Subversion Repositories configs

Rev

Rev 6 | Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
3 - 1
# Fail2Ban configuration file
2
#
3
# Author: Russell Odom <russ@gloomytrousers.co.uk>
4
# Sends a complaint e-mail to addresses listed in the whois record for an
5
# offending IP address.
6
#
7
# You should provide the <logpath> in the jail config - lines from the log
8
# matching the given IP address will be provided in the complaint as evidence.
9
#
10
# Note that we will try to use e-mail addresses that are most likely to be abuse
11
# addresses (based on various keywords). If they aren't found we fall back on
12
# any other addresses found in the whois record, with a few exceptions.
13
# If no addresses are found, no e-mail is sent.
14
#
15
# WARNING
16
# -------
17
#
18
# Please do not use this action unless you are certain that fail2ban
19
# does not result in "false positives" for your deployment.  False
20
# positive reports could serve a mis-favor to the original cause by
21
# flooding corresponding contact addresses, and complicating the work
22
# of administration personnel responsible for handling (verified) legit
23
# complains.
24
#
25
# Please consider using e.g. sendmail-whois-lines.conf action which
26
# would send the reports with relevant information to you, so the
27
# report could be first reviewed and then forwarded to a corresponding
28
# contact if legit.
29
#
30
 
31
 
32
[Definition]
33
 
34
# Option:  actionstart
35
# Notes.:  command executed once at the start of Fail2Ban.
36
# Values:  CMD
37
#
38
actionstart =
39
 
40
# Option:  actionstop
41
# Notes.:  command executed once at the end of Fail2Ban
42
# Values:  CMD
43
#
44
actionstop =
45
 
46
# Option:  actioncheck
47
# Notes.:  command executed once before each actionban command
48
# Values:  CMD
49
#
50
actioncheck =
51
 
52
# Option:  actionban
53
# Notes.:  command executed when banning an IP. Take care that the
54
#          command is executed with Fail2Ban user rights.
55
# Tags:    See jail.conf(5) man page
56
# Values:  CMD
57
#
58
actionban = ADDRESSES=`whois <ip> | perl -e 'while (<STDIN>) { next if /^changed|@(ripe|apnic)\.net/io; $m += (/abuse|trouble:|report|spam|security/io?3:0); if (/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)/io) { while (s/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)//io) { if ($m) { $a{lc($1)}=$m } else { $b{lc($1)}=$m } } $m=0 } else { $m && --$m } } if (%%a) {print join(",",keys(%%a))} else {print join(",",keys(%%b))}'`
59
	    IP=<ip>
60
            if [ ! -z "$ADDRESSES" ]; then
61
                (printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '<ip>' <logpath>) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
62
            fi
63
 
64
# Option:  actionunban
65
# Notes.:  command executed when unbanning an IP. Take care that the
66
#          command is executed with Fail2Ban user rights.
67
# Tags:    See jail.conf(5) man page
68
# Values:  CMD
69
#
70
actionunban =
71
 
72
[Init]
73
message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)\n
74
 
75
# Path to the log files which contain relevant lines for the abuser IP
76
#
77
logpath = /dev/null
78
 
79
# Option:  mailcmd
80
# Notes.:  Your system mail command. Is passed 2 args: subject and recipient
81
# Values:  CMD
82
#
83
mailcmd = mail -s
84
 
85
# Option:  mailargs
86
# Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
87
#          CC reports to another address:
88
#              -c me@example.com
89
#          Appear to come from a different address - the '--' indicates
90
#          arguments to be passed to Sendmail:
91
#              -- -f me@example.com
92
# Values:  [ STRING ]
93
#
94
mailargs =
95