From 1619ab3145c7c27f695e5c3af6909a776dd2efb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Sun, 1 Feb 2015 00:06:56 +0100 Subject: [PATCH] Added sendmail-geoip-lines.conf --- config/action.d/sendmail-geoip-lines.conf | 48 +++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 config/action.d/sendmail-geoip-lines.conf diff --git a/config/action.d/sendmail-geoip-lines.conf b/config/action.d/sendmail-geoip-lines.conf new file mode 100644 index 000000000..5f0a42d2e --- /dev/null +++ b/config/action.d/sendmail-geoip-lines.conf @@ -0,0 +1,48 @@ +# Fail2Ban configuration file +# +# Author: Viktor Szépe +# +# + +[INCLUDES] + +before = sendmail-common.conf + +[Definition] + +# Option: actionban +# Notes.: Command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# You need to install geoiplookup and the GeoLite or GeoIP databases. +# (geoip-bin and geoip-database-contrib in Debian) +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` + Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + From: <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n\n + Here is more information about :\n + http://bgp.he.net/ip/ + http://www.projecthoneypot.org/ip_ + http://whois.domaintools.com/\n\n + Country:`/usr/bin/geoiplookup -f /usr/share/GeoIP/GeoIP.dat "" | cut -d':' -f2-` + AS:`/usr/bin/geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d':' -f2-` + hostname: `/usr/bin/host -t A 2>&1`\n\n + Lines containing IP: in \n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +[Init] + +# Default name of the chain +# +name = default + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null