From de9977441aeaa11ea1badee3ab5ae7f5b391be95 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Wed, 30 Oct 2013 21:12:16 +1100 Subject: [PATCH] DOC: move named and mysql instructions into the filters from jail.conf --- config/filter.d/mysqld-auth.conf | 5 +++++ config/filter.d/named-refused.conf | 16 ++++++++++++++++ config/jail.conf | 24 +++--------------------- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/config/filter.d/mysqld-auth.conf b/config/filter.d/mysqld-auth.conf index 64dd16ed..82c941ff 100644 --- a/config/filter.d/mysqld-auth.conf +++ b/config/filter.d/mysqld-auth.conf @@ -3,6 +3,11 @@ # Authors: Artur Penttinen # Yaroslav O. Halchenko # +# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]: +# log-error=/var/log/mysqld.log +# log-warning = 2 +# +# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf [INCLUDES] diff --git a/config/filter.d/named-refused.conf b/config/filter.d/named-refused.conf index 1b6f4d4d..c53aa3e1 100644 --- a/config/filter.d/named-refused.conf +++ b/config/filter.d/named-refused.conf @@ -4,7 +4,23 @@ # # Author: Yaroslav Halchenko # +# This filter blocks attacks against named (bind9). # +# By default, logging is off +# with bind9 installation. You will need something like this: +# +# logging { +# channel security_file { +# file "/var/log/named/security.log" versions 3 size 30m; +# severity dynamic; +# print-time yes; +# }; +# category security { +# security_file; +# }; +# }; +# +# in your named.conf to provide proper logging. [Definition] diff --git a/config/jail.conf b/config/jail.conf index 89c1ce73..c6d3384f 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -306,23 +306,6 @@ logpath = /var/log/auth.log ignoreip = 168.192.0.1 -# These jails block attacks against named (bind9). By default, logging is off -# with bind9 installation. You will need something like this: -# -# logging { -# channel security_file { -# file "/var/log/named/security.log" versions 3 size 30m; -# severity dynamic; -# print-time yes; -# }; -# category security { -# security_file; -# }; -# }; -# -# in your named.conf to provide proper logging. -# This jail blocks UDP traffic for DNS requests. - # !!! WARNING !!! # Since UDP is connection-less protocol, spoofing of IP and imitation # of illegal actions is way too simple. Thus enabling of this filter @@ -331,6 +314,8 @@ ignoreip = 168.192.0.1 # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html # Please DO NOT USE this jail unless you know what you are doing. # +# IMPORTANT: see filter.d/named-refused for instructions to enable logging +# This jail blocks UDP traffic for DNS requests. # [named-refused-udp] # # enabled = false @@ -340,6 +325,7 @@ ignoreip = 168.192.0.1 # logpath = /var/log/named/security.log # ignoreip = 168.192.0.1 +# IMPORTANT: see filter.d/named-refused for instructions to enable logging # This jail blocks TCP traffic for DNS requests. [named-refused-tcp] @@ -385,9 +371,6 @@ logpath = /var/log/asterisk/messages maxretry = 10 -# To log wrong MySQL access attempts add to /etc/my.cnf: -# log-error=/var/log/mysqld.log -# log-warning = 2 [mysqld-iptables] enabled = false @@ -398,7 +381,6 @@ logpath = /var/log/mysqld.log maxretry = 5 -# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf [mysqld-syslog-iptables] enabled = false