Subversion Repositories configs

# Fail2Ban configuration file

#

# Author: Russell Odom <russ@gloomytrousers.co.uk>

# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/)

#

# You MUST configure at least:

# <port> (the port that's being attacked - use number not name).

# <mnwlogin> (your mNW login).

# <mnwpass> (your mNW password).

#

# You SHOULD also provide:

# <myip> (your public IP address, if it's not the address of eth0)

# <protocol> (the protocol in use - defaults to tcp)

#

# Best practice is to provide <port> and <protocol> in jail.conf like this:

# action = mynetwatchman[port=1234,protocol=udp]

#

# ...and create "mynetwatchman.local" with contents something like this:

# [Init]

# mnwlogin = me@example.com

# mnwpass = SECRET

# myip = 10.0.0.1

#

# Another useful configuration value is <getcmd>, if you don't have wget

# installed (an example config for curl is given below)

#

[Definition]

# Option:  actionstart

# Notes.:  command executed once at the start of Fail2Ban.

# Values:  CMD

#

actionstart =

# Option:  actionstop

# Notes.:  command executed once at the end of Fail2Ban

# Values:  CMD

#

actionstop =

# Option:  actioncheck

# Notes.:  command executed once before each actionban command

# Values:  CMD

#

actioncheck =

# Option:  actionban

# Notes.:  command executed when banning an IP. Take care that the

#          command is executed with Fail2Ban user rights.

# Tags:    See jail.conf(5) man page

# Values:  CMD

#

#

# Note: We are currently using <time> for the timestamp because no tag is

# available to indicate the timestamp of the log message(s) which triggered the

# ban. Therefore the timestamps we are using in the report, whilst often only a

# few seconds out, are incorrect. See

# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047

#

actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'`

            MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'`

	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`

	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi

	    DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`

            <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out

# Option:  actionunban

# Notes.:  command executed when unbanning an IP. Take care that the

#          command is executed with Fail2Ban user rights.

# Tags:    See jail.conf(5) man page

# Values:  CMD

#

actionunban =

[Init]

# Option:  port

# Notes.:  The target port for the attack (numerical). MUST be provided in

#          the jail config, as it cannot be detected here.

# Values:  [ NUM ]  Default: ???

#

port = 0

# Option:  mnwlogin

# Notes.:  Your mNW login e-mail address. MUST be provided either in the jail

#          config or in a .local file.

#          Register at http://www.mynetwatchman.com/reg.asp

# Values:  [ STRING ]  Default: (empty)

#

mnwlogin =

# Option:  mnwpass

# Notes.:  The password corresponding to your mNW login e-mail address. MUST be

#          provided either in the jail config or in a .local file.

# Values:  [ STRING ]  Default: (empty)

#

mnwpass =

# Option:  myip

# Notes.:  The target IP for the attack (your public IP). Should be overridden

#          either in the jail config or in a .local file unless your PUBLIC IP

#          is the first IP assigned to eth0

# Values:  [ an IP address ]  Default: Tries to find the IP address of eth0,

#          which in most cases will be a private IP, and therefore incorrect

#

myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`

# Option:  protocol

# Notes.:  The protocol over which the attack is happening

# Values:  [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp

#

protocol = tcp

# Option:  agent

# Default: Fail2ban

agent = Fail2ban

# Option:  getcmd

# Notes.:  A command to fetch a URL. Should output page to STDOUT

# Values:  CMD  Default: wget

#

getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=<agent>

# Alternative value:

# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent <agent>

# Option:  srcport

# Notes.:  The source port of the attack. You're unlikely to have this info, so

#          you can leave the default

# Values:  [ NUM ]  Default: 0

#

srcport = 0

# Option:  mnwurl

# Notes.:  The report service URL on the mNW site

# Values:  STRING  Default: http://mynetwatchman.com/insertwebreport.asp

#

mnwurl = http://mynetwatchman.com/insertwebreport.asp

# Option:  tmpfile

# Notes.:  Base name of temporary files

# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-mynetwatchman

#

tmpfile = /var/run/fail2ban/tmp-mynetwatchman