2016-11-07 14:00:57 +01:00
|
|
|
# EvoLinux Fail2Ban config.
|
|
|
|
|
2022-06-08 17:55:58 +02:00
|
|
|
{% if fail2ban_override_jaillocal %}
|
|
|
|
# WARNING : THIS FILE IS (PROBABLY) ANSIBLE MANAGED AS IT WAS OVERWRITTEN BY ANSIBLE
|
|
|
|
{% endif %}
|
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
[DEFAULT]
|
|
|
|
|
|
|
|
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
2018-08-21 23:21:30 +02:00
|
|
|
ignoreip = {{ ['127.0.0.1/8'] | union(fail2ban_ignore_ips) | unique | join(' ') }}
|
2017-07-05 12:00:29 +02:00
|
|
|
|
2022-06-08 17:55:58 +02:00
|
|
|
bantime = {{ fail2ban_default_bantime }}
|
|
|
|
maxretry = {{ fail2ban_default_maxretry }}
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
destemail = {{ fail2ban_alert_email or general_alert_email | mandatory }}
|
|
|
|
|
|
|
|
# ACTIONS
|
|
|
|
banaction = iptables-multiport
|
2022-12-28 09:03:37 +01:00
|
|
|
action = %({{ fail2ban_default_action }})s
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-10-18 15:44:20 +02:00
|
|
|
|
2019-03-22 11:39:20 +01:00
|
|
|
[sshd]
|
2022-06-08 17:55:58 +02:00
|
|
|
enabled = {{ fail2ban_sshd }}
|
2023-07-31 11:50:36 +02:00
|
|
|
port = {{ fail2ban_sshd_port }}
|
2019-03-22 11:39:20 +01:00
|
|
|
|
2022-06-08 17:55:58 +02:00
|
|
|
maxretry = {{ fail2ban_sshd_maxretry }}
|
|
|
|
findtime = {{ fail2ban_sshd_findtime }}
|
|
|
|
bantime = {{ fail2ban_sshd_bantime }}
|
|
|
|
|
|
|
|
[recidive]
|
|
|
|
enabled = {{ fail2ban_recidive }}
|
|
|
|
|
|
|
|
maxretry = {{ fail2ban_recidive_maxretry }}
|
|
|
|
findtime = {{ fail2ban_recidive_findtime }}
|
|
|
|
bantime = {{ fail2ban_recidive_bantime }}
|
|
|
|
|
|
|
|
|
|
|
|
# Evolix custom jails
|
|
|
|
|
2017-10-18 15:44:20 +02:00
|
|
|
[wordpress-hard]
|
2022-12-14 11:47:53 +01:00
|
|
|
enabled = {{ fail2ban_wordpress_hard }}
|
2022-06-08 17:55:58 +02:00
|
|
|
port = http, https
|
2017-10-18 15:44:20 +02:00
|
|
|
filter = wordpress-hard
|
|
|
|
logpath = /var/log/auth.log
|
2022-06-08 17:55:58 +02:00
|
|
|
maxretry = {{ fail2ban_wordpress_hard_maxretry }}
|
|
|
|
findtime = {{ fail2ban_wordpress_hard_findtime }}
|
|
|
|
bantime = {{ fail2ban_wordpress_hard_bantime }}
|
2017-10-18 15:44:20 +02:00
|
|
|
|
|
|
|
[wordpress-soft]
|
2022-12-14 11:47:53 +01:00
|
|
|
enabled = {{ fail2ban_wordpress_soft }}
|
2022-06-08 17:55:58 +02:00
|
|
|
port = http, https
|
2017-10-18 15:44:20 +02:00
|
|
|
filter = wordpress-soft
|
|
|
|
logpath = /var/log/auth.log
|
2022-06-08 17:55:58 +02:00
|
|
|
maxretry = {{ fail2ban_wordpress_soft_maxretry }}
|
|
|
|
findtime = {{ fail2ban_wordpress_soft_findtime }}
|
|
|
|
bantime = {{ fail2ban_wordpress_soft_bantime }}
|
2017-10-25 12:12:18 +02:00
|
|
|
|
|
|
|
[roundcube]
|
2022-12-14 11:47:53 +01:00
|
|
|
enabled = {{ fail2ban_roundcube }}
|
2022-06-08 17:55:58 +02:00
|
|
|
port = http, https
|
2017-10-25 12:12:18 +02:00
|
|
|
filter = roundcube
|
2024-03-19 16:53:35 +01:00
|
|
|
logpath = /var/log/roundcube/errors
|
2022-06-08 17:55:58 +02:00
|
|
|
maxretry = {{ fail2ban_roundcube_maxretry }}
|
|
|
|
findtime = {{ fail2ban_roundcube_findtime }}
|
|
|
|
bantime = {{ fail2ban_roundcube_bantime }}
|