|
||||
## Suggest: 5 attempts within 5 minutes (agressive). Some people like 20
|
||||
## within 10 min (moderate).
|
||||
maxretry = 5
|
||||
findtime = 300
|
||||
|
||||
|
||||
#
|
||||
# ACTIONS
|
||||
#
|
||||
|
||||
### The destination email address for actions that involve email notifications.
|
||||
destemail = account@domain.tld
|
||||
|
||||
### The sender email for actions that are sending emails.
|
||||
### Note: 'sendername' doesn't seem to work, it's usually overriden by the MTA.
|
||||
sender = thismachine@domain.tld
|
||||
|
||||
### The MTA to use for sending email. If you follow my standard setup as
|
||||
### outlined at https://mytechiethoughts.com, then you are probably using msmtp
|
||||
### which means you can use the default here: sendmail. MOST setups can also
|
||||
### just use the default too.
|
||||
mta = sendmail
|
||||
|
||||
|
||||
#
|
||||
# Action shortcuts
|
||||
#
|
||||
|
||||
### The action to be taken by default to ACTUALLY ban an offending system.
|
||||
### The specific jail configuration file can override the default ban action.
|
||||
### This references an action outlined in the configuration files or, more
|
||||
### likely, a configuration file in /etc/fail2ban/action.d/
|
||||
## Suggest: /etc/fail2ban/action.d/ufw.conf ('ufw', the .conf is implied)
|
||||
## assuming you are using UFW and it's enabled, of course.
|
||||
banaction = ufw
|
||||
|
||||
### This is the full command processed by Fail2Ban when banning a system.
|
||||
### For example, executing 'banaction' and then sending an email notification.
|
||||
### Thus, 'banaction' is part of the overall 'action'.
|
||||
### Defaults can be referenced in jail.conf
|
||||
### If using predefined actions, put it between the brackes like:
|
||||
### %(action_here)s
|
||||
### leaving the '%' at the beginning and the 's' at the end.
|
||||
## The most useful ones to start out with are:
|
||||
## action_ = just execute 'banaction'
|
||||
## action_mw = 'banaction' and email a whois report to destemail
|
||||
## action_mwl = 'banaction' and email a whois report & log lines to destemail
|
||||
action = %(action_mwl)s
|
||||
Loading…
Reference in New Issue
Block a user