Fail2ban: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Pure-Ftpd/Shorewall
/etc/fail2ban/filter.d/pureftpd.conf
K (typo) |
K (update to 0.8x) |
||
Zeile 1: | Zeile 1: | ||
'''bans IPs that cause multiple authentication errors''' | '''bans IPs that cause multiple authentication errors''' | ||
Monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. The software was completely rewritten at version 0.7.0 and now allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. Currently, by default, supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. | Monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. The software was completely rewritten at version 0.7.0 and now allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. Currently, by default, supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. | ||
Zeile 41: | Zeile 41: | ||
ignoreregex =</source><br> | ignoreregex =</source><br> | ||
<br> | <br> <br> | ||
== /etc/fail2ban/ | == /etc/fail2ban/jail.local == | ||
<source lang="ini"> | <source lang="ini">[DEFAULT] | ||
banaction = shorewall | |||
action = %(action_mwl)s | |||
[ | [ssh] | ||
enabled = true | |||
maxretry = 6 | |||
[pam-generic] | |||
enabled = true | |||
maxretry = 6 | |||
[courierauth] | |||
enabled = true | |||
maxretry = 8 | |||
[sasl] | |||
enabled = true | |||
enabled = true | |||
maxretry = 6 | maxretry = 6 | ||
[pureftpd] | [pureftpd] | ||
enabled = true | enabled = true | ||
port = | port = ftp,ftp-data,ftps,ftps-data | ||
filter = pureftpd | filter = pureftpd | ||
logpath = /var/log/syslog | logpath = /var/log/syslog | ||
maxretry = 6 | maxretry = 6</source> | ||
[[Category:Linux]] [[Category:Debian]] [[Category:Security]] | [[Category:Linux]] [[Category:Debian]] [[Category:Security]] |
Version vom 26. Mai 2009, 19:26 Uhr
bans IPs that cause multiple authentication errors
Monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. The software was completely rewritten at version 0.7.0 and now allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. Currently, by default, supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls.
Homepage: Fail2ban
Pure-Ftpd/Shorewall
syslog
Jan 27 09:32:58 hostname pure-ftpd: (?@81.169.128.26) [WARNING] Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms.
/etc/fail2ban/filter.d/pureftpd.conf
# Fail2Ban configuration file
#
# Author: JT
#
# $Revision: 2 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching.
# Values: TEXT
#
#Jan 27 09:32:58 hostname pure-ftpd: (?@81.169.128.26) [WARNING] Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms.
#
failregex = pure-ftpd: \(.*@<HOST>\) \[WARNING\] Sorry, cleartext sessions are not accepted.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
/etc/fail2ban/jail.local
[DEFAULT]
banaction = shorewall
action = %(action_mwl)s
[ssh]
enabled = true
maxretry = 6
[pam-generic]
enabled = true
maxretry = 6
[courierauth]
enabled = true
maxretry = 8
[sasl]
enabled = true
maxretry = 6
[pureftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pureftpd
logpath = /var/log/syslog
maxretry = 6