You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
4.7 KiB
Plaintext
122 lines
4.7 KiB
Plaintext
2 years ago
|
# Fail2Ban configuration file
|
||
|
#
|
||
|
# Author: Russell Odom <russ@gloomytrousers.co.uk>, Daniel Black
|
||
|
# Sends a complaint e-mail to addresses listed in the whois record for an
|
||
|
# offending IP address.
|
||
|
# This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
|
||
|
#
|
||
|
# DEPENDENCIES:
|
||
|
# This requires the dig command from bind-utils
|
||
|
#
|
||
|
# You should provide the <logpath> in the jail config - lines from the log
|
||
|
# matching the given IP address will be provided in the complaint as evidence.
|
||
|
#
|
||
|
# WARNING
|
||
|
# -------
|
||
|
#
|
||
|
# Please do not use this action unless you are certain that fail2ban
|
||
|
# does not result in "false positives" for your deployment. False
|
||
|
# positive reports could serve a mis-favor to the original cause by
|
||
|
# flooding corresponding contact addresses, and complicating the work
|
||
|
# of administration personnel responsible for handling (verified) legit
|
||
|
# complains.
|
||
|
#
|
||
|
# Please consider using e.g. sendmail-whois-lines.conf action which
|
||
|
# would send the reports with relevant information to you, so the
|
||
|
# report could be first reviewed and then forwarded to a corresponding
|
||
|
# contact if legit.
|
||
|
#
|
||
|
|
||
|
|
||
|
[INCLUDES]
|
||
|
|
||
|
before = helpers-common.conf
|
||
|
|
||
|
[Definition]
|
||
|
|
||
|
# Used in test cases for coverage internal transformations
|
||
|
debug = 0
|
||
|
|
||
|
# bypass ban/unban for restored tickets
|
||
|
norestored = 1
|
||
|
|
||
|
# Option: actionstart
|
||
|
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
|
||
|
# Values: CMD
|
||
|
#
|
||
|
actionstart =
|
||
|
|
||
|
# Option: actionstop
|
||
|
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
|
||
|
# Values: CMD
|
||
|
#
|
||
|
actionstop =
|
||
|
|
||
|
# Option: actioncheck
|
||
|
# Notes.: command executed once before each actionban command
|
||
|
# Values: CMD
|
||
|
#
|
||
|
actioncheck =
|
||
|
|
||
|
# Option: actionban
|
||
|
# Notes.: command executed when banning an IP. Take care that the
|
||
|
# command is executed with Fail2Ban user rights.
|
||
|
# Tags: See jail.conf(5) man page
|
||
|
# Values: CMD
|
||
|
#
|
||
|
actionban = oifs=${IFS};
|
||
|
RESOLVER_ADDR="%(addr_resolver)s"
|
||
|
if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi
|
||
|
ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
|
||
|
IFS=,; ADDRESSES=$(echo $ADDRESSES)
|
||
|
IFS=${oifs}
|
||
|
IP=<ip>
|
||
|
if [ ! -z "$ADDRESSES" ]; then
|
||
|
( printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)';
|
||
|
printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
|
||
|
%(_grep_logs)s;
|
||
|
) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
|
||
|
fi
|
||
|
|
||
|
# Option: actionunban
|
||
|
# Notes.: command executed when unbanning an IP. Take care that the
|
||
|
# command is executed with Fail2Ban user rights.
|
||
|
# Tags: See jail.conf(5) man page
|
||
|
# Values: CMD
|
||
|
#
|
||
|
actionunban =
|
||
|
|
||
|
# Server as resolver used in dig command
|
||
|
#
|
||
|
addr_resolver = <ip-rev>abuse-contacts.abusix.org
|
||
|
|
||
|
# Default message used for abuse content
|
||
|
#
|
||
|
message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n
|
||
|
|
||
|
# Path to the log files which contain relevant lines for the abuser IP
|
||
|
#
|
||
|
logpath = /dev/null
|
||
|
|
||
|
# Option: mailcmd
|
||
|
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
|
||
|
# Values: CMD
|
||
|
#
|
||
|
mailcmd = mail -E 'set escape' -s
|
||
|
|
||
|
# Option: mailargs
|
||
|
# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
|
||
|
# CC reports to another address:
|
||
|
# -c me@example.com
|
||
|
# Appear to come from a different address - the '--' indicates
|
||
|
# arguments to be passed to Sendmail:
|
||
|
# -- -f me@example.com
|
||
|
# Values: [ STRING ]
|
||
|
#
|
||
|
mailargs =
|
||
|
|
||
|
# Number of log lines to include in the email
|
||
|
#
|
||
|
#grepmax = 1000
|
||
|
#grepopts = -m <grepmax>
|