Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 103881 Details for
Bug 143690
net-analyzer/fail2ban-0.6.0 fails to run with iptables-1.3.5-r1
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
fail2ban config file
fail2ban.conf (text/plain), 9.03 KB, created by
Andreas Korinek
on 2006-12-12 10:19:37 UTC
(
hide
)
Description:
fail2ban config file
Filename:
MIME Type:
Creator:
Andreas Korinek
Created:
2006-12-12 10:19:37 UTC
Size:
9.03 KB
patch
obsolete
># Fail2Ban configuration file ># ># $Revision: 1.9 $ ># ># 2005.06.21 modified for readability Iain Lea iain@bricbrac.de > >[DEFAULT] ># Option: background ># Notes.: start fail2ban as a daemon. Output is redirect to logfile. ># Values: [true | false] Default: false ># >background = false > ># Option: debug ># Notes.: enable debug mode. More verbose output and bypass root user test. ># Values: [true | false] Default: false ># >debug = false > ># Option: logtargets ># Notes.: log targets. Space separated list of logging targets. ># Values: STDERR SYSLOG file Default: /var/log/fail2ban.log ># >logtargets = /var/log/fail2ban.log > ># Option: syslog-target ># Notes.: where to find syslog facility if logtarget SYSLOG. ># Values: SOCKET HOST HOST:PORT Default: /dev/log ># >syslog-target = /dev/log > ># Option: syslog-facility ># Notes.: which syslog facility to use if logtarget SYSLOG. ># Values: NUM Default: 1 ># >syslog-facility = 1 > ># Option: pidlock ># Notes.: path of the PID lock file (must be able to write to file). ># Values: FILE Default: /var/run/fail2ban.pid ># >pidlock = /var/run/fail2ban.pid > ># Option: maxfailures ># Notes.: number of failures before IP gets banned. ># Values: NUM Default: 5 ># >maxfailures = 5 > ># Option: bantime ># Notes.: number of seconds an IP will be banned. ># Values: NUM Default: 600 ># >bantime = 600 > ># Option: findtime ># Notes.: lifetime in seconds of a "failed" log entry. ># Values: NUM Default: 600 ># >findtime = 600 > ># Option: ignoreip ># Notes.: space separated list of IP's to be ignored by fail2ban. ># You can use CIDR mask in order to specify a range. ># Example: ignoreip = 192.168.0.1/24 123.45.235.65 ># Values: IP Default: 192.168.0.0/16 ># >ignoreip = 192.168.0.0/16 > ># Option: cmdstart ># Notes.: command executed once at the start of Fail2Ban ># Values: CMD Default: ># >cmdstart = > ># Option: cmdend ># Notes.: command executed once at the end of Fail2Ban. ># Values: CMD Default: ># >cmdend = > ># Option: polltime ># Notes.: number of seconds fail2ban sleeps between iterations. ># Values: NUM Default: 1 ># >polltime = 1 > ># Option: reinittime ># Notes.: minimal number of seconds between the re-initialization of ># firewalls due to external changes in their rules (see fwcheck) ># Values: NUM Default: 100 ># >reinittime = 10 > ># Option: maxreinits ># Notes.: maximal number of re-initialization of firewalls due to external ># changes. -1 stays for infinite, so only reinittime is of importance ># Values: NUM Default: -1 ># >maxreinits = -1 > > >[MAIL] ># Option: enabled ># Notes.: enable mail notification when banning an IP address. ># Values: [true | false] Default: false ># >enabled = false > ># Option: host ># Notes.: host running the mail server. ># Values: STR Default: localhost ># >host = localhost > ># Option: port ># Notes.: port of the mail server. ># Values: INT Default: 25 ># >port = 25 > ># Option: from ># Notes.: e-mail address of the sender. ># Values: MAIL Default: fail2ban ># >from = fail2ban > ># Option: to ># Notes.: e-mail addresses of the receiver. Addresses are space ># separated. ># Values: MAIL Default: root ># >to = root > ># Option: localtime ># Notes.: report local time (including timezone) or GMT ># Values: [true | false] Default: false ># >localtime = true > ># Option: subject ># Notes.: subject of the e-mail. ># Tags: <section> active section (eg ssh, apache, etc) ># <ip> IP address ># <failures> number of failures ># <failtime> unix timestamp of the last failure ># Values: TEXT Default: [Fail2Ban] <section>: Banned <ip> ># >subject = [Fail2Ban] <section>: Banned <ip> > ># Option: message ># Notes.: message of the e-mail. ># Tags: <section> active section (eg ssh, apache, etc) ># <ip> IP address ># <failures> number of failures ># <failtime> unix timestamp of the last failure ># <br> new line ># Values: TEXT Default: ># >message = Hi,<br> > The IP <ip> has just been banned by Fail2Ban after > <failures> attempts against <section>.