# Fail2Ban configuration file # # Author: Russell Odom # Submits attack reports to DShield (http://www.dshield.org/) # # You MUST configure at least: # (the port that's being attacked - use number not name). # # You SHOULD also provide: # (your public IP address, if it's not the address of eth0) # (your DShield userID, if you have one - recommended, but reports will # be used anonymously if not) # (the protocol in use - defaults to tcp) # # Best practice is to provide and in jail.conf like this: # action = dshield[port=1234,protocol=tcp] # # ...and create "dshield.local" with contents something like this: # [Init] # myip = 10.0.0.1 # userid = 12345 # # Other useful configuration values are (you can use for specifying # a different sender address for the report e-mails, which should match what is # configured at DShield), and // (to # configure how often the buffer is flushed). # [Definition] # bypass ban/unban for restored tickets norestored = 1 # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = if [ -f .buffer ]; then cat .buffer | "FORMAT DSHIELD USERID TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" date +%%s > .lastsent fi rm -f .buffer .first # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # # See http://www.dshield.org/specs.html for more on report format/notes # # Note: We are currently using