fail2ban

Discussion in 'Installation/Configuration' started by ashokjp, Nov 29, 2014.

  1. ashokjp

    ashokjp New Member

    I installed ispconfig with the guide here
    http://www.howtoforge.com/perfect-s...hp-pureftpd-postfix-dovecot-and-ispconfig3-p6


    Fail2ban is installed but i am getting maillog with failed entries of example.com. I assume its from fail2ban.

    Isnt fail2ban configured by default on ispconfig install ?

    the configuration files are below
    jail.conf
    Code:
    # Fail2Ban jail base specification file
    #
    # HOW TO ACTIVATE JAILS:
    #
    # YOU SHOULD NOT MODIFY THIS FILE.
    #
    # It will probably be overwitten or improved in a distribution update.
    #
    # Provide customizations in a jail.local file or a jail.d/customisation.local.
    # For example to change the default bantime for all jails and to enable the
    # ssh-iptables jail the following (uncommented) would appear in the .local file.
    # See man 5 jail.conf for details.
    #
    # [DEFAULT]
    # bantime = 3600
    #
    # [ssh-iptables]
    # enabled = true
    
    
    
    # Comments: use '#' for comment lines and ';' (following a space) for inline comments
    
    # The DEFAULT allows a global definition of the options. They can be overridden
    # in each jail afterwards.
    
    [DEFAULT]
    
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
    # ban a host which matches an address in this list. Several addresses can be
    # defined using space separator.
    ignoreip = 127.0.0.1/8
    
    # External command that will take an tagged arguments to ignore, e.g. <ip>,
    # and return true if the IP is to be ignored. False otherwise.
    #
    # ignorecommand = /path/to/command <ip>
    ignorecommand =
    
    # "bantime" is the number of seconds that a host is banned.
    bantime  = 600
    
    # A host is banned if it has generated "maxretry" during the last "findtime"
    # seconds.
    findtime  = 600
    
    # "maxretry" is the number of failures before a host get banned.
    maxretry = 3
    
    # "backend" specifies the backend used to get files modification.
    # Available options are "pyinotify", "gamin", "polling" and "auto".
    # This option can be overridden in each jail as well.
    #
    # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
    #              If pyinotify is not installed, Fail2ban will use auto.
    # gamin:     requires Gamin (a file alteration monitor) to be installed.
    #              If Gamin is not installed, Fail2ban will use auto.
    # polling:   uses a polling algorithm which does not require external libraries.
    # auto:      will try to use the following backends, in order:
    #              pyinotify, gamin, polling.
    backend = auto
    
    # "usedns" specifies if jails should trust hostnames in logs,
    #   warn when DNS lookups are performed, or ignore all hostnames in logs
    #
    # yes:   if a hostname is encountered, a DNS lookup will be performed.
    # warn:  if a hostname is encountered, a DNS lookup will be performed,
    #        but it will be logged as a warning.
    # no:    if a hostname is encountered, will not be used for banning,
    #        but it will be logged as info.
    usedns = warn
    
    
    # This jail corresponds to the standard configuration in Fail2ban.
    # The mail-whois action send a notification e-mail with a whois request
    # in the body.
    
    [pam-generic]
    
    enabled = false
    filter  = pam-generic
    action  = iptables-allports[name=pam,protocol=all]
    logpath = /var/log/secure
    
    
    [xinetd-fail]
    
    enabled = false
    filter  = xinetd-fail
    action  = iptables-allports[name=xinetd,protocol=all]
    logpath = /var/log/daemon*log
    
    
    [ssh-iptables]
    
    enabled  = true
    filter   = sshd
    action   = iptables[name=SSH, port=ssh, protocol=tcp]
               sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    logpath  = /var/log/secure
    maxretry = 5
    
    
    [ssh-ddos]
    
    enabled  = false
    filter   = sshd-ddos
    action   = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
    logpath  = /var/log/sshd.log
    maxretry = 2
    
    
    [dropbear]
    
    enabled  = false
    filter   = dropbear
    action   = iptables[name=dropbear, port=ssh, protocol=tcp]
    logpath  = /var/log/messages
    maxretry = 5
    
    
    [proftpd-iptables]
    
    enabled  = false
    filter   = proftpd
    action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
               sendmail-whois[name=ProFTPD, dest=you@example.com]
    logpath  = /var/log/proftpd/proftpd.log
    maxretry = 6
    
