Difference between revisions of "FEATURE Split config"

Split configuration file

Fail2ban has a single (atomic) configuration file /etc/fail2ban.conf until 0.7.0. This file became quite length since it keeps several kind of parameters: general settings, mail settings, section settings, etc. The proposal is to split this configuration file into several ones.

• Every configuration files will be stored in the /etc/fail2ban directory.
• /etc/fail2ban/fail2ban.conf (file) will contain the general settings.
• /etc/fail2ban/notification.conf (file) will contain the notification settings (e-mail).
• /etc/fail2ban/pattern.d (dir) will contain regular expression templates.
  • /etc/fail2ban/pattern.d/standard-date.conf (file) will contain a regular expression matching a standard date format.
• /etc/fail2ban/filter.d (dir) will contain the filter settings. The files included in this directory can benefit from the templates in /etc/fail2ban/pattern.d.
  • /etc/fail2ban/filter.d/sshd.conf (file) will contain filter settings for OpenSSH server.
  • /etc/fail2ban/filter.d/apache-auth.conf (file) will contain filter settings for Apache authentication.
• /etc/fail2ban/action.d (dir) will contain the action settings.
  • /etc/fail2ban/action.d/iptables.conf (file) will contain the settings for banning an IP address using Netfilter/Iptables.
  • /etc/fail2ban/action.d/hosts.conf (file) will contain the settings for banning an IP address using TCPWrapper.
• /etc/fail2ban/jail.d (dir) will contain jail definition. This is a combination of filter and actions.
• Any user change should be done in a file.local file instead of file.conf. Settings in .local override .conf. This should avoid conflict between user and package settings when upgrading.