diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
--- fail2ban-0.9-1f1a561/config/jail.conf.logfiles 2013-09-08 05:02:35.000000000 -0600
+++ fail2ban-0.9-1f1a561/config/jail.conf 2013-09-24 17:01:40.264930006 -0600
@@ -152,20 +152,18 @@ action = %(action_)s
[sshd]
port = ssh
-logpath = /var/log/auth.log
- /var/log/sshd.log
+logpath = /var/log/secure
[sshd-ddos]
port = ssh
-logpath = /var/log/auth.log
- /var/log/sshd.log
+logpath = /var/log/secure
[dropbear]
port = ssh
filter = sshd
-logpath = /var/log/dropbear
+logpath = /var/log/secure
# Generic filter for PAM. Has to be used with action which bans all
@@ -175,12 +173,12 @@ logpath = /var/log/dropbear
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = iptables-allports
-logpath = /var/log/auth.log
+logpath = /var/log/secure
[xinetd-fail]
banaction = iptables-multiport-log
-logpath = /var/log/daemon.log
+logpath = /var/log/messages
maxretry = 2
# .. custom jails
@@ -194,7 +192,7 @@ filter = sshd
action = hostsdeny[daemon_list=sshd]
sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs
@@ -203,7 +201,7 @@ logpath = /var/log/sshd.log
filter = sshd
action = route
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
filter = sshd
action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
[sshd-iptables-ipset6]
filter = sshd
action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines
@@ -231,7 +229,7 @@ logpath = /var/log/sshd.log
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
-logpath = /var/log/auth.log
+logpath = /var/log/secure
# bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
# table number must be unique.
@@ -243,14 +241,14 @@ logpath = /var/log/auth.log
filter = sshd
action = bsd-ipfw[port=ssh,table=1]
-logpath = /var/log/auth.log
+logpath = /var/log/secure
# PF is a BSD based firewall
[ssh-pf]
filter = sshd
action = pf
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
maxretry= 5
#
@@ -260,7 +258,7 @@ maxretry= 5
[apache-auth]
port = http,https
-logpath = /var/log/apache*/*error.log
+logpath = /var/log/httpd/*error_log
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
@@ -268,21 +266,20 @@ logpath = /var/log/apache*/*error.log
[apache-badbots]
port = http,https
-logpath = /var/log/apache*/*access.log
- /var/www/*/logs/access_log
+logpath = /var/log/httpd/*access_log
bantime = 172800
maxretry = 1
[apache-noscript]
port = http,https
-logpath = /var/log/apache*/*error.log
+logpath = /var/log/httpd/*error_log
maxretry = 6
[apache-overflows]
port = http,https
-logpath = /var/log/apache*/*error.log
+logpath = /var/log/httpd/*error_log
maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
@@ -292,7 +289,7 @@ maxretry = 2
[php-url-fopen]
port = http,https
-logpath = /var/www/*/logs/access_log
+logpath = /var/log/httpd/*access_log
[suhosin]
@@ -325,7 +322,7 @@ logpath = /var/log/sogo/sogo.log
filter = apache-auth
action = hostsdeny
-logpath = /var/log/apache*/*error.log
+logpath = /var/log/httpd/*error_log
maxretry = 6
[3proxy]
@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log
[pure-ftpd]
port = ftp,ftp-data,ftps,ftps-data
-logpath = /var/log/auth.log
+logpath = /var/log/secure
maxretry = 6
[vsftpd]
@@ -355,7 +352,7 @@ maxretry = 6
port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
+# logpath = /var/log/secure
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
@@ -390,12 +387,12 @@ logpath = /root/path/to/assp/logs/maill
[courier-smtp]
port = smtp,ssmtp,submission
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
[postfix]
port = smtp,ssmtp,submission
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
[courier-auth]
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
[sasl]
@@ -436,12 +433,12 @@ port = smtp,ssmtp,submission,imap2,i
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
[dovecot]
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-logpath = /var/log/mail.log
+logpath = /var/log/maillog
[perdition]