Preparation for fail2ban script

2019-12-12 20:58:06 +01:00
parent 6cfcee6d20
commit 790ba88d7d
6 changed files with 43 additions and 0 deletions
--- a/seqs/fail2ban/filter.d/ip-blacklist.conf
+++ b/seqs/fail2ban/filter.d/ip-blacklist.conf
@@ -0,0 +1,6 @@
+[Definition]
+
+failregex = ^<HOST> \[.*\]$
+
+ignoreregex =
+
--- a/seqs/fail2ban/filter.d/nextcloud.conf
+++ b/seqs/fail2ban/filter.d/nextcloud.conf
@@ -0,0 +1,4 @@
+[Definition]
+
+failregex = ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
+	    ^.*\"remoteAddr\":\"<HOST>\".*Login failed:.*$		 
--- a/seqs/fail2ban/ip.blacklist.example
+++ b/seqs/fail2ban/ip.blacklist.example
@@ -0,0 +1 @@
+37.49.224.142 [02/02/2019 09:00:00]
--- a/seqs/fail2ban/jail.d/ip-blacklist.conf
+++ b/seqs/fail2ban/jail.d/ip-blacklist.conf
@@ -0,0 +1,18 @@
+[ip-blacklist]
+
+enabled   = true
+banaction = iptables-allports
+port      = anyport
+filter    = ip-blacklist
+logpath   = /etc/fail2ban/ip.blacklist
+maxretry  = 0
+#findtime  = 15552000
+findtime  = 600
+# infinite ban
+#bantime   = -1 
+# 1 day ban
+#bantime   = 86400 
+# 2 day ban
+bantime   = 172800
+# 10 minute ban
+#bantime   = 600
--- a/seqs/fail2ban/jail.d/mail.conf
+++ b/seqs/fail2ban/jail.d/mail.conf
@@ -0,0 +1,6 @@
+[dovecot]
+enabled = true
+port = pop3,pop3s,imap,imaps
+filter = dovecot
+logpath = /var/log/mail.info
+maxretry  = 3
--- a/seqs/fail2ban/jail.d/nextcloud.conf
+++ b/seqs/fail2ban/jail.d/nextcloud.conf
@@ -0,0 +1,8 @@
+[nextcloud]
+enabled  = true
+logpath  = /var/nc_data/nextcloud.log
+port     = http,https
+filter   = nextcloud
+maxretry = 3
+# 1 day ban
+bantime = 86400