Index: jail.conf =================================================================== --- config/jail.conf 2014-03-15 08:49:54.000000000 +0100 +++ config/jail.conf 2014-04-08 19:42:38.005436901 +0200 @@ -97,8 +97,7 @@ filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] -logpath = /var/log/sshd.log -maxretry = 5 +logpath = /var/log/auth.log [ssh-ddos] @@ -106,7 +105,7 @@ enabled = false filter = sshd-ddos action = iptables[name=SSHDDOS, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log +logpath = /var/log/auth.log maxretry = 2 @@ -202,7 +201,7 @@ action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from -logpath = /var/log/sshd.log +logpath = /var/log/auth.log # Here we use blackhole routes for not requiring any additional kernel support @@ -212,8 +211,7 @@ enabled = false filter = sshd action = route -logpath = /var/log/sshd.log -maxretry = 5 +logpath = /var/log/auth.log # Here we use a combination of Netfilter/Iptables and IPsets @@ -226,8 +224,7 @@ enabled = false filter = sshd action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log -maxretry = 5 +logpath = /var/log/auth.log [ssh-iptables-ipset6] @@ -235,23 +232,7 @@ enabled = false filter = sshd action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] -logpath = /var/log/sshd.log -maxretry = 5 - - -# bsd-ipfw is ipfw used by BSD. It uses ipfw tables. -# table number must be unique. -# -# This will create a deny rule for that table ONLY if a rule -# for the table doesn't ready exist. -# -[ssh-bsd-ipfw] - -enabled = false -filter = sshd -action = bsd-ipfw[port=ssh,table=1] logpath = /var/log/auth.log -maxretry = 5 # This jail demonstrates the use of wildcards in "logpath". @@ -261,8 +242,7 @@ enabled = false filter = apache-auth action = hostsdeny -logpath = /var/log/apache*/*error.log - /home/www/myhomepage/error.log +logpath = /var/log/httpd/*error_log maxretry = 6 @@ -271,8 +251,7 @@ enabled = false filter = apache-modsecurity action = iptables-multiport[name=apache-modsecurity,port="80,443"] -logpath = /var/log/apache*/*error.log - /home/www/myhomepage/error.log +logpath = /var/log/httpd/*error_log maxretry = 2 @@ -281,8 +260,7 @@ enabled = false filter = apache-overflows action = iptables-multiport[name=apache-overflows,port="80,443"] -logpath = /var/log/apache*/*error.log - /home/www/myhomepage/error.log +logpath = /var/log/httpd/*error_log maxretry = 2 @@ -291,8 +269,7 @@ enabled = false filter = apache-nohome action = iptables-multiport[name=apache-nohome,port="80,443"] -logpath = /var/log/apache*/*error.log - /home/www/myhomepage/error.log +logpath = /var/log/httpd/*error_log maxretry = 2 @@ -396,7 +373,7 @@ filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] -logpath = /var/www/*/logs/access_log +logpath = /var/log/httpd/*access_log bantime = 172800 maxretry = 1 @@ -408,7 +385,7 @@ filter = apache-noscript action = shorewall sendmail[name=Postfix, dest=you@example.com] -logpath = /var/log/apache2/error_log +logpath = /var/log/httpd/*error_log # Monitor roundcube server @@ -631,16 +608,6 @@ maxretry = 5 -# PF is a BSD based firewall -[ssh-pf] - -enabled = false -filter = sshd -action = pf -logpath = /var/log/sshd.log -maxretry = 5 - - [3proxy] enabled = false @@ -681,15 +648,6 @@ logpath = /var/log/maillog -[osx-ssh-ipfw] - -enabled = false -filter = sshd -action = osx-ipfw -logpath = /var/log/secure.log -maxretry = 5 - - [ssh-apf] enabled = false @@ -699,15 +657,6 @@ maxretry = 5 -[osx-ssh-afctl] - -enabled = false -filter = sshd -action = osx-afctl[bantime=600] -logpath = /var/log/secure.log -maxretry = 5 - - [webmin-auth] enabled = false @@ -761,7 +710,7 @@ action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s] -logpath = /var/log/sshd.log +logpath = /var/log/auth.log maxretry = 20