92 lines
2.6 KiB
Django/Jinja
92 lines
2.6 KiB
Django/Jinja
#+++++++++++++++++++++++++++++++++++++
|
|
# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD NEW POLICIES
|
|
# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
|
|
# Custom fail2ban conf
|
|
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
|
|
# 31536000 ; year
|
|
# 18144000 ; 30days
|
|
# 604800 ; 1 week
|
|
# 86400 ; 1 day
|
|
# 3600 ; 1 hour
|
|
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
|
|
[INCLUDES]
|
|
|
|
#
|
|
# INCLUDES
|
|
#
|
|
|
|
before = paths-debian.conf
|
|
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
|
|
# The DEFAULT allows a global definition of the options. They can be overridden
|
|
# in each jail afterwards.
|
|
|
|
[DEFAULT]
|
|
|
|
#
|
|
# OPTIONS CONF DEFAULT
|
|
#
|
|
|
|
# ignorecommand =
|
|
{% if fail2ban_times is defined %}
|
|
{% for time in fail2ban_times %}
|
|
bantime = {{ time.bantime | default('604800')}}
|
|
findtime = {{ time.findtime | default('604800')}}
|
|
maxretry = {{ time.maxretry | default('4')}}
|
|
{% endfor %}
|
|
{% endif %}
|
|
maxmatches = %(maxretry)s
|
|
backend = auto
|
|
usedns = warn
|
|
logencoding = auto
|
|
enabled = false
|
|
mode = normal
|
|
filter = %(__name__)s[mode=%(mode)s]
|
|
destemail = sysadmin@verdnatura.es
|
|
sender = root@<fq-hostname>
|
|
mta = mail
|
|
protocol = tcp
|
|
chain = <known/chain>
|
|
port = 0:65535
|
|
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
|
|
banaction = nftables-multiport
|
|
banaction_allports = nftables-allports
|
|
action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
action_mw = %(action_)s
|
|
%(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
|
|
action_mwl = %(action_)s
|
|
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
|
|
action_xarf = %(action_)s
|
|
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
|
|
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
|
|
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
|
|
action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
|
|
action_abuseipdb = abuseipdb
|
|
action = %(action_mwl)s
|
|
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
|
|
#
|
|
# JAILS
|
|
#
|
|
|
|
{% if fail2ban_jails is defined %}
|
|
{% for jail in fail2ban_jails %}
|
|
#+++++++++++++++++++++++++++++++++++++
|
|
[{{ jail.name }}]
|
|
enabled = {{ jail.enabled }}
|
|
port = {{ jail.port | join(' ') }}
|
|
filter = {{ jail.filter }}
|
|
logpath = {{ jail.logpath }}
|
|
backend = {{ jail.backend }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
#+++++++++++++++++++++++++++++++++++++
|