mirror of https://github.com/fail2ban/fail2ban
99 lines
3.4 KiB
Plaintext
99 lines
3.4 KiB
Plaintext
# Fail2Ban configuration file
|
|
#
|
|
# Author: Steven Hiscocks
|
|
#
|
|
#
|
|
|
|
# Action to report IP address to blocklist.de
|
|
# Blocklist.de must be signed up to at www.blocklist.de
|
|
# Once registered, one or more servers can be added.
|
|
# This action requires the server 'email address' and the associated apikey.
|
|
#
|
|
# From blocklist.de:
|
|
# www.blocklist.de is a free and voluntary service provided by a
|
|
# Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
|
|
# Mail-Login-, FTP-, Webserver- and other services.
|
|
# The mission is to report all attacks to the abuse departments of the
|
|
# infected PCs/servers to ensure that the responsible provider can inform
|
|
# the customer about the infection and disable them
|
|
#
|
|
# IMPORTANT:
|
|
#
|
|
# Reporting an IP of abuse is a serious complaint. Make sure that it is
|
|
# serious. Fail2ban developers and network owners recommend you only use this
|
|
# action for:
|
|
# * The recidive where the IP has been banned multiple times
|
|
# * Where maxretry has been set quite high, beyond the normal user typing
|
|
# password incorrectly.
|
|
# * For filters that have a low likelihood of receiving human errors
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Option: actionstart
|
|
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
|
# Values: CMD
|
|
#
|
|
actionstart =
|
|
|
|
# Option: actionstop
|
|
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
|
# Values: CMD
|
|
#
|
|
actionstop =
|
|
|
|
# Option: actioncheck
|
|
# Notes.: command executed once before each actionban command
|
|
# Values: CMD
|
|
#
|
|
actioncheck =
|
|
|
|
# Option: actionban
|
|
# Notes.: command executed when banning an IP. Take care that the
|
|
# command is executed with Fail2Ban user rights.
|
|
# Tags: See jail.conf(5) man page
|
|
# Values: CMD
|
|
#
|
|
|
|
tmpfile = "/var/run/fail2ban/last-log-<name>.time"
|
|
|
|
actionban = if [ ! -e "<tmpfile>" ]
|
|
then
|
|
# if the file doesn't exist yet, create it
|
|
touch -d @<time> "<tmpfile>"
|
|
curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"
|
|
fi
|
|
if [ $(stat -c %%X "<tmpfile>") -lt <time> ]
|
|
then
|
|
# If the time of the offense is later than the last ban, actually report it to blocklist.de
|
|
touch -d @<time> "<tmpfile>"
|
|
curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"
|
|
fi
|
|
|
|
# Option: actionunban
|
|
# Notes.: command executed when unbanning an IP. Take care that the
|
|
# command is executed with Fail2Ban user rights.
|
|
# Tags: See jail.conf(5) man page
|
|
# Values: CMD
|
|
#
|
|
actionunban =
|
|
|
|
# Option: email
|
|
# Notes server email address, as per blocklist.de account
|
|
# Values: STRING Default: None
|
|
#
|
|
#email =
|
|
|
|
# Option: apikey
|
|
# Notes your user blocklist.de user account apikey
|
|
# Values: STRING Default: None
|
|
#
|
|
#apikey =
|
|
|
|
# Option: service
|
|
# Notes service name you are reporting on, typically aligns with filter name
|
|
# see http://www.blocklist.de/en/httpreports.html for full list
|
|
# Values: STRING Default: None
|
|
#
|
|
#service =
|