mirror of https://github.com/fail2ban/fail2ban
sebres
2 years ago
commit
2df58c5281
@ -0,0 +1,107 @@
|
||||
# IPThreat configuration file
|
||||
#
|
||||
# Added to fail2ban by Jeff Johnson (jjxtra)
|
||||
#
|
||||
# Action to report IP address to ipthreat.net
|
||||
#
|
||||
# You must sign up to obtain an API key from ipthreat.net and request bulk report permissions
|
||||
# https://ipthreat.net/integrations
|
||||
#
|
||||
# IPThreat is a 100% free site and service, all data is licensed under a creative commons by attribution license
|
||||
# Please do not integrate if you do not agree to the license
|
||||
#
|
||||
# IMPORTANT:
|
||||
#
|
||||
# Reporting an IP is a serious action. Make sure that it is legit.
|
||||
# Consider using this action only for:
|
||||
# * IP that has been banned more than once
|
||||
# * High max retry to avoid user mis-typing password
|
||||
# * Filters that are unlikely to be human error
|
||||
#
|
||||
# Example:
|
||||
# ```
|
||||
# action = %(known/action)s
|
||||
# ipthreat[]
|
||||
# ```
|
||||
#
|
||||
# The action accepts the following arguments: ipthreat[ipthreat_flags="8",ipthreat_system="SSH", ipthreat_apikey=...]
|
||||
# In most cases your action could be as simple as: ipthreat[], since the default flags and system are set to the most correct default values.
|
||||
# You can optionally override ipthreat_system and ipthreat_flags if desired.
|
||||
# The ipthreat_apikey must be set at the bottom of this configuration file.
|
||||
#
|
||||
# `ipthreat_system` is a short name of the system attacked, i.e. SSH, SMTP, MYSQL, PHP, etc.
|
||||
#
|
||||
# For `ipthreat_flags`, most cases will use 8 (BruteForce) which is the default, but you could use others.
|
||||
# You can use the name or the ordinal.
|
||||
# Multiple values are comma separated.
|
||||
# ```
|
||||
# Name Ordinal Description
|
||||
# Dns 1 Abuse/attack of dns (domain name server)
|
||||
# Fraud 2 General fraud, whether orders, misuse of payment info, etc
|
||||
# DDos 4 Distributed denial of service attack, whether through http requests, large ping attack, etc
|
||||
# BruteForce 8 Brute force login attack
|
||||
# Proxy 16 IP is a proxy like TOR or other proxy server
|
||||
# Spam 32 Email, comment or other type of spam
|
||||
# Vpn 64 IP is part of a VPN
|
||||
# Hacking 128 General hacking outside of brute force attack (includes vulnerability scans, sql injection, etc.). Use port scan flag instead if it's just probe on ports.
|
||||
# BadBot 256 Bad bot that is not honoring robots.txt or just flooding with too many requests, etc
|
||||
# Compromised 512 The ip has been taken over by malware or botnet
|
||||
# Phishing 1024 The ip is involved in phishing or spoofing
|
||||
# Iot 2048 The ip has targetted an iot (Internet of Things) device
|
||||
# PortScan 4096 Port scan
|
||||
# See https://ipthreat.net/bulkreportformat for more information
|
||||
# ```
|
||||
|
||||
[Definition]
|
||||
|
||||
# bypass action for restored tickets
|
||||
norestored = 1
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart =
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop =
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck =
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
#
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: <ipthreat_apikey>" -d "{\"ip\":\"<ip>\",\"flags\":\"<ipthreat_flags>\",\"system\":\"<ipthreat_system>\",\"notes\":\"fail2ban\"}"
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban =
|
||||
|
||||
[Init]
|
||||
# Option: ipthreat_apikey
|
||||
# Notes Your API key from ipthreat.net
|
||||
# Values: STRING Default: None
|
||||
# Register for ipthreat [https://ipthreat.net], get api key and set below.
|
||||
# You will need to set the flags and system in the action call in jail.conf
|
||||
ipthreat_apikey =
|
||||
|
||||
# By default, the ipthreat system is the name of the fail2ban jail
|
||||
ipthreat_system = <name>
|
||||
|
||||
# By default the ip threat flags is 8 (brute force), but you can override this per jail if desired
|
||||
ipthreat_flags = 8
|
||||
Loading…
Reference in new issue