    
    [gssftpd-iptables]
    
    enabled  = false
    filter   = gssftpd
    action   = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
               sendmail-whois[name=GSSFTPd, dest=you@example.com]
    logpath  = /var/log/daemon.log
    maxretry = 6
    
    
    [pure-ftpd]
    
    enabled  = false
    filter   = pure-ftpd
    action   = iptables[name=pureftpd, port=ftp, protocol=tcp]
    logpath  = /var/log/pureftpd.log
    maxretry = 6
    
    
    [wuftpd]
    
    enabled  = false
    filter   = wuftpd
    action   = iptables[name=wuftpd, port=ftp, protocol=tcp]
    logpath  = /var/log/daemon.log
    maxretry = 6
    
    
    [sendmail-auth]
    
    enabled  = false
    filter   = sendmail-auth
    action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
    logpath  = /var/log/mail.log
    
    
    [sendmail-reject]
    
    enabled  = false
    filter   = sendmail-reject
    action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
    logpath  = /var/log/mail.log
    
    
    # This jail forces the backend to "polling".
    [sasl-iptables]
    
    enabled  = false
    filter   = postfix-sasl
    backend  = polling
    action   = iptables[name=sasl, port=smtp, protocol=tcp]
               sendmail-whois[name=sasl, dest=you@example.com]
    logpath  = /var/log/mail.log
    
    
    # ASSP SMTP Proxy Jail
    [assp]
    
    enabled = false
    filter  = assp
    action  = iptables-multiport[name=assp,port="25,465,587"]
    logpath = /root/path/to/assp/logs/maillog.txt
    
    
    # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
    # used to avoid banning the user "myuser".
    [ssh-tcpwrapper]
    
    enabled     = false
    filter      = sshd
    action      = hostsdeny[daemon_list=sshd]
                  sendmail-whois[name=SSH, dest=you@example.com]
    ignoreregex = for myuser from
    logpath     = /var/log/sshd.log
    
    
    # Here we use blackhole routes for not requiring any additional kernel support
    # to store large volumes of banned IPs
    [ssh-route]
    
    enabled  = false
    filter   = sshd
    action   = route
    logpath  = /var/log/sshd.log
    maxretry = 5
    
    
    # Here we use a combination of Netfilter/Iptables and IPsets
    # for storing large volumes of banned IPs
    #
    # IPset comes in two versions. See ipset -V for which one to use
    # requires the ipset package and kernel support.
    [ssh-iptables-ipset4]
    
    enabled  = false
    filter   = sshd
    action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
    logpath  = /var/log/sshd.log
    maxretry = 5
    
    
    [ssh-iptables-ipset6]
    
    enabled  = false
    filter   = sshd
    action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
    logpath  = /var/log/sshd.log
    maxretry = 5
    
    
    # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
    # table number must be unique.
    # 
    # This will create a deny rule for that table ONLY if a rule 
    # for the table doesn't ready exist.
    #
    [ssh-bsd-ipfw]
    
    enabled  = false
    filter   = sshd
    action   = bsd-ipfw[port=ssh,table=1]
    logpath  = /var/log/auth.log
    maxretry = 5
    
    
    # This jail demonstrates the use of wildcards in "logpath".
    # Moreover, it is possible to give other files on a new line.
    [apache-tcpwrapper]
    
    enabled  = false
    filter	 = apache-auth
    action   = hostsdeny
    logpath  = /var/log/apache*/*error.log
               /home/www/myhomepage/error.log
    maxretry = 6
    
    
    [apache-modsecurity]
    
    enabled  = false
    filter	 = apache-modsecurity
    action   = iptables-multiport[name=apache-modsecurity,port="80,443"]
    logpath  = /var/log/apache*/*error.log
               /home/www/myhomepage/error.log
    maxretry = 2
    
    
    [apache-overflows]
    
    enabled  = false
    filter	 = apache-overflows
    action   = iptables-multiport[name=apache-overflows,port="80,443"]
    logpath  = /var/log/apache*/*error.log
               /home/www/myhomepage/error.log
    maxretry = 2
    
    
    [apache-nohome]
    
    enabled  = false
    filter	 = apache-nohome
    action   = iptables-multiport[name=apache-nohome,port="80,443"]
    logpath  = /var/log/apache*/*error.log
               /home/www/myhomepage/error.log
    maxretry = 2
    
    
    [nginx-http-auth]
    
    enabled = false
    filter  = nginx-http-auth
    action  = iptables-multiport[name=nginx-http-auth,port="80,443"]
    logpath = /var/log/nginx/error.log
    
