-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathfail2ban-cluster.conf
66 lines (52 loc) · 2.51 KB
/
fail2ban-cluster.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# CONFIGURATION FILE FOR fail2ban-cluster aka fail2ban-zmq-tools
# Sections for fail2ban-monitor, fail2ban-subscriber and fail2ban-publisher.
# One config file.
#
#
# Configuration for fail2ban-monitor, which monitors a fail2ban log file
# and sends ban/unban data to the publisher.
#
[monitor]
pidfile = /var/run/fail2ban-monitor.pid
zmqreplyserver = tcp://f2bcluster.buanzo.org:5678
fail2banlogpath = /var/log/fail2ban.log
# If the Publisher demands authentication, set auth to true, and fill in the authtoken
auth = true
# authtoken will be provided by Publisher
authtoken = ASK_buanzo@buanzo.com.ar_FOR_A_TOKEN
#
# Configuration for fail2ban-subscriber, which receives messages broadcasted
# by the publisher.
#
[subscriber]
pidfile = /var/run/fail2ban-subscriber.pid
zmqpublisherurl = tcp://f2bcluster.buanzo.org:5680
zmqprefixfilter = "" #empty prefix filter by default. this will become useful in the future.
# options for subscriberaction are as follows:
# NOTE THAT ONLY "subscriberaction=log" is VALID so far! TODO TODO TODO:
#
# TODO: fail2banclient: will run fail2ban-client set <JAIL> <banip|unbanip> <IP>
# This method checks which fail2ban jails are enabled, and only processes matching messages
#
# log: just log, no action. this is useful if you want to use fail2ban to parse and execute actions
# for this to do anything useful, you have to use the fail2ban jail and filter.d file that comes
# with fail2ban-zmq-tools, in the fail2ban directory, called "fail2bancluster.conf". Copy it to fail2ban/filter.d.
# Add the example jail, cointained in "f2bcluster.jail.txt", to your fail2ban's jail.conf
#
# NOTE: fail2ban-zmq-tools (or fail2ban-cluster, however you want to call this set of tools)
# logs via syslog LOG_AUTH facility. The included jail file targets /var/log/auth.log
#
# If you can implement new subscriberactions that would be awesome
subscriberaction = log
#
# Configuration for fail2ban-publisher, the central message processing and distribution hub
# for fail2ban-cluster aka fail2ban-zmq-tools
#
[publisher]
pidfile = /var/run/fail2ban-publisher.pid
broadcasterbindurl = tcp://*:5680 # address to which subscribers will connect to to receive broadcasts
replybindurl = tcp://*:5678 # address to which Monitors will send messages (usually the same host, different port)
# Should Publisher demand auth from Monitors? (see [monitor], too)
auth = true
authtoken = IF_YOU_RUN_YOUR_OWN_PUBLISHER_JUST_TYPE_A_SECRET_STRING_HERE_AND_GIVE_IT_TO_YOUR_MONITORS
#TODO: add support for multiple tokens