-
Notifications
You must be signed in to change notification settings - Fork 3
/
jail.local
121 lines (91 loc) · 2.02 KB
/
jail.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
[DEFAULT]
ignoreip = 127.0.0.1 127.0.0.2
# add your own IP address from which you'll SSH beside 127.0.0.1 separating with a space
bantime = 7200
maxretry = 3
backend = polling
destemail = root@localhost
action = iptables[name=%(__name__)s, port=%(port)s]
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
[proftpd]
enabled = true
port = ftp
filter = proftpd
logpath = /var/log/auth.log
failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
maxretry =3
[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 2
port = http,https
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry =3
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 2
[apache-botsearch]
enabled = true
port = http,https
filter = apache-botsearch
logpath = /var/log/apache*/*error.log
maxretry = 2
[apache-shellshock]
enabled = true
port = http,https
filter = apache-shellshock
logpath = /var/log/apache*/*error.log
maxretry = 2
[apache-fakegooglebot]
enabled = true
port = http,https
filter = apache-fakegooglebot
logpath = /var/log/apache*/*error.log
maxretry = 2
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/log/apache*/*access.log
[apache-sqlinject]
enabled = true
port = http,https
filter = apache-sqlinject
logpath = /var/log/apache2/access.log
maxretry = 3
bantime = 3600
findtime = 600
[apache-nodos]
enabled = false
# dev
port = http,https
filter = apache-nodos
logpath = /var/log/apache2/access.log
maxretry = 3
bantime = 3600
findtime = 600