# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 617 $
#

# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.0.0/24 192.146.101.0/24

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 3600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = auto


# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-buffered[name=SSH, lines=5, dest=me@domain.com]
#           sendmail-whois[name=SSH, dest=me@domain.com, sender=root@domain.com]
logpath  = /var/log/secure
maxretry = 3
findtime  = 86400
bantime  = 3600

# This jail forces the backend to "polling".

[sasl-iptables]

enabled  = true
filter   = sasl
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
#           sendmail-whois[name=sasl, dest=me@domain.com]
logpath  = /var/log/maillog

# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".

# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.

[apache-tcpwrapper]

enabled  = true
filter	 = apache-auth
action   = hostsdeny
logpath  = /var/log/httpd/*error_log
maxretry = 6

# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.

[apache-badbots]

enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
           sendmail-buffered[name=BadBots, lines=5, dest=me@domain.com]
logpath  = /var/log/httpd/*access_log
bantime  = 172800
maxretry = 3

[apache-hackbots]

enabled  = true
filter   = apache-hackbots
action   = iptables-multiport[name=HackBots, port="http,https"]
           sendmail-buffered-hackbots[name=HackBots, lines=10, dest=me@domain.com]
logpath  = /var/log/httpd/*access_log
bantime  = 172800
findtime  = 172800
maxretry = 2

[apache-noscript]

enabled = true
filter  = apache-noscript
action   = iptables-multiport[name=NoScript, port="http,https"]
           sendmail-buffered[name=NoScript, lines=5, dest=me@domain.com]
logpath = /var/log/httpd/*error_log
maxretry = 5
findtime  = 86400
bantime  = 3600