I went and dug up what we’re putting into the /etc/fail2ban/jail.local on new installs going forward in Virtualmin 6 (this isn’t in the alpha installer that’s available, but will be very soon, maybe tonight):
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[ssh-ddos]
enabled = true
port = ssh,sftp
filter = sshd-ddos
log_path = %{sshd_log}s
[webmin-auth]
enabled = true
port = 10000
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
logpath = %(proftpd_log)s
backend = %(proftpd_backend)s
[postfix]
enabled = true
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
[postfix-sasl]
enabled = true
port = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath = %(postfix_log)s
backend = %(postfix_backend)s
And, on CentOS 7, where we’ll be setting up a firewalld firewall, we install the fail2ban-firewalld module, which created this file in /etc/fail2ban/jail.d/00-firewalld.conf:
[DEFAULT]
banaction = firewallcmd-ipset
So, if you just want a set it and forget it set of files, that’ll do it, assuming you’re using firewalld. (There is no default firewall in Virtualmin installations prior to VM6, but if you had any of the supported firewalls running when it was installed, it would have configured it for use with Virtualmin.)