# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#

# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 900

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = auto


# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
#           sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath  = /var/log/auth
maxretry = 5

[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
#           sendmail-whois[name=ProFTPD, dest=you@mail.com]
logpath  = /var/log/auth
maxretry = 6

[hermes-iptables]

enabled  = false
filter   = hermes
action   = iptables[name=Hermes, port=smtp, protocol=tcp]
#           sendmail-whois[name=Hermes, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 6

[exim-iptables]

###  UWAGA - jeśli używasz Hermesa, NIE włączaj tego ! -  ##
###  - może wtedy zablokować całą pocztę !                ##
enabled  = false
filter   = exim
action   = iptables-multiport[name=Exim, port="smtp,2525,465", protocol=tcp]
#           sendmail-whois[name=Exim, dest=you@mail.com]
logpath  = /var/log/exim/rejectlog
maxretry = 6

[tpop3d-iptables]

enabled  = false
filter   = tpop3d
action   = iptables-multiport[name=tpop3d, port="pop3,995", protocol=tcp]
#           sendmail-whois[name=tpop3d, dest=you@mail.com]
logpath  = /var/log/errors
maxretry = 3

# This jail forces the backend to "polling".

[sasl-iptables]

enabled  = false
filter   = sasl
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
#           sendmail-whois[name=sasl, dest=you@mail.com]
logpath  = /var/log/mail

# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".

[ssh-tcpwrapper]

enabled     = false
filter      = sshd
action      = hostsdeny
#              sendmail-whois[name=SSH, dest=you@mail.com]
#ignoreregex = for myuser from
logpath     = /var/log/auth

# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.

[apache-tcpwrapper]

enabled  = false
filter	 = apache-auth
action   = hostsdeny
logpath  = /var/log/httpd/error_log
#           /custom/error/log/path/cust_err_log_file
maxretry = 6

# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.

[apache-badbots]

enabled  = false
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
#           sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
logpath  = /var/log/httpd/access_log
#           /custom/access/log/path/cust_access_log_file
bantime  = 172800
maxretry = 1

# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
#     channel security_file {
#         file "/var/log/named.log" versions 3 size 30m;
#         severity dynamic;
#         print-time yes;
#     };
#     category security {
#         security_file;
#     };
# }
#
# in your named.conf to provide proper logging.
# This jail blocks UDP traffic for DNS requests.

[named-refused-udp]

enabled  = false
filter   = named-refused
action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
#           sendmail-whois[name=Named, dest=you@mail.com]
logpath  = /var/log/named.log
#ignoreip = 192.168.0.1

# This jail blocks TCP traffic for DNS requests.

[named-refused-tcp]

enabled  = false
filter   = named-refused
action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
#           sendmail-whois[name=Named, dest=you@mail.com]
logpath  = /var/log/named.log
#ignoreip = 192.168.0.1