<br> > Regards,<br> > Fail2Ban > ># You can define a new section for each log file to check for ># password failure. Each section has to define the following ># options: logfile, fwban, fwunban, timeregex, timepattern, ># failregex. > > >[Apache] ># Option: enabled ># Notes.: enable monitoring for this section. ># Values: [true | false] Default: false ># >enabled = false > ># Option: logfile ># Notes.: logfile to monitor. ># Values: FILE Default: /var/log/httpd/access_log ># >logfile = /var/log/httpd/access_log > ># Option: fwstart ># Notes.: command executed once at the start of Fail2Ban ># Values: CMD Default: ># >fwstart = iptables -N fail2ban-http > iptables -I INPUT -p tcp --dport http -j fail2ban-http > iptables -A fail2ban-http -j RETURN > ># Option: fwend ># Notes.: command executed once at the end of Fail2Ban ># Values: CMD Default: ># >fwend = iptables -D INPUT -p tcp --dport http -j fail2ban-http > iptables -F fail2ban-http > iptables -X fail2ban-http > ># Option: fwcheck ># Notes.: command executed once before each fwban command ># Values: CMD Default: ># >fwcheck = iptables -L INPUT | grep -q fail2ban-http > ># Option: fwban ># Notes.: command executed when banning an IP. Take care that the ># command is executed with Fail2Ban user rights. ># Tags: <ip> IP address ># <failures> number of failures ># <failtime> unix timestamp of the last failure ># <bantime> unix timestamp of the ban time ># Values: CMD ># Default: iptables -I INPUT 1 -s <ip> -j DROP ># >fwban = iptables -I fail2ban-http 1 -s <ip> -j DROP > ># Option: fwunban ># Notes.: command executed when unbanning an IP. Take care that the ># command is executed with Fail2Ban user rights. ># Tags: <ip> IP address ># <bantime> unix timestamp of the ban time ># <unbantime> unix timestamp of the unban time ># Values: CMD ># Default: iptables -D INPUT -s <ip> -j DROP ># >fwunban = iptables -D fail2ban-http -s <ip> -j DROP > ># Option: timeregex ># Notes.: regex to match timestamp in Apache logfile. ># Values: [Wed Jan 05 15:08:01 2005] ># Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4} ># >timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4} > ># Option: timepattern ># Notes.: format used in "timeregex" fields definition. Note that '%' must be ># escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule) ># Values: TEXT Default: %%a %%b %%d %%H:%%M:%%S %%Y ># >timepattern = %%a %%b %%d %%H:%%M:%%S %%Y > ># Option: failregex ># Notes.: regex to match the password failure messages in the logfile. ># Values: TEXT Default: authentication failure|user .* not found ># >failregex = authentication failure|user .* not found > > >[SSH] ># Option: enabled ># Notes.: enable monitoring for this section. ># Values: [true | false] Default: true ># >enabled = true > ># Option: logfile ># Notes.: logfile to monitor. ># Values: FILE Default: /var/log/secure ># >logfile = /var/log/secure > ># Option: fwstart ># Notes.: command executed once at the start of Fail2Ban ># Values: CMD Default: ># >fwstart = iptables -N fail2ban-ssh > iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh > iptables -A fail2ban-ssh -j RETURN > ># Option: fwend ># Notes.: command executed once at the end of Fail2Ban ># Values: CMD Default: ># >fwend = iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh > iptables -F fail2ban-ssh > iptables -X fail2ban-ssh > ># Option: fwcheck ># Notes.: command executed once before each fwban command ># Values: CMD Default: ># >fwcheck = iptables -L INPUT | grep -q fail2ban-ssh > ># Option: fwbanrule ># Notes.: command executed when banning an IP. Take care that the ># command is executed with Fail2Ban user rights. ># Tags: <ip> IP address ># <failures> number of failures ># <failtime> unix timestamp of the last failure ># <bantime> unix timestamp of the ban time ># Values: CMD ># Default: iptables -I INPUT 1 -s <ip> -j DROP ># >fwban = iptables -I fail2ban-ssh 1 -s <ip> -j DROP > ># Option: fwunbanrule ># Notes.: command executed when unbanning an IP. Take care that the ># command is executed with Fail2Ban user rights. ># Tags: <ip> IP address ># <bantime> unix timestamp of the ban time ># <unbantime> unix timestamp of the unban time ># Values: CMD ># Default: iptables -D INPUT -s <ip> -j DROP ># >fwunban = iptables -D fail2ban-ssh -s <ip> -j DROP > ># Option: timeregex ># Notes.: regex to match timestamp in SSH logfile. ># Values: [Mar 7 17:53:28] ># Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2} ># >timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2} > ># Option: timepattern ># Notes.: format used in "timeregex" fields definition. Note that '%' must be ># escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule) ># Values: TEXT Default: %%b %%d %%H:%%M:%%S ># >timepattern = %%b %%d %%H:%%M:%%S > ># Option: failregex ># Notes.: regex to match the password failures messages in the logfile. ># Values: TEXT Default: Authentication failure|Failed password|Invalid user ># >failregex = Authentication failure|Failed password|Invalid user
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=103881">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 143690
: 103881
