github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: remove dependency on querycontacts

pull/468/head
Daniel Black 2013-12-03 20:34:21 +11:00
parent bfd435091d
commit 8c37d2e4de
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/action.d/xarf-login-attack.conf
View File

@ -1,7 +1,6 @@
# Fail2Ban action for sending xarf Login-Attack messages to IP owner # Fail2Ban action for sending xarf Login-Attack messages to IP owner
# #
# This requires querycontact ( http://pypi.python.org/pypi/querycontacts/ ) # This requires the dig command from bind-utils
# sudo pip install querycontacts
# #
# This uses the https://abusix.com/contactdb.html to lookup abuse contacts. # This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
# #
@ -28,8 +27,8 @@ actionstop =
actioncheck = actioncheck =
actionban = ADDRESSES=`querycontacts <ip>` actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP} ;ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
IP=<ip> IP=<ip>
FROM=<sender> FROM=<sender>
SERVICE=<service> SERVICE=<service>
FAILURES=<failures> FAILURES=<failures>
@ -42,7 +41,7 @@ actionban = ADDRESSES=`querycontacts <ip>`
(printf -- %%b "<header>\n<message>\n<report>\n${MATCHES}\n"; (printf -- %%b "<header>\n<message>\n<report>\n${MATCHES}\n";
date '+Note: Local timezone is %%z (%%Z)'; date '+Note: Local timezone is %%z (%%Z)';
tail -n <loglines> <logpath> | grep '[^0-9]<ip>[^0-9]'; tail -n <loglines> <logpath> | grep '[^0-9]<ip>[^0-9]';
printf -- %%b "<footer>") | <mailcmd> <mailargs> $ADDRESSES printf -- %%b "<footer>") | <mailcmd> <mailargs> ${ADDRESSES//,/" "}
fi fi
actionunban = actionunban =