Ludovic Poujol
1e19418fb0
All checks were successful
continuous-integration/drone/push Build is passing
* Give the possibility to override jail.local (with fail2ban_override_jaillocal) * If jail.local was overriden, add a warning * Allow to tune some jail settings (maxretry, bantime, findtime) with ansible * Allow to tune the default action with ansible * Change default action to ban only (instead of ban + mail with whois report) * Configure recidive jail (off by default) + extend dbpurgeage
66 lines
1.7 KiB
Django/Jinja
66 lines
1.7 KiB
Django/Jinja
# EvoLinux Fail2Ban config.
|
||
|
||
{% if fail2ban_override_jaillocal %}
|
||
# WARNING : THIS FILE IS (PROBABLY) ANSIBLE MANAGED AS IT WAS OVERWRITTEN BY ANSIBLE
|
||
{% endif %}
|
||
|
||
[DEFAULT]
|
||
|
||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||
ignoreip = {{ ['127.0.0.1/8'] | union(fail2ban_ignore_ips) | unique | join(' ') }}
|
||
|
||
bantime = {{ fail2ban_default_bantime }}
|
||
maxretry = {{ fail2ban_default_maxretry }}
|
||
|
||
destemail = {{ fail2ban_alert_email or general_alert_email | mandatory }}
|
||
|
||
# ACTIONS
|
||
banaction = iptables-multiport
|
||
action = %({{fail2ban_default_action}})s
|
||
|
||
|
||
[sshd]
|
||
enabled = {{ fail2ban_sshd }}
|
||
port = ssh,2222,22222
|
||
|
||
maxretry = {{ fail2ban_sshd_maxretry }}
|
||
findtime = {{ fail2ban_sshd_findtime }}
|
||
bantime = {{ fail2ban_sshd_bantime }}
|
||
|
||
[recidive]
|
||
enabled = {{ fail2ban_recidive }}
|
||
|
||
maxretry = {{ fail2ban_recidive_maxretry }}
|
||
findtime = {{ fail2ban_recidive_findtime }}
|
||
bantime = {{ fail2ban_recidive_bantime }}
|
||
|
||
|
||
# Evolix custom jails
|
||
|
||
[wordpress-hard]
|
||
enabled = {{ fail2ban_wordpress_hard }}
|
||
port = http, https
|
||
filter = wordpress-hard
|
||
logpath = /var/log/auth.log
|
||
maxretry = {{ fail2ban_wordpress_hard_maxretry }}
|
||
findtime = {{ fail2ban_wordpress_hard_findtime }}
|
||
bantime = {{ fail2ban_wordpress_hard_bantime }}
|
||
|
||
[wordpress-soft]
|
||
enabled = {{ fail2ban_wordpress_soft }}
|
||
port = http, https
|
||
filter = wordpress-soft
|
||
logpath = /var/log/auth.log
|
||
maxretry = {{ fail2ban_wordpress_soft_maxretry }}
|
||
findtime = {{ fail2ban_wordpress_soft_findtime }}
|
||
bantime = {{ fail2ban_wordpress_soft_bantime }}
|
||
|
||
[roundcube]
|
||
enabled = {{ fail2ban_roundcube }}
|
||
port = http, https
|
||
filter = roundcube
|
||
logpath = /var/lib/roundcube/logs/errors
|
||
maxretry = {{ fail2ban_roundcube_maxretry }}
|
||
findtime = {{ fail2ban_roundcube_findtime }}
|
||
bantime = {{ fail2ban_roundcube_bantime }}
|