    
    [squid]
    
    enabled = false
    filter  = squid
    action  = iptables-multiport[name=squid,port="80,443,8080"]
    logpath = /var/log/squid/access.log
    
    
    # The hosts.deny path can be defined with the "file" argument if it is
    # not in /etc.
    [postfix-tcpwrapper]
    
    enabled  = false
    filter   = postfix
    action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
               sendmail[name=Postfix, dest=you@example.com]
    logpath  = /var/log/postfix.log
    bantime  = 300
    
    
    [cyrus-imap]
    
    enabled = false
    filter  = cyrus-imap
    action  = iptables-multiport[name=cyrus-imap,port="143,993"]
    logpath = /var/log/mail*log
    
    
    [courierlogin]
    
    enabled = false
    filter  = courierlogin
    action  = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
    logpath = /var/log/mail*log
    
    
    [couriersmtp]
    
    enabled = false
    filter  = couriersmtp
    action  = iptables-multiport[name=couriersmtp,port="25,465,587"]
    logpath = /var/log/mail*log
    
    
    [qmail-rbl]
    
    enabled = false
    filter  = qmail
    action  = iptables-multiport[name=qmail-rbl,port="25,465,587"]
    logpath = /service/qmail/log/main/current
    
    
    [sieve]
    
    enabled = false
    filter  = sieve
    action  = iptables-multiport[name=sieve,port="25,465,587"]
    logpath = /var/log/mail*log
    
    
    # Do not ban anybody. Just report information about the remote host.
    # A notification is sent at most every 600 seconds (bantime).
    [vsftpd-notification]
    
    enabled  = false
    filter   = vsftpd
    action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
    logpath  = /var/log/vsftpd.log
    maxretry = 5
    bantime  = 1800
    
    
    # Same as above but with banning the IP address.
    [vsftpd-iptables]
    
    enabled  = false
    filter   = vsftpd
    action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
               sendmail-whois[name=VSFTPD, dest=you@example.com]
    logpath  = /var/log/vsftpd.log
    maxretry = 5
    bantime  = 1800
    
    
    # Ban hosts which agent identifies spammer robots crawling the web
    # for email addresses. The mail outputs are buffered.
    [apache-badbots]
    
    enabled  = false
    filter   = apache-badbots
    action   = iptables-multiport[name=BadBots, port="http,https"]
               sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    logpath  = /var/www/*/logs/access_log
    bantime  = 172800
    maxretry = 1
    
    
    # Use shorewall instead of iptables.
    [apache-shorewall]
    
    enabled  = false
    filter   = apache-noscript
    action   = shorewall
               sendmail[name=Postfix, dest=you@example.com]
    logpath  = /var/log/apache2/error_log
    
    
    # Monitor roundcube server
    [roundcube-iptables]
    
    enabled  = false
    filter   = roundcube-auth
    action   = iptables-multiport[name=RoundCube, port="http,https"]
    logpath  = /var/log/roundcube/userlogins
    
    
    # Monitor SOGo groupware server
    [sogo-iptables]
    
    enabled  = false
    filter   = sogo-auth
    # without proxy this would be:
    # port    = 20000
    action   = iptables-multiport[name=SOGo, port="http,https"]
    logpath  = /var/log/sogo/sogo.log
    
    
    [groupoffice]
    
    enabled  = false
    filter   = groupoffice
    action   = iptables-multiport[name=groupoffice, port="http,https"]
    logpath  = /home/groupoffice/log/info.log 
    
    
    [openwebmail]
    
    enabled  = false
    filter   = openwebmail
    logpath  = /var/log/openwebmail.log
    action   = ipfw
               sendmail-whois[name=openwebmail, dest=you@example.com]
    maxretry = 5
    
    
    [horde]
    
    enabled  = false
    filter   = horde
    logpath  = /var/log/horde/horde.log
    action   = iptables-multiport[name=horde, port="http,https"]
    maxretry = 5
    
    
    # Ban attackers that try to use PHP's URL-fopen() functionality
    # through GET/POST variables. - Experimental, with more than a year
    # of usage in production environments.
    [php-url-fopen]
    
    enabled  = false
    action   = iptables-multiport[name=php-url-open, port="http,https"]
    filter   = php-url-fopen
    logpath  = /var/www/*/logs/access_log
    maxretry = 1
    
