From b79338b5a91ee64bf1317a5639b6e75575f760b6 Mon Sep 17 00:00:00 2001
From: Serghey Rodin <serghey.rodin@gmail.com>
Date: Mon, 6 Oct 2014 21:43:27 +0300
Subject: [PATCH] Fail2ban RHEL configuration

---
 install/rhel/fail2ban.action.conf | 10 ++++++++
 install/rhel/fail2ban.filter.conf | 10 ++++++++
 install/rhel/fail2ban.jail.conf   | 39 +++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+)
 create mode 100644 install/rhel/fail2ban.action.conf
 create mode 100644 install/rhel/fail2ban.filter.conf
 create mode 100644 install/rhel/fail2ban.jail.conf

diff --git a/install/rhel/fail2ban.action.conf b/install/rhel/fail2ban.action.conf
new file mode 100644
index 000000000..2779d9f0c
--- /dev/null
+++ b/install/rhel/fail2ban.action.conf
@@ -0,0 +1,10 @@
+# Fail2Ban configuration file for vesta
+
+[Definition]
+
+actionstart = /usr/local/vesta/bin/v-add-firewall-chain <name>
+actionstop = /usr/local/vesta/bin/v-delete-firewall-chain <name>
+actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-<name>[ \t]'
+actionban = /usr/local/vesta/bin/v-add-firewall-ban <ip> <name>
+actionunban = /usr/local/vesta/bin/v-delete-firewall-ban <ip> <name>
+
diff --git a/install/rhel/fail2ban.filter.conf b/install/rhel/fail2ban.filter.conf
new file mode 100644
index 000000000..69670a56e
--- /dev/null
+++ b/install/rhel/fail2ban.filter.conf
@@ -0,0 +1,10 @@
+# Fail2Ban filter for unsuccesfull Vesta authentication attempts
+#
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex =  .* <HOST> failed to login
+ignoreregex =
+
diff --git a/install/rhel/fail2ban.jail.conf b/install/rhel/fail2ban.jail.conf
new file mode 100644
index 000000000..c5c6c94bd
--- /dev/null
+++ b/install/rhel/fail2ban.jail.conf
@@ -0,0 +1,39 @@
+[ssh-iptables]
+enabled  = true
+filter   = sshd
+action   = vesta[name=SSH]
+logpath  = /var/log/secure
+maxretry = 5
+
+[vsftpd-iptables]
+enabled  = false
+filter   = vsftpd
+action   = vesta[name=FTP]
+logpath  = /var/log/vsftpd.log
+maxretry = 5
+
+[exim-iptables]
+enabled = true
+filter  = exim
+action  = vesta[name=MAIL]
+logpath = /var/log/exim/main.log
+
+[dovecot-iptables]
+enabled = true
+filter  = dovecot
+action  = vesta[name=MAIL]
+logpath = /var/log/dovecot.log
+
+[mysqld-iptables]
+enabled  = true
+filter   = mysqld-auth
+action   = vesta[name=DB]
+logpath  = /var/log/mysqld.log
+maxretry = 5
+
+[vesta-iptables]
+enabled = true
+filter  = vesta
+action  = vesta[name=VESTA]
+logpath = /var/log/vesta/auth.log
+maxretry = 5