5 |
- |
1 |
# Fail2Ban configuration file
|
|
|
2 |
#
|
|
|
3 |
# Author: Steven Hiscocks
|
|
|
4 |
#
|
|
|
5 |
#
|
|
|
6 |
|
|
|
7 |
# Action to report IP address to blocklist.de
|
|
|
8 |
# Blocklist.de must be signed up to at www.blocklist.de
|
|
|
9 |
# Once registered, one or more servers can be added.
|
34 |
- |
10 |
# This action requires the server 'email address' and the associated apikey.
|
5 |
- |
11 |
#
|
|
|
12 |
# From blocklist.de:
|
|
|
13 |
# www.blocklist.de is a free and voluntary service provided by a
|
|
|
14 |
# Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
|
|
|
15 |
# Mail-Login-, FTP-, Webserver- and other services.
|
34 |
- |
16 |
# The mission is to report all attacks to the abuse departments of the
|
5 |
- |
17 |
# infected PCs/servers to ensure that the responsible provider can inform
|
|
|
18 |
# the customer about the infection and disable them
|
|
|
19 |
#
|
|
|
20 |
# IMPORTANT:
|
|
|
21 |
#
|
|
|
22 |
# Reporting an IP of abuse is a serious complaint. Make sure that it is
|
|
|
23 |
# serious. Fail2ban developers and network owners recommend you only use this
|
|
|
24 |
# action for:
|
|
|
25 |
# * The recidive where the IP has been banned multiple times
|
|
|
26 |
# * Where maxretry has been set quite high, beyond the normal user typing
|
|
|
27 |
# password incorrectly.
|
34 |
- |
28 |
# * For filters that have a low likelihood of receiving human errors
|
5 |
- |
29 |
#
|
|
|
30 |
|
|
|
31 |
[Definition]
|
|
|
32 |
|
|
|
33 |
# Option: actionstart
|
|
|
34 |
# Notes.: command executed once at the start of Fail2Ban.
|
|
|
35 |
# Values: CMD
|
|
|
36 |
#
|
|
|
37 |
actionstart =
|
|
|
38 |
|
|
|
39 |
# Option: actionstop
|
|
|
40 |
# Notes.: command executed once at the end of Fail2Ban
|
|
|
41 |
# Values: CMD
|
|
|
42 |
#
|
|
|
43 |
actionstop =
|
|
|
44 |
|
|
|
45 |
# Option: actioncheck
|
|
|
46 |
# Notes.: command executed once before each actionban command
|
|
|
47 |
# Values: CMD
|
|
|
48 |
#
|
|
|
49 |
actioncheck =
|
|
|
50 |
|
|
|
51 |
# Option: actionban
|
|
|
52 |
# Notes.: command executed when banning an IP. Take care that the
|
|
|
53 |
# command is executed with Fail2Ban user rights.
|
|
|
54 |
# Tags: See jail.conf(5) man page
|
|
|
55 |
# Values: CMD
|
|
|
56 |
#
|
71 |
- |
57 |
actionban = curl --fail --data-urlencode 'server=<email>' --data 'apikey=<apikey>' --data 'service=<service>' --data 'ip=<ip>' --data-urlencode 'logs=<matches>' --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"
|
5 |
- |
58 |
|
|
|
59 |
# Option: actionunban
|
|
|
60 |
# Notes.: command executed when unbanning an IP. Take care that the
|
|
|
61 |
# command is executed with Fail2Ban user rights.
|
|
|
62 |
# Tags: See jail.conf(5) man page
|
|
|
63 |
# Values: CMD
|
|
|
64 |
#
|
|
|
65 |
actionunban =
|
|
|
66 |
|
|
|
67 |
[Init]
|
|
|
68 |
|
|
|
69 |
# Option: email
|
|
|
70 |
# Notes server email address, as per blocklise.de account
|
|
|
71 |
# Values: STRING Default: None
|
|
|
72 |
#
|
|
|
73 |
#email =
|
|
|
74 |
|
|
|
75 |
# Option: apikey
|
|
|
76 |
# Notes your user blocklist.de user account apikey
|
|
|
77 |
# Values: STRING Default: None
|
|
|
78 |
#
|
|
|
79 |
#apikey =
|
|
|
80 |
|
|
|
81 |
# Option: service
|
|
|
82 |
# Notes service name you are reporting on, typically aligns with filter name
|
|
|
83 |
# see http://www.blocklist.de/en/httpreports.html for full list
|
|
|
84 |
# Values: STRING Default: None
|
|
|
85 |
#
|
|
|
86 |
#service =
|