Skip to content

Instantly share code, notes, and snippets.

@aristidesneto

aristidesneto/jail.local

Created September 18, 2019 10:56
Show Gist options
  • Save aristidesneto/9f0a4a3b165f5d83d098ac4a87a4395a to your computer and use it in GitHub Desktop.
Save aristidesneto/9f0a4a3b165f5d83d098ac4a87a4395a to your computer and use it in GitHub Desktop.
Download ZIP
Regras do Fail2ban
Raw
jail.local
[DEFAULT]
# Adicione IPs internos e o DNS do Google na lista de redes confiaveis
ignoreip = 127.0.0.0/8 10.0.0.0/8 8.8.8.8 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 199.27.128.0/21
# Caso utilize o ManageWP terá que adicionar os IPs deles na WhiteList também (após o último IP na lista acima acrescente um espaço em branco e cole estes endereços):
# 35.162.254.253 52.11.12.231 52.11.29.70 52.11.54.161 52.24.142.159 52.25.191.255 52.27.181.126 52.34.126.117 52.34.254.47 52.35.82.99 52.36.28.80 52.38.106.97 52.39.177.152 52.41.230.148 52.41.237.12 52.42.126.166 52.43.13.71 52.43.76.224 52.88.96.110 52.89.155.51 54.148.73.118 54.186.37.105 54.187.92.57 54.191.32.65 54.191.67.23 54.191.80.119 54.191.135.209 54.191.136.176 54.191.137.17 54.191.148.85 54.191.149.8 52.26.122.21 52.24.187.29 52.89.85.107 54.186.128.167 54.191.40.136 52.24.62.11 52.88.119.122 54.191.148.225 54.191.151.18 52.89.94.121 52.25.116.116 52.88.215.225 54.186.143.184 52.88.197.180 52.27.171.126
# Antes de adicionar jails configure valores padrão de ação e ban (pode-se alterar cada jail individualmente)
# Os valores abaixo sao exemplos e estao em segundos: bantime (600 segundos); findtime (300 segundos); maxretry (4 tentativas):
bantime = 600
findtime = 300
maxretry = 4
action = ufw
banaction = ufw
#Altere o modo de detecção para o Debian reconhecer as alterações de arquivo corretamente:
backend = polling
#
# JAILS
#
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
[ssh-ddos]
enabled = true
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
bantime = 1200
maxretry = 6
[dropbear]
enabled = true
port = ssh
filter = dropbear
logpath = /var/log/auth.log
maxretry = 6
# Monitora as tentativas de autenticação para diretórios protegidos no NginX
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
[pure-ftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 6
[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 6
[postfix]
enabled = true
port = smtp,ssmtp,submission
filter = postfix
logpath = /var/log/mail.log
[sasl]
enabled = true
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = postfix-sasl
logpath = /var/log/mail.log
[dovecot]
enabled = true
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
#Bloqueando ataques DDoS no BIND9, servidor DNS. Note que mudamos o arquivo padrao de log e tambem trocamos o
#action para hostsdeny, isso e necessario pois ataques ao DNS devem ser barrados logo na entrada do servidor
[named-refused-udp]
enabled = true
port = domain,953
protocol = udp
filter = named-refused
#logpath = /var/log/named/security.log
logpath = /var/log/daemon.log
action = hostsdeny
maxretry = 10
[named-refused-tcp]
enabled = true
port = domain,953
protocol = tcp
filter = named-refused
#logpath = /var/log/named/security.log
logpath = /var/log/daemon.log
action = hostsdeny
maxretry = 10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment