Merge pull request #1085 from szepeviktor/patch-5

Updated CF action - added docs and composite action to jails.conf
2015-07-04 09:33:33 -04:00 · 2015-07-04 09:33:33 -04:00 · 454546f4ae
parent 81db2f47dc a00ee15c06
commit 454546f4ae
3 changed files with 26 additions and 9 deletions
--- a/2
+++ b/2
@ -17,6 +17,8 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
     Thanks Anton Shestakov
   * Fix fail2ban-regex not parsing journalmatch correctly from filter config
   * filter.d/asterisk.conf - fix security log support for Asterisk 12+
+   * action.d/cloudflare.conf - allow multiple CF accounts by storing
+     authentication data in your jail

 - New Features:
   - New filters:
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@ -1,10 +1,14 @@
 #
 # Author: Mike Rushton
 #
-# Referenced from from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
+# IMPORTANT
 #
-# To get your Cloudflare API key: https://www.cloudflare.com/my-account
+# Please set jail.local's permission to 640 because it contains your CF API key.
 #
+# This action depends on curl.
+# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
+#
+# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account

 [Definition]

@ -34,7 +38,8 @@ actioncheck =
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = curl https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
+actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
+
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
@ -43,13 +48,19 @@ actionban = curl https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cf
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = curl https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
-
+actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'

 [Init]

-# Default Cloudflare API token 
-cftoken = 
+# If you like to use this action with mailing whois lines, you could use the composite action
+# action_cf_mwl predefined in jail.conf, just define in your jail:
+#
+# action = %(action_cf_mwl)s
+# # Your CF account e-mail
+# cfemail  = 
+# # Your CF API Key
+# cfapikey = 

-# Default Cloudflare username
-cfuser = 
+cftoken =
+
+cfuser =
--- a/config/jail.conf
+++ b/config/jail.conf
@ -174,6 +174,10 @@ action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(por
 action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]

+# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
+# to the destemail.
+action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
+                %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

 # Report block via blocklist.de fail2ban reporting service API
 #