195 lines
6.2 KiB
Plaintext
195 lines
6.2 KiB
Plaintext
[DEFAULT]
|
|
ignoreip = 127.0.0.1/8 192.168.1.0/24
|
|
bantime = 600
|
|
findtime = 600
|
|
maxretry = 5
|
|
backend = auto
|
|
destemail = backbone@backbone.ws
|
|
banaction = iptables-multiport
|
|
mta = sendmail
|
|
protocol = tcp
|
|
|
|
[ssh-iptables]
|
|
enabled = true
|
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
sendmail-whois[name=SSH, dest=backbone@backbone.ws]
|
|
logpath = /var/log/messages
|
|
|
|
[ssh-ddos]
|
|
enabled = true
|
|
action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
|
|
sendmail-whois[name=SSH-DDOS, dest=backbone@backbone.ws]
|
|
logpath = /var/log/messages
|
|
|
|
[pure-ftpd]
|
|
enabled = true
|
|
action = iptables[name=pureftpd, port=ftp, protocol=tcp]
|
|
sendmail-whois[name=Pure-FTPd, dest=backbone@backbone.ws]
|
|
# logpath = /var/log/pureftpd.log
|
|
logpath = /var/log/messages
|
|
|
|
[sendmail-auth]
|
|
enabled = true
|
|
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
|
|
sendmail-whois[name=Sendmail-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[sendmail-reject]
|
|
enabled = true
|
|
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
|
|
sendmail-whois[name=Sendmail-Reject, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[nginx-http-auth]
|
|
enabled = true
|
|
action = iptables-multiport[name=nginx-http-auth,port="80,443"]
|
|
sendmail-whois[name=Nginx-Http-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx/error_log
|
|
|
|
[squid]
|
|
enabled = true
|
|
action = iptables-multiport[name=squid,port="80,443,8080"]
|
|
sendmail-whois[name=Squid, dest=backbone@backbone.ws]
|
|
logpath = /var/log/squid/access.log
|
|
|
|
[postfix-tcpwrapper]
|
|
enabled = true
|
|
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
|
|
sendmail-whois[name=Postfix-TCPWrapper, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[php-url-fopen]
|
|
enabled = true
|
|
action = iptables-multiport[name=php-url-open, port="http,https"]
|
|
sendmail-whois[name=PHP-URL-Fopen, dest=backbone@backbone.ws]
|
|
logpath = /var/log/lighttpd/access.log
|
|
|
|
[lighttpd-auth]
|
|
enabled = true
|
|
action = iptables-multiport[name=lighttpd-auth, port="http,https"]
|
|
sendmail-whois[name=Lighttpd-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/lighttpd/error.log
|
|
|
|
[named-refused-tcp]
|
|
enabled = true
|
|
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
|
|
sendmail-whois[name=Named, dest=backbone@backbone.ws]
|
|
logpath = /var/log/messages
|
|
|
|
[nsd]
|
|
enabled = true
|
|
action = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
|
|
iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
|
|
sendmail-whois[name=Nsd, dest=backbone@backbone.ws]
|
|
logpath = /var/log/messages
|
|
|
|
[ejabberd-auth]
|
|
enabled = true
|
|
action = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
|
|
sendmail-whois[name=Ejabberd-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/jabber/ejabberd.log
|
|
|
|
[recidive]
|
|
enabled = true
|
|
action = iptables-allports[name=recidive,protocol=all]
|
|
sendmail-whois[name=Recidive, dest=backbone@backbone.ws]
|
|
bantime = 86400
|
|
findtime = 86400
|
|
|
|
[exim]
|
|
enabled = true
|
|
action = iptables-multiport[name=exim,port="25,465,587"]
|
|
sendmail-whois[name=Exim, dest=backbone@backbone.ws]
|
|
logpath = /var/log/exim/exim_main.log
|
|
|
|
[exim-spam]
|
|
enabled = true
|
|
action = iptables-multiport[name=exim-spam,port="25,465,587"]
|
|
sendmail-whois[name=Exim-Spam, dest=backbone@backbone.ws]
|
|
logpath = /var/log/exim/exim_main.log
|
|
|
|
[perdition]
|
|
enabled = true
|
|
action = iptables-multiport[name=perdition,port="110,143,993,995"]
|
|
sendmail-whois[name=Perdition, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[dovecot]
|
|
enabled = true
|
|
action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
|
|
sendmail-whois[name=Dovecot, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[dovecot-auth]
|
|
enabled = true
|
|
action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
|
|
sendmail-whois[name=Dovecot-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[solid-pop3d]
|
|
enabled = true
|
|
action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
|
|
sendmail-whois[name=Solid-POP3d, dest=backbone@backbone.ws]
|
|
logpath = /var/log/mail.log
|
|
|
|
[ssh-blocklist]
|
|
enabled = true
|
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
|
sendmail-whois[name=SSH-Blocklist, dest=backbone@backbone.ws]
|
|
logpath = /var/log/messages
|
|
|
|
# Kolan: Additional filters/rules
|
|
[nginx-auth]
|
|
enabled = true
|
|
filter = nginx-auth
|
|
action = iptables-multiport[name=nginx-auth, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Nginx-Auth, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx/localhost.error_log
|
|
bantime = 3600
|
|
maxretry = 3
|
|
|
|
[nginx-login]
|
|
enabled = true
|
|
filter = nginx-login
|
|
action = iptables-multiport[name=nginx-login, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Nginx-Login, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx*/*access*log
|
|
bantime = 600
|
|
maxretry = 6
|
|
|
|
[nginx-badbots]
|
|
enabled = true
|
|
filter = apache-badbots
|
|
action = iptables-multiport[name=nginx-badbots, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Nginx-BadBots, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx*/*access*log
|
|
bantime = 86400
|
|
maxretry = 1
|
|
|
|
[nginx-noscript]
|
|
enabled = true
|
|
filter = nginx-noscript
|
|
action = iptables-multiport[name=nginx-noscript, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Nginx-Noscript, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx*/*access*log
|
|
maxretry = 6
|
|
bantime = 86400
|
|
|
|
[nginx-proxy]
|
|
enabled = true
|
|
filter = nginx-proxy
|
|
action = iptables-multiport[name=nginx-proxy, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Nginx-Proxy, dest=backbone@backbone.ws]
|
|
logpath = /var/log/nginx*/*access*log
|
|
maxretry = 0
|
|
bantime = 86400
|
|
|
|
[lighttpd-fastcgi]
|
|
enabled = true
|
|
port = http,https
|
|
filter = lighttpd-fastcgi
|
|
action = iptables-multiport[name=lighttpd-fastcgi, port="http,https", protocol=tcp]
|
|
sendmail-whois[name=Lighttpd-FastCGI, dest=backbone@backbone.ws]
|
|
logpath = /var/log/lighttpd/error.log
|
|
maxretry = 2
|