| Line 1... |
Line 1... |
| 1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
| 2 |
# $Id: fail2ban.sh 2497 2018-02-26 02:00:25Z tom.houdayer $
|
2 |
# $Id: fail2ban.sh 2815 2020-05-03 22:10:04Z rexy $
|
| 3 |
|
3 |
|
| 4 |
JAIL_CONF="/etc/fail2ban/jail.conf"
|
4 |
JAIL_CONF="/etc/fail2ban/jail.conf"
|
| 5 |
DIR_FILTER="/etc/fail2ban/filter.d/"
|
5 |
DIR_FILTER="/etc/fail2ban/filter.d/"
|
| 6 |
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
|
6 |
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
|
| 7 |
|
7 |
|
| Line 26... |
Line 26... |
| 26 |
# ban a host which matches an address in this list. Several addresses can be
|
26 |
# ban a host which matches an address in this list. Several addresses can be
|
| 27 |
# defined using space separator.
|
27 |
# defined using space separator.
|
| 28 |
ignoreip = 127.0.0.1/8
|
28 |
ignoreip = 127.0.0.1/8
|
| 29 |
|
29 |
|
| 30 |
# "bantime" is the number of seconds that a host is banned.
|
30 |
# "bantime" is the number of seconds that a host is banned.
|
| 31 |
bantime = 300
|
31 |
bantime = 180
|
| 32 |
|
32 |
|
| 33 |
# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
|
33 |
# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
|
| 34 |
# Un client est banni s'il génere "maxretry" requêtes pendant "findtime" (en secondes)
|
34 |
# Un client est banni s'il génere "maxretry" requêtes pendant "findtime" (en secondes)
|
| 35 |
# Pour ALCASAR : 5 requetes pour chaque filtres en 60 secondes
|
35 |
# Pour ALCASAR : 5 requetes pour chaque filtres en 60 secondes
|
| 36 |
findtime = 60
|
36 |
findtime = 60
|
| Line 56... |
Line 56... |
| 56 |
# but it will be logged as a warning.
|
56 |
# but it will be logged as a warning.
|
| 57 |
# no: if a hostname is encountered, will not be used for banning,
|
57 |
# no: if a hostname is encountered, will not be used for banning,
|
| 58 |
# but it will be logged as info.
|
58 |
# but it will be logged as info.
|
| 59 |
usedns = warn
|
59 |
usedns = warn
|
| 60 |
|
60 |
|
| 61 |
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
|
61 |
# Bannissement sur tous les ports après 3 refus du serveur WEB (tentative d'accès sur des pages inexistentes)
|
| 62 |
[alcasar_mod-evasive]
|
62 |
[alcasar_mod-evasive]
|
| 63 |
|
63 |
|
| 64 |
#enabled = true
|
64 |
#enabled = true
|
| 65 |
enabled = false
|
65 |
enabled = false
|
| 66 |
backend = auto
|
66 |
backend = auto
|
| 67 |
filter = alcasar_mod-evasive
|
67 |
filter = alcasar_mod-evasive
|
| 68 |
action = iptables-allports[name=alcasar_mod-evasive]
|
68 |
action = iptables-allports[name=alcasar_mod-evasive]
|
| 69 |
logpath = /var/log/lighttpd/access.log
|
69 |
logpath = /var/log/lighttpd/access.log
|
| 70 |
maxretry = 2
|
70 |
maxretry = 3
|
| 71 |
|
71 |
|
| 72 |
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
|
72 |
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
|
| 73 |
[ssh-iptables]
|
73 |
[ssh-iptables]
|
| 74 |
|
74 |
|
| 75 |
enabled = true
|
75 |
enabled = true
|