CONF=/etc/fail2ban/jail.conf
if [ -e "$CONF" ]; then
- # enable ssh and pam-generic services
- perl -ne 'if (/\[(ssh|pam-generic)\]/ .. /enabled/) { $_ =~ s/enabled = false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
- mv "$CONF.$$" "$CONF"
+ # enable ssh, pam-generic, sasl, proftpd and vsftpd service
+ echo "CN: Enabling SSH, PAM-generic, SASL, Proftpd and Vsftpd support"
+ perl -ne 'if (/^\[(ssh|pam-generic|sasl|proftpd|vsftpd)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ cp_mv "$CONF.$$" "$CONF"
rm -f "$CONF.$$"
+ # enable dovecot service
+ echo "CN: Enabling full Dovecot support"
+ cp -a "$CONF" "$CONF.$$"
+ cp-update fail2ban-cn "$CONF.$$" <<EOF
+[dovecot]
+
+enabled = true
+port = 110,143
+protocol = tcp
+filter = dovecot
+logpath = /var/log/mail.log
+EOF
+ cp_mv "$CONF.$$" "$CONF"
+
# add network address and class if needed
cp_get_netaddr || true
NETADDR="$RET"
IGNOREIP=$(grep '^ignoreip' "$CONF")
if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then
+ echo "CN: Enabling local IP ranges exclusion"
cp_check_and_sed '^ignoreip' \
"s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true
fi
projects / fail2ban-cn.git / blobdiff