From 6abe7cd36073a27d38dcf772a8106899ee1537f9 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Fri, 7 Aug 2020 10:50:52 -0600 Subject: [PATCH] Set findtime to 60 (one minute) to make it simple to understand. --- debian/resources/fail2ban/jail.local | 40 ++++++++++++++-------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/debian/resources/fail2ban/jail.local b/debian/resources/fail2ban/jail.local index ef49a47..1033314 100755 --- a/debian/resources/fail2ban/jail.local +++ b/debian/resources/fail2ban/jail.local @@ -5,8 +5,8 @@ protocol = ssh filter = sshd logpath = /var/log/auth.log action = iptables-allports[name=sshd, protocol=all] -maxretry = 3 -findtime = 30 +maxretry = 6 +findtime = 60 bantime = 86400 [freeswitch] @@ -17,8 +17,8 @@ filter = freeswitch logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch, protocol=all] -maxretry = 5 -findtime = 30 +maxretry = 10 +findtime = 60 bantime = 3600 # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed @@ -31,7 +31,7 @@ logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch-ip, protocol=all] maxretry = 1 -findtime = 30 +findtime = 60 bantime = 86400 [auth-challenge-ip] @@ -43,7 +43,7 @@ logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=auth-challenge-ip, protocol=all] maxretry = 1 -findtime = 30 +findtime = 60 bantime = 86400 [sip-auth-challenge] @@ -54,8 +54,8 @@ filter = sip-auth-challenge logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=sip-auth-challenge, protocol=all] -maxretry = 50 -findtime = 30 +maxretry = 100 +findtime = 60 bantime = 7200 [sip-auth-failure] @@ -66,8 +66,8 @@ filter = sip-auth-failure logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=sip-auth-failure, protocol=all] -maxretry = 3 -findtime = 30 +maxretry = 6 +findtime = 60 bantime = 7200 [fusionpbx-404] @@ -78,8 +78,8 @@ filter = fusionpbx-404 logpath = /var/log/freeswitch/freeswitch.log #logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=fusionpbx-404, protocol=all] -maxretry = 3 -findtime = 30 +maxretry = 6 +findtime = 60 bantime = 86400 [fusionpbx] @@ -90,8 +90,8 @@ filter = fusionpbx logpath = /var/log/auth.log action = iptables-allports[name=fusionpbx, protocol=all] # sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed -maxretry = 10 -findtime = 30 +maxretry = 20 +findtime = 60 bantime = 3600 [fusionpbx-mac] @@ -102,8 +102,8 @@ filter = fusionpbx-mac logpath = /var/log/syslog action = iptables-allports[name=fusionpbx-mac, protocol=all] # sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed -maxretry = 5 -findtime = 30 +maxretry = 10 +findtime = 60 bantime = 86400 [nginx-404] @@ -114,8 +114,8 @@ filter = nginx-404 logpath = /var/log/nginx/access*.log action = iptables-allports[name=nginx-404, protocol=all] bantime = 3600 -findtime = 30 -maxretry = 120 +findtime = 60 +maxretry = 300 [nginx-dos] # Based on apache-badbots but a simple IP check (any IP requesting more than @@ -126,6 +126,6 @@ protocol = tcp filter = nginx-dos logpath = /var/log/nginx/access*.log action = iptables-allports[name=nginx-dos, protocol=all] -findtime = 30 +findtime = 60 bantime = 86400 -maxretry = 300 +maxretry = 800