FEATURE Split config

From Fail2ban
Revision as of 09:31, 6 November 2011 by Henryut (Talk | contribs)

Jump to: navigation, search

Split configuration file

Fail2ban has a single (atomic) configuration file /etc/fail2ban.conf until 0.7.0. This file became quite lengthy since it keeps several kind of parameters: general settings, mail settings, section settings, etc. The proposal is to split this configuration file into several ones. fail2ban-client would process config files and provide respective commands to running fail2ban-server. So the server knows nothing about config files.

Every configuration files will be stored in the /etc/fail2ban directory.

  • /etc/fail2ban/fail2ban.conf (file) will contain the general settings.
  • /etc/fail2ban/jails.conf (file) will contain the jails definitions (one filter and one or more actions). Actions get triggered if filter matches maxfailures times within findtime
  • /etc/fail2ban/filter.d (dir) will contain the filter settings: primarily it is failregex option. No timeregex should be necessary - they are guessed from the set of known. If not recognized - please add it as before (pre 0.7)
    • /etc/fail2ban/filter.d/sshd.conf (file) will contain filter settings for OpenSSH server.
    • /etc/fail2ban/filter.d/apache-auth.conf (file) will contain filter settings for Apache authentication.
  • /etc/fail2ban/action.d (dir) will contain the action settings, ie how to react if a specific filter was matched specified (look jails.conf above) number of times
    • /etc/fail2ban/action.d/iptables.conf (file) will contain the settings for banning an IP address using Netfilter/Iptables.
    • /etc/fail2ban/action.d/hosts.conf (file) will contain the settings for banning an IP address using TCPWrapper.

Not implemented part of ideas

  • /etc/fail2ban/pattern.d (dir) will contain regular expression templates.
    • /etc/fail2ban/pattern.d/standard-date.conf (file) will contain a regular expression matching a standard date format.
  • /etc/fail2ban/filter.d (dir) : The files included in this adipex directory can benefit from the templates in /etc/fail2ban/pattern.d.

Any user change should be done in a file.local file instead of file.conf. First file.conf and then file.local are read. This way, settings in .local override .conf. This should avoid conflict between user and package settings when weight loss supplements upgrading.