Difference between revisions of "FEATURE Split config"
From Fail2ban
Jump to navigationJump to searchLostcontrol (talk | contribs) |
|||
| Line 5: | Line 5: | ||
* Every configuration files will be stored in the <tt>/etc/fail2ban</tt> directory. | * Every configuration files will be stored in the <tt>/etc/fail2ban</tt> directory. | ||
* <tt>/etc/fail2ban/fail2ban.conf</tt> (file) will contain the general settings. | * <tt>/etc/fail2ban/fail2ban.conf</tt> (file) will contain the general settings. | ||
| − | * <tt>/etc/fail2ban/ | + | * <tt>/etc/fail2ban/jails.conf</tt> (file) will contain the jails definitions (one filter and one or more actions). |
* <tt>/etc/fail2ban/pattern.d</tt> (dir) will contain regular expression templates. | * <tt>/etc/fail2ban/pattern.d</tt> (dir) will contain regular expression templates. | ||
** <tt>/etc/fail2ban/pattern.d/standard-date.conf</tt> (file) will contain a regular expression matching a standard date format. | ** <tt>/etc/fail2ban/pattern.d/standard-date.conf</tt> (file) will contain a regular expression matching a standard date format. | ||
| Line 14: | Line 14: | ||
** <tt>/etc/fail2ban/action.d/iptables.conf</tt> (file) will contain the settings for banning an IP address using Netfilter/Iptables. | ** <tt>/etc/fail2ban/action.d/iptables.conf</tt> (file) will contain the settings for banning an IP address using Netfilter/Iptables. | ||
** <tt>/etc/fail2ban/action.d/hosts.conf</tt> (file) will contain the settings for banning an IP address using TCPWrapper. | ** <tt>/etc/fail2ban/action.d/hosts.conf</tt> (file) will contain the settings for banning an IP address using TCPWrapper. | ||
| − | |||
* Any user change should be done in a <tt>''file''.local</tt> file instead of <tt>''file''.conf</tt>. Settings in <tt>.local</tt> override <tt>.conf</tt>. This should avoid conflict between user and package settings when upgrading. | * Any user change should be done in a <tt>''file''.local</tt> file instead of <tt>''file''.conf</tt>. Settings in <tt>.local</tt> override <tt>.conf</tt>. This should avoid conflict between user and package settings when upgrading. | ||
[[Category:Feature]] | [[Category:Feature]] | ||
Revision as of 19:00, 17 May 2006
Split configuration file
Fail2ban has a single (atomic) configuration file /etc/fail2ban.conf until 0.7.0. This file became quite length since it keeps several kind of parameters: general settings, mail settings, section settings, etc. The proposal is to split this configuration file into several ones.
- Every configuration files will be stored in the /etc/fail2ban directory.
- /etc/fail2ban/fail2ban.conf (file) will contain the general settings.
- /etc/fail2ban/jails.conf (file) will contain the jails definitions (one filter and one or more actions).
- /etc/fail2ban/pattern.d (dir) will contain regular expression templates.
- /etc/fail2ban/pattern.d/standard-date.conf (file) will contain a regular expression matching a standard date format.
- /etc/fail2ban/filter.d (dir) will contain the filter settings. The files included in this directory can benefit from the templates in /etc/fail2ban/pattern.d.
- /etc/fail2ban/filter.d/sshd.conf (file) will contain filter settings for OpenSSH server.
- /etc/fail2ban/filter.d/apache-auth.conf (file) will contain filter settings for Apache authentication.
- /etc/fail2ban/action.d (dir) will contain the action settings.
- /etc/fail2ban/action.d/iptables.conf (file) will contain the settings for banning an IP address using Netfilter/Iptables.
- /etc/fail2ban/action.d/hosts.conf (file) will contain the settings for banning an IP address using TCPWrapper.
- Any user change should be done in a file.local file instead of file.conf. Settings in .local override .conf. This should avoid conflict between user and package settings when upgrading.
