fail2ban/config/action.d/sendmail-geoip-lines.conf

60 lines
1.7 KiB
Plaintext
Raw Normal View History

2015-01-31 23:06:56 +00:00
# Fail2Ban configuration file
#
# Author: Viktor Szépe
#
#
[INCLUDES]
before = sendmail-common.conf
helpers-common.conf
2015-01-31 23:06:56 +00:00
[Definition]
# bypass ban/unban for restored tickets
norestored = 1
2015-01-31 23:06:56 +00:00
# Option: actionban
# Notes.: Command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# You need to install geoiplookup and the GeoLite or GeoIP databases.
2015-02-06 16:22:30 +00:00
# (geoip-bin and geoip-database in Debian)
# The host command comes from bind9-host package.
2015-01-31 23:06:56 +00:00
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
2015-01-31 23:06:56 +00:00
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip> :\n
2015-01-31 23:06:56 +00:00
http://bgp.he.net/ip/<ip>
http://www.projecthoneypot.org/ip_<ip>
http://whois.domaintools.com/<ip>\n\n
2015-02-06 16:22:30 +00:00
Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
hostname: <ip-host>\n\n
2020-01-12 22:21:29 +00:00
Lines containing failures of <ip> (max <grepmax>)\n";
%(_grep_logs)s;
printf %%b "\n
2015-01-31 23:06:56 +00:00
Regards,\n
2020-01-12 22:21:29 +00:00
Fail2Ban" ) | <mailcmd>
2015-01-31 23:06:56 +00:00
[Init]
# Default name of the chain
#
name = default
# Path to the log files which contain relevant lines for the abuser IP
#
logpath = /dev/null
# Number of log lines to include in the email
#
#grepmax = 1000
#grepopts = -m <grepmax>