Difference between revisions of "Talk:FEATURE Split config"
(small discussion on jails format) |
Lostcontrol (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | =File Structure= | + | = File Structure = |
just for historic reasons: excerpt from our ICQ conversation: | just for historic reasons: excerpt from our ICQ conversation: | ||
-> | -> | ||
| Line 6: | Line 6: | ||
j'approuve | j'approuve | ||
| + | ---- | ||
| + | I also look back at our ICQ conversation. I think this is the right way to go. | ||
| + | --[[User:Lostcontrol|Lostcontrol]] 01:38, 17 May 2006 (PDT) | ||
= Jails = | = Jails = | ||
| − | I don't see sense in jail.d directory: my suggestion is simply to have 2 config parameters within fail2ban.conf | + | I don't see sense in jail.d directory: my suggestion is simply to have 2 config parameters within <tt>fail2ban.conf</tt> |
default_actions and jails (multiline) | default_actions and jails (multiline) | ||
| Line 20: | Line 23: | ||
hostsdeny rlogin | hostsdeny rlogin | ||
| − | fail2ban.local of cause could easily override those parameters | + | <tt>fail2ban.local</tt> of cause could easily override those parameters |
| + | |||
| + | ---- | ||
| + | This is a good idea. I remember you were talking about a symlink solution. Any comments on this? | ||
| + | I just think it would be better to put filter first and then action(s). | ||
| + | |||
| + | examples: | ||
| + | default_actions=mail-smtp iptables | ||
| + | jails=ssh %(default_actions) | ||
| + | apache %(default_actions) | ||
| + | postfix mail-postfixadmin | ||
| + | rlogin hostsdeny | ||
| + | --[[User:Lostcontrol|Lostcontrol]] 01:38, 17 May 2006 (PDT) | ||
= Sections = | = Sections = | ||
| + | |||
I see next types of sections within the configuration (as you pointed out by the split already) | I see next types of sections within the configuration (as you pointed out by the split already) | ||
| + | |||
* filter | * filter | ||
* action | * action | ||
| − | the question is either mail-smtp (as what MAIL is now) should be separate kind like now and use internal python's SMTP client or we can rely on external, then it could be easily unified into "action" class. mail-mta is the one which easily can be implemented within "action" class when we rely on the present on the system MTA and | + | the question is either mail-smtp (as what MAIL is now) should be separate kind like now and use internal python's SMTP client or we can rely on external, then it could be easily unified into "action" class. mail-mta is the one which easily can be implemented within "action" class when we rely on the present on the system MTA and <tt>mail</tt> command. |
| + | |||
| + | ---- | ||
| + | I wanted to remove the <tt>mail.py</tt> class and use Python logging instead. Logging can also send e-mails and thus, we would have a unified notification/logging system. However, I prefer your solution which avoid adding code into {{Fail2ban}} and take advantage of "multiactions". | ||
| + | --[[User:Lostcontrol|Lostcontrol]] 01:38, 17 May 2006 (PDT) | ||
Revision as of 10:38, 17 May 2006
File Structure
just for historic reasons: excerpt from our ICQ conversation:
->
ok -- be it /etc/fail2ban/{fail2ban{.local,}.conf,{action,filter}s.d/*} ?
<-
j'approuve
I also look back at our ICQ conversation. I think this is the right way to go. --Lostcontrol 01:38, 17 May 2006 (PDT)
Jails
I don't see sense in jail.d directory: my suggestion is simply to have 2 config parameters within fail2ban.conf
default_actions and jails (multiline)
examples:
default_actions=mail-smtp iptables
jails=%(default_actions) ssh
%(default_actions) apache
mail-postfixadmin postfix
hostsdeny rlogin
fail2ban.local of cause could easily override those parameters
This is a good idea. I remember you were talking about a symlink solution. Any comments on this? I just think it would be better to put filter first and then action(s).
examples:
default_actions=mail-smtp iptables
jails=ssh %(default_actions)
apache %(default_actions)
postfix mail-postfixadmin
rlogin hostsdeny
--Lostcontrol 01:38, 17 May 2006 (PDT)
Sections
I see next types of sections within the configuration (as you pointed out by the split already)
- filter
- action
the question is either mail-smtp (as what MAIL is now) should be separate kind like now and use internal python's SMTP client or we can rely on external, then it could be easily unified into "action" class. mail-mta is the one which easily can be implemented within "action" class when we rely on the present on the system MTA and mail command.
I wanted to remove the mail.py class and use Python logging instead. Logging can also send e-mails and thus, we would have a unified notification/logging system. However, I prefer your solution which avoid adding code into Fail2ban and take advantage of "multiactions". --Lostcontrol 01:38, 17 May 2006 (PDT)
