fail2ban/debian/patches/00_mail-whois-lines.dpatch

88 lines
2.7 KiB
Plaintext
Raw Normal View History

#! /bin/sh /usr/share/dpatch/dpatch-run
## 00_mail-whois-lines.dpatch by Yaroslav Halchenko <debian@onerussian.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: New action which mails not only whois but the result of grep using the
## DP: abuser IP over the log files
@DPATCH@
diff -urNad fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf fail2ban-0.7.5/config/action.d/mail-whois-lines.conf
--- fail2ban-0.7.5~/config/action.d/mail-whois-lines.conf 1969-12-31 19:00:00.000000000 -0500
+++ fail2ban-0.7.5/config/action.d/mail-whois-lines.conf 2006-12-10 18:27:46.000000000 -0500
@@ -0,0 +1,75 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
+# $Revision: 254 $
+#
+
+[Definition]
+
+# Option: fwstart
+# Notes.: command executed once at the start of Fail2Ban.
+# Values: CMD
+#
+actionstart = echo -en "Hi,\n
+ The jail <name> has been started successfuly.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option: fwend
+# Notes.: command executed once at the end of Fail2Ban
+# Values: CMD
+#
+actionstop = echo -en "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <failures> number of failures
+# <failtime> unix timestamp of the last failure
+# <bantime> unix timestamp of the ban time
+# Values: CMD
+#
+actionban = echo -en "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n\n
+ Here are more information about <ip>:\n
+ `whois <ip>`\n\n
+ Lines containing IP:<ip> in <logpath>\n
+ `grep '\<<ip>\>' <logpath>`\n\n
+ Regards,\n
+ Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: <ip> IP address
+# <bantime> unix timestamp of the ban time
+# <unbantime> unix timestamp of the unban time
+# Values: CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destinataire of the mail
+#
+dest = root
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null