From ae879e82d023f53682bfd0a7359d7af577ddf78e Mon Sep 17 00:00:00 2001 From: bmixed <2+bmixed@noreply.localhost> Date: Mon, 11 May 2026 20:48:09 +0000 Subject: [PATCH] Upload files to "f2bcfg" --- f2bcfg/jail.local | 283 +++++++++++++++++++++++++++++++++++++++ f2bcfg/suricata.f2b.conf | 11 ++ f2bcfg/ufw.f2b.conf | 3 + 3 files changed, 297 insertions(+) create mode 100644 f2bcfg/jail.local create mode 100644 f2bcfg/suricata.f2b.conf create mode 100644 f2bcfg/ufw.f2b.conf diff --git a/f2bcfg/jail.local b/f2bcfg/jail.local new file mode 100644 index 0000000..c60c0b6 --- /dev/null +++ b/f2bcfg/jail.local @@ -0,0 +1,283 @@ +[DEFAULT] +bantime.overalljails = true +ignoreself = true +ignoreip = localhost 127.0.0.1/8 192.168.0.0/16 10.42.0.0/16 ::1 servzero.net 72.167.35.184 2603:3:6103:80c0:: b.servzero.net 75.135.92.147 +bantime = 15m +findtime = 60m +maxretry = 3 +backend = auto +usedns = warn +port = 0:65535 +banaction = iptables-multiport +banaction_allports = iptables-allports +allowipv6 = auto + +[recidive] +filter = recidive +bantime = 60m +findtime = 60m +maxretry = 3 +enabled = true + +[sshd] +mode = normal +port = ssh +logpath = %(sshd_log)s +backend = systemd +enabled = true + +[portsentry] +logpath = /var/lib/portsentry/portsentry.history +maxretry = 3 +backend = systemd +#enabled = true + +[ufw] +enabled = true +filter = ufw.f2b +backend = systemd +action = iptables-allports +logpath = /var/log/ufw.log +maxretry = 3 +bantime = 15m + +[suricata] +enabled = true +filter = suricata.f2b +logpath = /var/log/suricata/fast.log + +[murmur] +# AKA mumble-server +port = 64738 +action_ = %(default/action_)s[name=%(__name__)s-tcp, protocol="tcp"] + %(default/action_)s[name=%(__name__)s-udp, protocol="udp"] +logpath = /var/log/mumble-server/mumble-server.log +backend = systemd +#enabled = true + +[ejabberd-auth] +port = 5222, 5280 +logpath = /var/log/ejabberd/ejabberd.log +#enabled = true + +[apache-auth] +port = http,https +logpath = %(apache_error_log)s +#enabled = true + +[apache-common] +port = http,https +logpath = %(apache_error_log)s +#enabled = true + +[apache-pass] +port = http,https +logpath = %(apache_error_log)s +#enabled = true + +[apache-badbots] +# Ban hosts which agent identifies spammer robots crawling the web +# for email addresses. The mail outputs are buffered. +port = http,https +logpath = %(apache_access_log)s +bantime = 48h +maxretry = 1 +#backend = systemd +#enabled = true + +[apache-noscript] +port = http,https +logpath = %(apache_error_log)s +#enabled = true + +[apache-overflows] +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 +#enabled = true + +[apache-nohome] +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 +#enabled = true + +[apache-botsearch] +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 +#enabled = true + +[apache-fakegooglebot] +port = http,https +logpath = %(apache_access_log)s +maxretry = 1 +#ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot +#backend = systemd +#enabled = true + +[apache-modsecurity] +port = http,https +logpath = %(apache_error_log)s +maxretry = 2 +#enabled = true + +[apache-shellshock] +port = http,https +logpath = %(apache_error_log)s +maxretry = 1 +#enabled = true + +[nginx-http-auth] +#enabled = true +port = http,https,9443 +logpath = /var/log/nginx/error.log +#maxretry = 3 +#findtime = 10m +#bantime = 1h + +[nginx-badbots] +#enabled = true +port = http,https,9443 +logpath = /var/log/nginx/access.log + +[nginx-limit-req] +#enabled = true +port = http,https,9443 +logpath = /var/log/nginx/access.log + +# Ban attackers that try to use PHP's URL-fopen() functionality +# through GET/POST variables. - Experimental, with more than a year +# of usage in production