ENH: remove dependency on querycontacts

2013-12-03 20:34:21 +11:00 · 2013-12-03 20:34:21 +11:00 · 8c37d2e4de
parent bfd435091d
commit 8c37d2e4de
1 changed files with 4 additions and 5 deletions
--- a/config/action.d/xarf-login-attack.conf
+++ b/config/action.d/xarf-login-attack.conf
@ -1,7 +1,6 @@
 # Fail2Ban action for sending xarf Login-Attack messages to IP owner
 #
-# This requires querycontact ( http://pypi.python.org/pypi/querycontacts/ )
-# sudo pip install querycontacts
+# This requires the dig command from bind-utils
 #
 # This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
 #
@ -28,8 +27,8 @@ actionstop =

 actioncheck =

-actionban = ADDRESSES=`querycontacts <ip>`
-	          IP=<ip>
+actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP} ;ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
+            IP=<ip>
            FROM=<sender>
            SERVICE=<service>
            FAILURES=<failures>
@ -42,7 +41,7 @@ actionban = ADDRESSES=`querycontacts <ip>`
                (printf -- %%b "<header>\n<message>\n<report>\n${MATCHES}\n";
                 date '+Note: Local timezone is %%z (%%Z)';
                 tail -n <loglines> <logpath> | grep '[^0-9]<ip>[^0-9]';
-                 printf -- %%b "<footer>") | <mailcmd> <mailargs> $ADDRESSES
+                 printf -- %%b "<footer>") | <mailcmd> <mailargs> ${ADDRESSES//,/" "}
            fi

 actionunban =