From 4b7d3586d5722d5f2bd2a19cc4c1526097a04cb7 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 2 May 2013 14:16:04 +0200 Subject: [PATCH] Define actions in the default section, and add a prop to enable mail alerts --- .../e-smith/templates/etc/fail2ban/jail.conf/25Actions | 7 +++++++ .../templates/etc/fail2ban/jail.conf/30Service10ssh | 4 +++- .../templates/etc/fail2ban/jail.conf/30Service15dovecot | 4 +++- .../templates/etc/fail2ban/jail.conf/30Service25httpd | 16 ++++++++++++---- 4 files changed, 25 insertions(+), 6 deletions(-) create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions new file mode 100644 index 0000000..dc99723 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/25Actions @@ -0,0 +1,7 @@ +action = smeserver[port="", protocol=] +{ +if (($fail2ban{'Mail'} || 'disabled) eq 'enabled'){ + my $dest = $fail2ban{'MailRecipient'} || 'root'; + $OUT .= " sendmail[name=, dest=$dest]\n"; +} +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh index 905fb8c..4525be4 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh @@ -8,7 +8,9 @@ $OUT .=<<"EOF"; [ssh] enabled = true filter = sshd -action = smeserver[port=$port, protocol=tcp] +port = $port +protocol = tcp +name = ssh logpath = /var/log/sshd/current EOF } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot index ba5f433..561a3b0 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot @@ -14,7 +14,9 @@ $OUT .=<<"EOF"; [imap] enabled = true filter = dovecot -action = smeserver[port="$port", protocol=tcp] +port = $port +protocol = tcp +name = dovecot logpath = /var/log/dovecot/current EOF diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd index 014238c..139577c 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd @@ -12,25 +12,33 @@ $OUT .=<<"EOF"; [http-overflows] enabled = true filter = apache-overflows -action = smeserver[port="$port", protocol=tcp] +port = $port +protocol = tcp +name = apache-overflows logpath = /var/log/httpd/error_log [http-noscript] enabled = true filter = apache-noscript -action = smeserver[port="$port", protocol=tcp] +port = $port +protocol = tcp +name = apache-noscript logpath = /var/log/httpd/error_log [http-scan] enabled = true filter = apache-scan -action = smeserver[port="$port", protocol=tcp] +port = $port +protocol = tcp +name = apache-scan logpath = /var/log/httpd/error_log [http-auth] enabled = true filter = apache-auth -action = smeserver[port="$port", protocol=tcp] +port = $port +protocol = tcp +name = apache-auth logpath = /var/log/httpd/error_log EOF