    
    [suhosin]
    
    enabled  = false
    filter   = suhosin
    action   = iptables-multiport[name=suhosin, port="http,https"]
    # adapt the following two items as needed
    logpath  = /var/log/lighttpd/error.log
    maxretry = 2
    
    
    [lighttpd-auth]
    
    enabled  = false
    filter   = lighttpd-auth
    action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
    # adapt the following two items as needed
    logpath  = /var/log/lighttpd/error.log
    maxretry = 2
    
    
    # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
    # option is overridden in this jail. Moreover, the action "mail-whois" defines
    # the variable "name" which contains a comma using "". The characters '' are
    # valid too.
    [ssh-ipfw]
    
    enabled  = false
    filter   = sshd
    action   = ipfw[localhost=192.168.0.1]
               sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    logpath  = /var/log/auth.log
    ignoreip = 168.192.0.1
    
    
    # !!! WARNING !!!
    #   Since UDP is connection-less protocol, spoofing of IP and imitation
    #   of illegal actions is way too simple.  Thus enabling of this filter
    #   might provide an easy way for implementing a DoS against a chosen
    #   victim. See
    #    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
    #   Please DO NOT USE this jail unless you know what you are doing.
    #
    # IMPORTANT: see filter.d/named-refused for instructions to enable logging
    # This jail blocks UDP traffic for DNS requests.
    # [named-refused-udp]
    #
    # enabled  = false
    # filter   = named-refused
    # action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
    #            sendmail-whois[name=Named, dest=you@example.com]
    # logpath  = /var/log/named/security.log
    # ignoreip = 168.192.0.1
    
    # IMPORTANT: see filter.d/named-refused for instructions to enable logging
    # This jail blocks TCP traffic for DNS requests.
    [named-refused-tcp]
    
    enabled  = false
    filter   = named-refused
    action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
               sendmail-whois[name=Named, dest=you@example.com]
    logpath  = /var/log/named/security.log
    ignoreip = 168.192.0.1
    
    
    [nsd]
    
    enabled = false
    filter  = nsd
    action  = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
              iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
    logpath = /var/log/nsd.log
    
    
    [asterisk]
    
    enabled  = false
    filter   = asterisk
    action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
               iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
               sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    logpath  = /var/log/asterisk/messages
    maxretry = 10
    
    
    [freeswitch]
    
    enabled  = false
    filter   = freeswitch
    logpath  = /var/log/freeswitch.log
    maxretry = 10
    action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
               iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
    
    [ejabberd-auth]
    
    enabled = false
    filter = ejabberd-auth
    logpath = /var/log/ejabberd/ejabberd.log
    action   = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
    
    #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
    #  use [asterisk] for new jails
    [asterisk-tcp]
    
    enabled  = false
    filter   = asterisk
    action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
               sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    logpath  = /var/log/asterisk/messages
    maxretry = 10
    
    
    #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
    #  use [asterisk] for new jails
    [asterisk-udp]
    
    enabled  = false
    filter	 = asterisk
    action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
               sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    logpath  = /var/log/asterisk/messages
    maxretry = 10
    
    
    [mysqld-iptables]
    
    enabled  = false
    filter   = mysqld-auth
    action   = iptables[name=mysql, port=3306, protocol=tcp]
               sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
    logpath  = /var/log/mysqld.log
    maxretry = 5
    
    
    [mysqld-syslog]
    
    enabled  = false
    filter   = mysqld-auth
    action   = iptables[name=mysql, port=3306, protocol=tcp]
    logpath  = /var/log/daemon.log
    maxretry = 5
    
    
    # Jail for more extended banning of persistent abusers
    # !!! WARNING !!!
    #   Make sure that your loglevel specified in fail2ban.conf/.local
    #   is not at DEBUG level -- which might then cause fail2ban to fall into
    #   an infinite loop constantly feeding itself with non-informative lines
    [recidive]
    
    enabled  = false
    filter   = recidive
    logpath  = /var/log/fail2ban.log
    action   = iptables-allports[name=recidive,protocol=all]
               sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
    bantime  = 604800  ; 1 week
    findtime = 86400   ; 1 day
    maxretry = 5
    
    
    # PF is a BSD based firewall
    [ssh-pf]
    
    enabled  = false
    filter   = sshd
    action   = pf
    logpath  = /var/log/sshd.log
    maxretry = 5
    
    
    [3proxy]
    
    enabled = false
    filter  = 3proxy
    action  = iptables[name=3proxy, port=3128, protocol=tcp]
    logpath = /var/log/3proxy.log
    
