Initial commit.

2020-09-29 16:40:13 +01:00 · 2020-09-29 16:40:13 +01:00 · 3d665e5e11
commit 3d665e5e11
72 changed files with 3200 additions and 0 deletions
--- a/base-files/fail2ban/fail2ban.local
+++ b/base-files/fail2ban/fail2ban.local
@ -0,0 +1,75 @@
+[DEFAULT]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+loglevel = INFO
+
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#         Only one log target can be specified.
+#         If you change logtarget from the default value and you are
+#         using logrotate -- also adjust or disable rotation in the
+#         corresponding configuration file
+#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | FILE ]  Default: STDERR
+#
+logtarget = syslog[facility=LOCAL0]
+
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+#        auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ]  Default: auto
+#syslogsocket = auto
+
+# Option: socket
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+#         not remove this file when Fail2ban runs. It will not be possible to
+#         communicate with the server afterwards.
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
+#
+socket = /var/run/fail2ban.sock
+
+# Option: pidfile
+# Notes.: Set the PID file. This is used to store the process ID of the
+#         fail2ban server.
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
+#
+pidfile = /var/run/fail2ban.pid
+
+# Options: dbfile
+# Notes.: Set the file for the fail2ban persistent data to be stored.
+#         A value of ":memory:" means database is only stored in memory 
+#         and data is lost when fail2ban is stopped.
+#         A value of "None" disables the database.
+# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
+# dbfile = /var/lib/fail2ban/fail2ban.sqlite3
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours)
+#dbpurgeage = 1d
+
+# Options: dbmaxmatches
+# Notes.: Number of matches stored in database per ticket (resolvable via 
+#         tags <ipmatches>/<ipjailmatches> in actions)
+# Values: [ INT ] Default: 10
+#dbmaxmatches = 10
+
+[Definition]
+
+
+[Thread]
+
+# Options: stacksize
+# Notes.: Specifies the stack size (in KiB) to be used for subsequently created threads,
+#         and must be 0 or a positive integer value of at least 32.
+# Values: [ SIZE ] Default: 0 (use platform or configured default)
+#stacksize = 0
--- a/base-files/fail2ban/jail.local
+++ b/base-files/fail2ban/jail.local
@ -0,0 +1,61 @@
+[DEFAULT]
+
+#
+# MISCELLANEOUS OPTIONS
+#
+
+# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
+# will not ban a host which matches an address in this list. Several addresses
+# can be defined using space (and/or comma) separator.
+ignoreip = 127.0.0.1/8 91.109.244.0/24 ::1 2a02:2498:1:227::/64 afterdark.org.uk
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 12h
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 2h
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 3
+
+# "usedns" specifies if jails should trust hostnames in logs,
+#   warn when DNS lookups are performed, or ignore all hostnames in logs
+#
+# yes:   if a hostname is encountered, a DNS lookup will be performed.
+# warn:  if a hostname is encountered, a DNS lookup will be performed,
+#        but it will be logged as a warning.
+# no:    if a hostname is encountered, will not be used for banning,
+#        but it will be logged as info.
+# raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
+usedns = warn
+
+#
+# ACTIONS
+#
+
+# Some options used for actions
+
+# Destination email address used solely for the interpolations in
+# jail.{conf,local,d/*} configuration files.
+destemail = root@localhost
+
+# Sender email address used solely for some actions
+sender = root@<fq-hostname>
+
+#
+# JAILS
+#
+
+[sshd]
+
+# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
+# normal (default), ddos, extra or aggressive (combines all).
+# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
+#mode   = normal
+enabled	= yes
+port = 9922
+
+#[apache-auth]
+#enabled	= yes
+#
--- a/base-files/fail2ban/paths-overrides.local
+++ b/base-files/fail2ban/paths-overrides.local
@ -0,0 +1,25 @@
+[DEFAULT]
+
+syslog_mail = /var/log/smtpd
+
+syslog_mail_warn = /var/log/smtpd
+
+syslog_authpriv = /var/log/messages
+
+syslog_auth = /var/log/messages
+
+syslog_user  =  /var/log/messages
+
+syslog_ftp = /var/log/ftpd
+
+syslog_daemon =  /var/log/messages
+
+syslog_local0 =  /var/log/messages
+
+apache_error_log = /var/log/httpd/*error.log
+
+apache_access_log = /var/log/httpd/*access.log
+
+# Default for Slackware provided below,
+# please change according to your proftpd config file.
+proftpd_log = /var/log/ftpd