# /etc/fail2ban/jail.d/etc-prs.conf
# Fail2ban configuration for ETC PRS server
#
# Install:
#   sudo cp scripts/fail2ban/nginx-scan.conf /etc/fail2ban/filter.d/nginx-scan.conf
#   sudo cp scripts/fail2ban/etc-prs.conf    /etc/fail2ban/jail.d/etc-prs.conf
#   sudo systemctl restart fail2ban
#   sudo fail2ban-client status nginx-scan

[DEFAULT]
# Ban IPs using UFW (already configured on this server)
banaction = ufw

[nginx-scan]
enabled  = true
port     = http,https
filter   = nginx-scan
logpath  = /var/log/nginx/access.log

# Ban if 20 errors in 60 seconds
maxretry = 20
findtime = 60

# Ban for 1 hour
bantime  = 3600

[nginx-badbots]
enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/nginx/access.log
maxretry = 2
findtime = 86400
bantime  = 86400

[nginx-noscript]
enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/nginx/access.log
maxretry = 6
findtime = 60
bantime  = 3600

[sshd]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 5
findtime = 60
bantime  = 3600