Various updates to the fail2ban configuration.

* Update paths.
* Update safe IPs.
* Update ban time and detection thresholds.
* Update email addresses.
* Add more jails.

base-files/fail2ban/fail2ban.local

@@ -35,14 +35,14 @@ logtarget = syslog[facility=LOCAL0]
 #         communicate with the server afterwards.
 # Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
 #
-socket = /var/run/fail2ban.sock
+socket = /run/fail2ban.sock
 
 # Option: pidfile
 # Notes.: Set the PID file. This is used to store the process ID of the
 #         fail2ban server.
 # Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
 #
-pidfile = /var/run/fail2ban.pid
+pidfile = /run/fail2ban.pid
 
 # Options: dbfile
 # Notes.: Set the file for the fail2ban persistent data to be stored.

base-files/fail2ban/jail.local

@@ -7,14 +7,14 @@
 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
 # will not ban a host which matches an address in this list. Several addresses
 # can be defined using space (and/or comma) separator.
-ignoreip = 127.0.0.1/8 212.78.94.73 216.119.155.57 216.119.155.58 216.119.155.59 216.119.155.60 216.119.155.61 216.119.155.62 91.109.244.7 91.109.244.8 91.109.244.9 91.109.244.10 91.109.244.11 185.176.90.169 82.163.78.10 ::1 2a02:2498:e004:2a::/64 2a02:2498:1:227::/64 2a07:4580:b0d:57f::169 2a02:2498:e004:1:216:3eff:fe69:98ba afterdark.org.uk
+ignoreip = 127.0.0.1/8,::1 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 5.101.171.210/28,2a01:a500:2981:1::/64 91.109.244.7,91.109.244.8,91.109.244.9,91.109.244.10,91.109.244.11,2a02:2498:1:227::/64 88.80.191.137,2a01:7e00::f03c:93ff:fe86:afae 185.176.90.169,2a07:4580:b0d:57f::169 afterdark.org.uk
 
 # "bantime" is the number of seconds that a host is banned.
-bantime  = 12h
+bantime  = 2d
 
 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
-findtime  = 2h
+findtime  = 8h
 
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 3
@@ -28,7 +28,7 @@ maxretry = 3
 # no:    if a hostname is encountered, will not be used for banning,
 #        but it will be logged as info.
 # raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
-usedns = warn
+usedns = yes
 
 #
 # ACTIONS
@@ -38,24 +38,46 @@ usedns = warn
 
 # Destination email address used solely for the interpolations in
 # jail.{conf,local,d/*} configuration files.
-destemail = root@localhost
+destemail = sysadmin@slackware.network
 
 # Sender email address used solely for some actions
-sender = root@<fq-hostname>
+sender = noreply@slackware.network
 
 #
 # JAILS
 #
 
+# FIXME: Enable the correct jails for host.
+[dovecot]
+enabled = no
+filter = dovecot
+port = imap2,imaps,pop3,pop3s
+logpath = /var/log/imapd
+mode = normal
+
+[exim]
+enabled = no
+filter = exim
+port = smtp,smtps,submission
+logpath = /var/log/smtp
+mode = normal
+
+[proftpd]
+enabled = no
+filter = proftpd
+port = ftp,ftps
+logfile = /var/log/ftpd
+
+[roundcube]
+enabled = no
+filter = roundcube-auth
+port = http,https
+logfile = /data/sites/webmail.slackware.network/logs/roundcube/userlogins.log
+maxretry = 10
+
 [sshd]
-
-# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
-# normal (default), ddos, extra or aggressive (combines all).
-# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
-#mode   = normal
+# Modes are: normal (default), ddos, extra or aggressive (combines all).
 enabled	= yes
-port = 9922
-
-#[apache-auth]
-#enabled	= yes
-#
+filter = sshd
+port = ssh,9922
+mode = aggressive

base-files/fail2ban/paths-overrides.local

@@ -18,8 +18,6 @@ syslog_local0 =  /var/log/messages
 
 apache_error_log = /var/log/httpd
 
-# apache_access_log = /var/log/httpd/*access.log
+apache_access_log =
 
-# Default for Slackware provided below,
-# please change according to your proftpd config file.
 proftpd_log = /var/log/ftpd