    
    [exim]
    
    enabled = false
    filter  = exim
    action  = iptables-multiport[name=exim,port="25,465,587"]
    logpath = /var/log/exim/mainlog
    
    
    [exim-spam]
    
    enabled = false
    filter  = exim-spam
    action  = iptables-multiport[name=exim-spam,port="25,465,587"]
    logpath = /var/log/exim/mainlog
    
    
    [perdition]
    
    enabled = false
    filter  = perdition
    action  = iptables-multiport[name=perdition,port="110,143,993,995"]
    logpath = /var/log/maillog
    
    
    [uwimap-auth]
    
    enabled = false
    filter  = uwimap-auth
    action  = iptables-multiport[name=uwimap-auth,port="110,143,993,995"]
    logpath = /var/log/maillog
    
    
    [osx-ssh-ipfw]
    
    enabled  = false
    filter   = sshd
    action   = osx-ipfw
    logpath  = /var/log/secure.log
    maxretry = 5
    
    
    [ssh-apf]
    
    enabled = false
    filter  = sshd
    action  = apf[name=SSH]
    logpath = /var/log/secure
    maxretry = 5
    
    
    [osx-ssh-afctl]
    
    enabled  = false
    filter   = sshd
    action   = osx-afctl[bantime=600]
    logpath  = /var/log/secure.log
    maxretry = 5
    
    
    [webmin-auth]
    
    enabled = false
    filter  = webmin-auth
    action  = iptables-multiport[name=webmin,port="10000"]
    logpath = /var/log/auth.log
    
    
    # dovecot defaults to logging to the mail syslog facility
    # but can be set by syslog_facility in the dovecot configuration.
    [dovecot]
    
    enabled = false
    filter  = dovecot
    action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
    logpath = /var/log/mail.log
    
    
    [dovecot-auth]
    
    enabled = false
    filter  = dovecot
    action  = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
    logpath = /var/log/secure
    
    
    [solid-pop3d]
    
    enabled = false
    filter  = solid-pop3d
    action  = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
    logpath = /var/log/mail.log
    
    
    [selinux-ssh]
    enabled  = false
    filter   = selinux-ssh
    action   = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
    logpath  = /var/log/audit/audit.log
    maxretry = 5
    
    # See the IMPORTANT note in action.d/blocklist_de.conf for when to
    # use this action
    #
    # Report block via blocklist.de fail2ban reporting service API
    # See action.d/blocklist_de.conf for more information
    [ssh-blocklist]
    
    enabled  = false
    filter   = sshd
    action   = iptables[name=SSH, port=ssh, protocol=tcp]
               sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
               blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
    logpath  = /var/log/sshd.log
    maxretry = 20
    
    
    # consider low maxretry and a long bantime
    # nobody except your own Nagios server should ever probe nrpe
    [nagios]
    enabled  = false
    filter   = nagios
    action   = iptables[name=Nagios, port=5666, protocol=tcp]
               sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
    maxretry = 1
    
     
  2. ashokjp

    ashokjp New Member

    fail2ban.conf

    Code:
    # Fail2Ban main configuration file
    #
    # Comments: use '#' for comment lines and ';' (following a space) for inline comments
    #
    # Changes:  in most of the cases you should not modify this
    #           file, but provide customizations in fail2ban.local file, e.g.:
    #
    # [Definition]
    # loglevel = 4
    #
    
    [Definition]
    
    # Option: loglevel
    # Notes.: Set the log level output.
    #         1 = ERROR
    #         2 = WARN
    #         3 = INFO
    #         4 = DEBUG
    # Values: [ NUM ]  Default: 1
    #
    loglevel = 3
    
    # Option: logtarget
    # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
    #         Only one log target can be specified.
    #         If you change logtarget from the default value and you are
    #         using logrotate -- also adjust or disable rotation in the
    #         corresponding configuration file
    #         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
    # Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
    #
    #logtarget = SYSLOG
    logtarget = /var/log/fail2ban.log
    
    # Option: socket
    # Notes.: Set the socket file. This is used to communicate with the daemon. Do
    #         not remove this file when Fail2ban runs. It will not be possible to
    #         communicate with the server afterwards.
    # Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
    #
    socket = /var/run/fail2ban/fail2ban.sock
    
    # Option: pidfile
    # Notes.: Set the PID file. This is used to store the process ID of the
    #         fail2ban server.
    # Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
    #
    pidfile = /var/run/fail2ban/fail2ban.pid
    
    
     

Share This Page