Subversion Repositories configs

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1 
# Fail2Ban configuration file
2 
#
3 
# Author: Russell Odom <russ@gloomytrousers.co.uk>
4 
# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/)
5 
#
6 
# You MUST configure at least:
7 
# <port> (the port that's being attacked - use number not name).
8 
# <mnwlogin> (your mNW login).
9 
# <mnwpass> (your mNW password).
10 
#
11 
# You SHOULD also provide:
12 
# <myip> (your public IP address, if it's not the address of eth0)
13 
# <protocol> (the protocol in use - defaults to tcp)
14 
#
15 
# Best practice is to provide <port> and <protocol> in jail.conf like this:
16 
# action = mynetwatchman[port=1234,protocol=udp]
17 
#
18 
# ...and create "mynetwatchman.local" with contents something like this:
19 
# [Init]
20 
# mnwlogin = me@example.com
21 
# mnwpass = SECRET
22 
# myip = 10.0.0.1
23 
#
24 
# Another useful configuration value is <getcmd>, if you don't have wget
25 
# installed (an example config for curl is given below)
26 
#
27 
 
28 
[Definition]
29 
 
30 
# Option:  actionstart
31 
# Notes.:  command executed once at the start of Fail2Ban.
32 
# Values:  CMD
33 
#
34 
actionstart =
35 
 
36 
# Option:  actionstop
37 
# Notes.:  command executed once at the end of Fail2Ban
38 
# Values:  CMD
39 
#
40 
actionstop =
41 
 
42 
# Option:  actioncheck
43 
# Notes.:  command executed once before each actionban command
44 
# Values:  CMD
45 
#
46 
actioncheck =
47 
 
48 
# Option:  actionban
49 
# Notes.:  command executed when banning an IP. Take care that the
50 
#          command is executed with Fail2Ban user rights.
51 
# Tags:    See jail.conf(5) man page
52 
# Values:  CMD
53 
#
54 
#
55 
# Note: We are currently using <time> for the timestamp because no tag is
56 
# available to indicate the timestamp of the log message(s) which triggered the
57 
# ban. Therefore the timestamps we are using in the report, whilst often only a
58 
# few seconds out, are incorrect. See
59 
# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
60 
#
61 
actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'`
62 
            MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'`
63 
	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
64 
	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
65 
	    DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`
66 
            <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out
67 
 
68 
# Option:  actionunban
69 
# Notes.:  command executed when unbanning an IP. Take care that the
70 
#          command is executed with Fail2Ban user rights.
71 
# Tags:    See jail.conf(5) man page
72 
# Values:  CMD
73 
#
74 
actionunban =
75 
 
76 
[Init]
77 
# Option:  port
78 
# Notes.:  The target port for the attack (numerical). MUST be provided in
79 
#          the jail config, as it cannot be detected here.
80 
# Values:  [ NUM ]  Default: ???
81 
#
82 
port = 0
83 
 
84 
# Option:  mnwlogin
85 
# Notes.:  Your mNW login e-mail address. MUST be provided either in the jail
86 
#          config or in a .local file.
87 
#          Register at http://www.mynetwatchman.com/reg.asp
88 
# Values:  [ STRING ]  Default: (empty)
89 
#
90 
mnwlogin =
91 
 
92 
# Option:  mnwpass
93 
# Notes.:  The password corresponding to your mNW login e-mail address. MUST be
94 
#          provided either in the jail config or in a .local file.
95 
# Values:  [ STRING ]  Default: (empty)
96 
#
97 
mnwpass =
98 
 
99 
# Option:  myip
100 
# Notes.:  The target IP for the attack (your public IP). Should be overridden
101 
#          either in the jail config or in a .local file unless your PUBLIC IP
102 
#          is the first IP assigned to eth0
103 
# Values:  [ an IP address ]  Default: Tries to find the IP address of eth0,
104 
#          which in most cases will be a private IP, and therefore incorrect
105 
#
106 
myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
107 
 
108 
# Option:  protocol
109 
# Notes.:  The protocol over which the attack is happening
110 
# Values:  [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
111 
#
112 
protocol = tcp
113 
 
114 
# Option:  getcmd
115 
# Notes.:  A command to fetch a URL. Should output page to STDOUT
116 
# Values:  CMD  Default: wget
117 
#
118 
getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=Fail2Ban
119 
# Alternative value:
120 
# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent Fail2Ban
121 
 
122 
# Option:  srcport
123 
# Notes.:  The source port of the attack. You're unlikely to have this info, so
124 
#          you can leave the default
125 
# Values:  [ NUM ]  Default: 0
126 
#
127 
srcport = 0
128 
 
129 
# Option:  mnwurl
130 
# Notes.:  The report service URL on the mNW site
131 
# Values:  STRING  Default: http://mynetwatchman.com/insertwebreport.asp
132 
#
133 
mnwurl = http://mynetwatchman.com/insertwebreport.asp
134 
 
135 
# Option:  tmpfile
136 
# Notes.:  Base name of temporary files
137 
# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-mynetwatchman
138 
#
139 
tmpfile = /var/run/fail2ban/tmp-mynetwatchman