Fail2ban for BSD pf
view | history | commit | commitdiff
Yax
2017-09-06 b8b614309acd67eafa4aa4197426100aaff5af80
commit | author | age
77f371 1 [DEFAULT]
T 2 # 24h + 5min
3 # Time to keep banned a bad ip
8f00aa 4 watch_while = 86700
3a37e6 5 # Max tries before being banned
77f371 6 maxtries = 3
T 7 # pf table to keep bad IP.
8 # remember to clean the table with this command in a cron job :
3a37e6 9 #     /sbin/pfctl -t vilain_bruteforce -T expire 86400
77f371 10 vilain_table = vilain_bruteforce
8f00aa 11
Y 12 # vilain log file
13 vilain_log = /var/log/daemon
3a37e6 14
90bc70 15 # duration before each checks on the different log files
T 16 sleeptime = 3.0
17
3a37e6 18 ### Ip ignored ###
T 19 [ignoreip]
20 ip1 = 92.150.160.157
21 ip2 = 92.150.160.156
40cb2e 22
77f371 23 ### Guardians
T 24 #[name of the guardian]
25 #logfile = /file/to/watch
26 #regex = regex that return the bad guy IP
40cb2e 27 #maxtries = 2 #facultative
77f371 28
T 29 [ssh]
30 logfile = /var/log/authlog
31 regex = .* Failed .* from ([\S]+) .*
32
33 [ssh2]
34 logfile = /var/log/authlog
35 regex = .* Connection closed by ([\S]+) .*
36
3a37e6 37 #[http404]
T 38 #logfile = /var/www/logs/access.log
39 #regex = (?:\S+\s){1}(\S+).*\s404\s.*
40
41 [http401]
42 logfile = /var/www/logs/access.log
43 regex = (?:\S+\s){1}(\S+).*\s401\s.*
44
45 [http403]
46 logfile = /var/www/logs/access.log
47 regex = (?:\S+\s){1}(\S+).*\s403\s.*
48
49 [smtp]
50 logfile = /var/log/maillog
51 regex = .* event=failed-command address=([\S]+) .*
52
53 [dovecot]
54 logfile = /var/log/maillog
55 regex = .*auth failed.*rip=([\S]+),.*
56
57 [wordpress]
58 # don't use if you have wordpress
59 logfile = /var/www/logs/access.log
60 regex = (?:\S+\s){1}(\S+).*wp-login.php.*