From 856cbf6e1c8b217c0ed9bc72768c2c92d4307abb Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Tue, 21 May 2019 06:10:39 -0600 Subject: [PATCH] Update page '6. jail.local' --- 6.-jail.local.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/6.-jail.local.md b/6.-jail.local.md index cafbd2a..abe0dec 100644 --- a/6.-jail.local.md +++ b/6.-jail.local.md @@ -37,6 +37,37 @@ findtime = 1200 Again, this will be up to you to determine what is appropriate for your environment and users. Remember that invididual jails can override these defaults. +## Actions + +### Notification options + +If you choose actions that involve sending email notifications, you need to let F2B know where to send those emails and who should send them. It's pretty straightforward, so this is the general setup: + +```ini +destemail = account@domain.tld +sender = thismachine@domain.tld +mta = sendmail +``` + +The '*mta*' field is very likely correct for your system but, if you are using a different MTA, you'll want to specify that here. + +**NOTE: If you want a simple way to have your server send notifications via email without setting up a full MTA, [check out my article here](https://mytechiethoughts.com/simple-way-to-get-email-notifications-from-a-linux-server/) on using msmtp and get it up and running in about 5 minutes!** + +### Shortcuts + +This is where you tell F2B exactly what to do when it finds a reason to ban a system based on the jail configuration. Again, individual jails can override these settings. The settings are defined backwards (IMHO) in this file, so I'll take a second to explain. + +'*action*' is performed each time a system should be banned. There are several predefined actions listed in the *jail.conf* file which you can use and are often sufficient for most setups. Read the comments in that file to understand what each predefined action does. In my case, I like getting an email along with a few lines from the log telling me what they did to get banned. + +Within '*action*' is '*banaction*' which is a link over to a specific configuration file telling F2B what to do on the system to enforce the ban. In this setup, we direct F2B to look at the ufw.conf file to see how to modify UFW's rules so it drops packets from the offending system. [Details on that file are found later in this document](insert link here). + +The general setup as described above is as follows: + +```ini +banaction = ufw +action = %(action_mwl)s +``` + ## Other settings There are many other options you can configure, but the defaults are pretty good in nearly all cases. That’s why I only change these settings. Review the comments in the *jail.conf* file for details on all settings.