Talk:FEATURE Split config

From Fail2ban
Revision as of 09:38, 17 May 2006 by Lostcontrol (Talk | contribs)

Jump to: navigation, search

File Structure

just for historic reasons: excerpt from our ICQ conversation:

->
ok -- be it /etc/fail2ban/{fail2ban{.local,}.conf,{action,filter}s.d/*} ?
<-
j'approuve

I also look back at our ICQ conversation. I think this is the right way to go. --Lostcontrol 01:38, 17 May 2006 (PDT)

Jails

I don't see sense in jail.d directory: my suggestion is simply to have 2 config parameters within fail2ban.conf

default_actions and jails (multiline)

examples:

default_actions=mail-smtp iptables
jails=%(default_actions) ssh
      %(default_actions) apache
      mail-postfixadmin postfix
      hostsdeny rlogin

fail2ban.local of cause could easily override those parameters


This is a good idea. I remember you were talking about a symlink solution. Any comments on this? I just think it would be better to put filter first and then action(s).

examples:

default_actions=mail-smtp iptables
jails=ssh %(default_actions)
      apache %(default_actions)
      postfix mail-postfixadmin
      rlogin hostsdeny

--Lostcontrol 01:38, 17 May 2006 (PDT)

Sections

I see next types of sections within the configuration (as you pointed out by the split already)

  • filter
  • action

the question is either mail-smtp (as what MAIL is now) should be separate kind like now and use internal python's SMTP client or we can rely on external, then it could be easily unified into "action" class. mail-mta is the one which easily can be implemented within "action" class when we rely on the present on the system MTA and mail command.


I wanted to remove the mail.py class and use Python logging instead. Logging can also send e-mails and thus, we would have a unified notification/logging system. However, I prefer your solution which avoid adding code into Fail2ban and take advantage of "multiactions". --Lostcontrol 01:38, 17 May 2006 (PDT)