diff --git a/ChangeLog b/ChangeLog index 96cef17d..aa432dca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,7 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released - Monit config for fail2ban in /files/monit - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt + - action.d/sendmail-geoip-lines.conf - New status argument, flavor: - fail2ban-client status [flavor] - empty or "basic" works as-is diff --git a/config/action.d/sendmail-geoip-lines.conf b/config/action.d/sendmail-geoip-lines.conf new file mode 100644 index 00000000..4225a3eb --- /dev/null +++ b/config/action.d/sendmail-geoip-lines.conf @@ -0,0 +1,49 @@ +# Fail2Ban configuration file +# +# Author: Viktor Szépe +# +# + +[INCLUDES] + +before = sendmail-common.conf + +[Definition] + +# Option: actionban +# Notes.: Command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# You need to install geoiplookup and the GeoLite or GeoIP databases. +# (geoip-bin and geoip-database in Debian) +# The host command comes from bind9-host package. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n\n + Here is more information about :\n + http://bgp.he.net/ip/ + http://www.projecthoneypot.org/ip_ + http://whois.domaintools.com/\n\n + Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "" | cut -d':' -f2-` + AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d':' -f2-` + hostname: `host -t A 2>&1`\n\n + Lines containing IP: in \n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +[Init] + +# Default name of the chain +# +name = default + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null