2006-12-10 23:40:04 +00:00
|
|
|
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
|
|
## 00_mail-whois-lines.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
|
|
##
|
|
|
|
## All lines beginning with `## DP:' are a description of the patch.
|
|
|
|
## DP: New action which mails not only whois but the result of grep using the
|
|
|
|
## DP: abuser IP over the log files
|
|
|
|
|
|
|
|
@DPATCH@
|
|
|
|
diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5/config/action.d/mail-whois-lines.conf
|
|
|
|
--- fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ fail2ban-0.7.5/config/action.d/mail-whois-lines.conf 2006-12-10 18:27:46.000000000 -0500
|
|
|
|
@@ -0,0 +1,75 @@
|
|
|
|
+# Fail2Ban configuration file
|
|
|
|
+#
|
|
|
|
+# Author: Cyril Jaquier
|
|
|
|
+# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
|
|
|
|
+# $Revision: 254 $
|
|
|
|
+#
|
|
|
|
+
|
|
|
|
+[Definition]
|
|
|
|
+
|
|
|
|
+# Option: fwstart
|
|
|
|
+# Notes.: command executed once at the start of Fail2Ban.
|
|
|
|
+# Values: CMD
|
|
|
|
+#
|
|
|
|
+actionstart = echo -en "Hi,\n
|
|
|
|
+ The jail <name> has been started successfuly.\n
|
|
|
|
+ Regards,\n
|
|
|
|
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
|
|
|
|
+
|
|
|
|
+# Option: fwend
|
|
|
|
+# Notes.: command executed once at the end of Fail2Ban
|
|
|
|
+# Values: CMD
|
|
|
|
+#
|
|
|
|
+actionstop = echo -en "Hi,\n
|
|
|
|
+ The jail <name> has been stopped.\n
|
|
|
|
+ Regards,\n
|
|
|
|
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
|
|
|
|
+
|
2007-01-19 15:51:11 +00:00
|
|
|
+# Option: actioncheck
|
|
|
|
+# Notes.: command executed once before each actionban command
|
2006-12-10 23:40:04 +00:00
|
|
|
+# Values: CMD
|
|
|
|
+#
|
|
|
|
+actioncheck =
|
|
|
|
+
|
2007-01-19 15:51:11 +00:00
|
|
|
+# Option: actionban
|
2006-12-10 23:40:04 +00:00
|
|
|
+# Notes.: command executed when banning an IP. Take care that the
|
|
|
|
+# command is executed with Fail2Ban user rights.
|
|
|
|
+# Tags: <ip> IP address
|
|
|
|
+# <failures> number of failures
|
|
|
|
+# <failtime> unix timestamp of the last failure
|
|
|
|
+# <bantime> unix timestamp of the ban time
|
|
|
|
+# Values: CMD
|
|
|
|
+#
|
|
|
|
+actionban = echo -en "Hi,\n
|
|
|
|
+ The IP <ip> has just been banned by Fail2Ban after
|
|
|
|
+ <failures> attempts against <name>.\n\n
|
|
|
|
+ Here are more information about <ip>:\n
|
|
|
|
+ `whois <ip>`\n\n
|
|
|
|
+ Lines containing IP:<ip> in <logpath>\n
|
|
|
|
+ `grep '\<<ip>\>' <logpath>`\n\n
|
|
|
|
+ Regards,\n
|
|
|
|
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
|
|
|
|
+
|
2007-01-19 15:51:11 +00:00
|
|
|
+# Option: actionunban
|
2006-12-10 23:40:04 +00:00
|
|
|
+# Notes.: command executed when unbanning an IP. Take care that the
|
|
|
|
+# command is executed with Fail2Ban user rights.
|
|
|
|
+# Tags: <ip> IP address
|
|
|
|
+# <bantime> unix timestamp of the ban time
|
|
|
|
+# <unbantime> unix timestamp of the unban time
|
|
|
|
+# Values: CMD
|
|
|
|
+#
|
|
|
|
+actionunban =
|
|
|
|
+
|
|
|
|
+[Init]
|
|
|
|
+
|
|
|
|
+# Defaut name of the chain
|
|
|
|
+#
|
|
|
|
+name = default
|
|
|
|
+
|
|
|
|
+# Destinataire of the mail
|
|
|
|
+#
|
|
|
|
+dest = root
|
|
|
|
+
|
|
|
|
+# Path to the log files which contain relevant lines for the abuser IP
|
|
|
|
+#
|
|
|
|
+logpath = /dev/null
|