environments. +[php-url-fopen] +port = http,https +logpath = %(nginx_access_log)s + %(apache_access_log)s +#enabled = true + +[lighttpd-auth] +# Same as above for Apache's mod_auth +# It catches wrong authentifications +port = http,https +logpath = %(lighttpd_error_log)s +#enabled = true + +[cockpit] +#enabled = true +port = cockpit +filter = cockpit.f2b +logpath = /var/log/cockpit/cockpit.log +maxretry = 3 +bantime = 600 + +[webmin-auth] +port = 10000 +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s +#enabled = true + +# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or +# equivalent section: +# log-warnings = 2 +# +# for syslog (daemon facility) +# [mysqld_safe] +# syslog +# +# for own logfile +# [mysqld] +# log-error=/var/log/mysqld.log +[mysqld-auth] +port = 3306 +logpath = %(mysql_log)s +backend = %(mysql_backend)s +#enabled = true + +[phpmyadmin-syslog] +port = http,https +logpath = %(syslog_authpriv)s +backend = %(syslog_backend)s +#enabled = true + +[sendmail-auth] +port = submission,465,smtp +logpath = %(syslog_mail)s +backend = %(syslog_backend)s +#enabled = true + +[sendmail-reject] +# To use more aggressive modes set filter parameter "mode" in jail.local: +# normal (default), extra or aggressive +# See "tests/files/logs/sendmail-reject" or "filter.d/sendmail-reject.conf" for usage example and details. +#mode = normal +port = smtp,465,submission +logpath = %(syslog_mail)s +backend = %(syslog_backend)s +#enabled = true + +[postfix] +# To use another modes set filter parameter "mode" in jail.local: +mode = more +port = smtp,465,submission +logpath = %(postfix_log)s +backend = systemd +#enabled = true + +[postfix-rbl] +filter = postfix[mode=rbl] +port = smtp,465,submission +logpath = %(postfix_log)s +backend = %(postfix_backend)s +maxretry = 1 +#enabled = true + +[postfix-sasl] +filter = postfix[mode=auth] +port = smtp,465,submission,imap,imaps,pop3,pop3s +# You might consider monitoring /var/log/mail.warn instead if you are +# running postfix since it would provide the same log lines at the +# "warn" level but overall at the smaller filesize. +logpath = %(postfix_log)s +backend = %(postfix_backend)s +#enabled = true + +[squirrelmail] +port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks +logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log +#enabled = true + +#[nmap-scan] +#enabled = true +#filter = nmap-scan +#backend = systemd +#logpath = /var/log/syslog +#bantime = 60 +#findtime = 60 +#maxretry = 3 +#maxmatches = 3 +#banaction = iptables-allports +#port = all + +#[scanlogd] +#logpath = %(syslog_local0)s +#banaction = %(banaction_allports)s +#backend = systemd +#enabled = true + +#[snort-tcp] +#enabled = true +#filter = snort +#action = iptables-multiport[name=SnortTCP, port="0:65535", protocol=tcp] +#logpath = /var/log/snort/snort.alert.fast +#maxretry = 3 +#bantime = 3600 +#datepattern = %%m/%%d-%%H:%%M:%%S.%%f + +#[snort-udp] +#enabled = true +#filter = snort +#action = iptables-multiport[name=SnortUDP, port="0:65535", protocol=udp] +#logpath = /var/log/snort/snort.alert.fast +#maxretry = 3 +#bantime = 3600 +#datepattern = %%m/%%d-%%H:%%M:%%S.%%f diff --git a/f2bcfg/suricata.f2b.conf b/f2bcfg/suricata.f2b.conf new file mode 100644 index 0000000..b0c3f23 --- /dev/null +++ b/f2bcfg/suricata.f2b.conf @@ -0,0 +1,11 @@ + +[INCLUDES] +before = common.conf + +[DEFAULT] +_daemon = suricata + +[Definition] +datepattern = ^%%m/%%d/%%Y-%%H:%%M:%%S +failregex = .*Priority: 1.* :[0-9]* -> +ignoreregex = diff --git a/f2bcfg/ufw.f2b.conf b/f2bcfg/ufw.f2b.conf new file mode 100644 index 0000000..1cb54ac --- /dev/null +++ b/f2bcfg/ufw.f2b.conf @@ -0,0 +1,3 @@ +[Definition] +failregex = [UFW BLOCK].+SRC= DST +ignoreregex =