Improve/harden fail2ban configuration.

* Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local
author: Guilhem Moulin <guilhem@fripost.org> 2020-01-23 05:33:17 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-01-25 01:57:05 +0100
commit: ee4e9e9836ad05279647b04eb1e8a3a4b0e16568 (patch)
tree: d4e566a7b535f7d62e4fd6fd1a521ea6d7563d21 /roles/common/files/etc/fail2ban/filter.d/roundcube.conf
parent: 7641a5d5d152db349082b1d0ec93a40888b2ef8e (diff)
1 files changed, 0 insertions, 16 deletions
diff --git a/roles/common/files/etc/fail2ban/filter.d/roundcube.conf b/roles/common/files/etc/fail2ban/filter.d/roundcube.conf
deleted file mode 100644
index c8cb5d3..0000000
--- a/roles/common/files/etc/fail2ban/filter.d/roundcube.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-[Definition]
-
-# Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = IMAP Error: Login failed for \S+ from <HOST>\. AUTHENTICATE \S+: Authentication failed\.
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex =
author	Guilhem Moulin <guilhem@fripost.org>	2020-01-23 05:33:17 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-01-25 01:57:05 +0100
commit	ee4e9e9836ad05279647b04eb1e8a3a4b0e16568 (patch)
tree	d4e566a7b535f7d62e4fd6fd1a521ea6d7563d21 /roles/common/files/etc/fail2ban/filter.d/roundcube.conf
parent	7641a5d5d152db349082b1d0ec93a40888b2ef8e (diff)