[INCLUDES]
before = paths-fedora.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 159.224.XXX.YYY
ignorecommand =
bantime = 86400
findtime = 7200
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = false
filter = %(__name__)s
destemail = myuser@mydomain.com
sender = root@mydomain.com
mta = sendmail
protocol = tcp
chain = INPUT
port = 0:65535
banaction = iptables-multiport
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
action = %(action_)s
### SSH
[sshd - iptables]
port = 2200
logpath = /var/log/secure
maxretry = 3
enabled = true
filter = sshd
action = %(action_mwl)s
bantime = 86400
findtime = 3600
maxretry = 3
### ProFTPD
[proftpd-iptables]
port = ftp,ftp-data,ftps,ftps-data
enabled = true
filter = proftpd
action = %(action_mwl)s
#action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
# sendmail-whois[name=ProFTPD, dest=myname@mydomain.com, sender=root@mydomain.com]
logpath = /var/log/proftpd/proftpd.log
bantime = 86400
findtime = 3600
maxretry = 3
### Exim
[exim-iptables]
port = smtp,465,submission
enabled = true
filter = exim
action = %(action_mwl)s
# action = iptables-multiport[name=Exim, port="smtp,smtps,submission", protocol=tcp]
# sendmail-whois[name=Exim, dest= myname@mydomain.com, sender=root@mydomain.com]
logpath = /var/log/exim/mainlog
bantime = 86400
#bantime = -1 # блокировка навсегда
findtime = 3600
maxretry = 3
### Dovecot
[dovecot-iptables]
port = pop3,pop3s,imap,imaps
enabled = true
filter = dovecot
action = %(action_mwl)s
# Необходимо указать файл,в котором логируются попытки аутентификации для Dovecot
logpath = /var/log/secure
#logpath = /var/log/maillog
#logpath = /var/log/dovecot.log
bantime = 86400
findtime = 3600
maxretry = 3
### Postfix
[postfix-sasl]
enabled = true
port = smtp,465,submission
logpath = /var/log/maillog
filter = postfix-sasl
action = %(action_mwl)s
#action = iptables[name=postfix-sasl, port=smtp,smtps,submission protocol=tcp]
# sendmail-whois[name=postfix-sasl, dest=myname@mydomain.com, sender=root@mydomain.com]
bantime = 604800
findtime = 3600
maxretry = 3
[postfix-iptables]
enabled = true
port = smtp,465,submission
logpath = /var/log/maillog
filter = postfix
action = %(action_mwl)s
#action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]
# sendmail[name=Postfix-smtp, dest=myname@mydomain.com, sender=root@mydomain.com]
logpath = /var/log/maillog
bantime = 604800
maxretry = 3
findtime = 3600
Декабрь 18th, 2013 
Evgeniy Kamenev 
Опубликовано в рубрике 
Метки: 