1 --- fail2ban-0.8.11/config/jail.conf.orig 2014-01-06 20:44:20.948073144 +0100
2 +++ fail2ban-0.8.11/config/jail.conf 2014-01-06 20:52:15.888069706 +0100
5 action = iptables[name=SSH, port=ssh, protocol=tcp]
6 sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
7 -logpath = /var/log/sshd.log
8 +logpath = /var/log/secure
14 action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
15 sendmail-whois[name=ProFTPD, dest=you@example.com]
16 -logpath = /var/log/proftpd/proftpd.log
17 +logpath = /var/log/secure
23 action = iptables[name=sasl, port=smtp, protocol=tcp]
24 sendmail-whois[name=sasl, dest=you@example.com]
25 -logpath = /var/log/mail.log
26 +logpath = /var/log/maillog
29 # ASSP SMTP Proxy Jail
31 action = hostsdeny[daemon_list=sshd]
32 sendmail-whois[name=SSH, dest=you@example.com]
33 ignoreregex = for myuser from
34 -logpath = /var/log/sshd.log
35 +logpath = /var/log/secure
38 # Here we use blackhole routes for not requiring any additional kernel support
43 -logpath = /var/log/sshd.log
44 +logpath = /var/log/secure
51 action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
52 -logpath = /var/log/sshd.log
53 +logpath = /var/log/secure
60 action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
61 -logpath = /var/log/sshd.log
62 +logpath = /var/log/secure
70 -logpath = /var/log/apache*/*error.log
71 +logpath = /var/log/httpd/*error_log
72 /home/www/myhomepage/error.log
77 action = hostsdeny[file=/not/a/standard/path/hosts.deny]
78 sendmail[name=Postfix, dest=you@example.com]
79 -logpath = /var/log/postfix.log
80 +logpath = /var/log/maillog
85 filter = apache-badbots
86 action = iptables-multiport[name=BadBots, port="http,https"]
87 sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
88 -logpath = /var/www/*/logs/access_log
89 +logpath = /var/log/httpd/*access_log
94 filter = apache-noscript
96 sendmail[name=Postfix, dest=you@example.com]
97 -logpath = /var/log/apache2/error_log
98 +logpath = /var/log/httpd/error_log
101 # Monitor roundcube server
104 action = iptables-multiport[name=php-url-open, port="http,https"]
105 filter = php-url-fopen
106 -logpath = /var/www/*/logs/access_log
107 +logpath = /var/log/httpd/*access_log
112 filter = named-refused
113 action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
114 sendmail-whois[name=Named, dest=you@example.com]
115 -logpath = /var/log/named/security.log
116 +logpath = /var/log/named/named.log
117 ignoreip = 168.192.0.1
122 action = iptables[name=mysql, port=3306, protocol=tcp]
123 sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
124 -logpath = /var/log/mysqld.log
125 +logpath = /var/log/mysql/mysqld.log
132 action = iptables[name=mysql, port=3306, protocol=tcp]
133 -logpath = /var/log/daemon.log
134 +logpath = /var/log/mysql/mysqld.log
141 action = iptables-multiport[name=exim,port="25,465,587"]
142 -logpath = /var/log/exim/mainlog
143 +logpath = /var/log/exim/main.log
150 action = iptables-multiport[name=exim-spam,port="25,465,587"]
151 -logpath = /var/log/exim/mainlog
152 +logpath = /var/log/exim/main.log
159 action = iptables-multiport[name=webmin,port="10000"]
160 -logpath = /var/log/auth.log
161 +logpath = /var/log/secure
164 # dovecot defaults to logging to the mail syslog facility
168 action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
169 -logpath = /var/log/mail.log
170 +logpath = /var/log/maillog