mirror of https://github.com/fail2ban/fail2ban
ENH: Added blocklist.de reporting API action
Steven Hiscocks
parent
3a5983ab0b
commit
e810ec009d
|
|
@ -0,0 +1,55 @@
|
||||||
|
# Fail2Ban configuration file
|
||||||
|
#
|
||||||
|
# Author: Steven Hiscocks
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# Action to report IP address to blocklist.de
|
||||||
|
# Blocklist.de must be signed up to at www.blocklist.de
|
||||||
|
# Once registered, one or more servers can be added.
|
||||||
|
# This action requires the server 'email address' and the assoicate apikey.
|
||||||
|
#
|
||||||
|
# From blocklist.de:
|
||||||
|
# www.blocklist.de is a free and voluntary service provided by a
|
||||||
|
# Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
|
||||||
|
# Mail-Login-, FTP-, Webserver- and other services.
|
||||||
|
# The mission is to report all attacks to the abuse deparments of the
|
||||||
|
# infected PCs/servers to ensure that the responsible provider can inform
|
||||||
|
# the customer about the infection and disable them
|
||||||
|
#
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: actionstart
|
||||||
|
# Notes.: command executed once at the start of Fail2Ban.
|
||||||
|
# Values: CMD
|
||||||
|
#
|
||||||
|
actionstart =
|
||||||
|
|
||||||
|
# Option: actionstop
|
||||||
|
# Notes.: command executed once at the end of Fail2Ban
|
||||||
|
# Values: CMD
|
||||||
|
#
|
||||||
|
actionstop =
|
||||||
|
|
||||||
|
# Option: actioncheck
|
||||||
|
# Notes.: command executed once before each actionban command
|
||||||
|
# Values: CMD
|
||||||
|
#
|
||||||
|
actioncheck =
|
||||||
|
|
||||||
|
# Option: actionban
|
||||||
|
# Notes.: command executed when banning an IP. Take care that the
|
||||||
|
# command is executed with Fail2Ban user rights.
|
||||||
|
# Tags: See jail.conf(5) man page
|
||||||
|
# Values: CMD
|
||||||
|
#
|
||||||
|
actionban = ! curl --data-urlencode 'server=<email>' --data 'apikey=<apikey>' --data 'service=<service>' --data 'ip=<ip>' --data-urlencode 'logs=<matches>' --data 'format=text' "https://www.blocklist.de/en/httpreports.html" | grep "status: error"
|
||||||
|
|
||||||
|
# Option: actionunban
|
||||||
|
# Notes.: command executed when unbanning an IP. Take care that the
|
||||||
|
# command is executed with Fail2Ban user rights.
|
||||||
|
# Tags: See jail.conf(5) man page
|
||||||
|
# Values: CMD
|
||||||
|
#
|
||||||
|
actionunban =
|
||||||
|
|
@ -532,3 +532,15 @@ filter = selinux-ssh
|
||||||
action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
|
action = iptables[name=SELINUX-SSH, port=ssh, protocol=tcp]
|
||||||
logpath = /var/log/audit/audit.log
|
logpath = /var/log/audit/audit.log
|
||||||
maxretry = 5
|
maxretry = 5
|
||||||
|
|
||||||
|
# Report block via blocklist.de fail2ban reporting service API
|
||||||
|
# See action.d/blocklist_de.conf for more information
|
||||||
|
[ssh-blocklist]
|
||||||
|
|
||||||
|
enabled = false
|
||||||
|
filter = sshd
|
||||||
|
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
||||||
|
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
|
||||||
|
blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
|
||||||
|
logpath = /var/log/sshd.log
|
||||||
|
maxretry = 5
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue