Subversion Repositories configs

# Fail2ban configuration file

#

# Action to report IP address to abuseipdb.com

# You must sign up to obtain an API key from abuseipdb.com.

#

# NOTE: These reports may include sensitive Info.

# If you want cleaner reports that ensure no user data see the helper script at the below website.

#

# IMPORTANT:

#

# Reporting an IP of abuse is a serious complaint. Make sure that it is

# serious. Fail2ban developers and network owners recommend you only use this

# action for:

#   * The recidive where the IP has been banned multiple times

#   * Where maxretry has been set quite high, beyond the normal user typing

#     password incorrectly.

#   * For filters that have a low likelihood of receiving human errors

#

# This action relies on a api_key being added to the above action conf,

# and the appropriate categories set.

#

# Example, for ssh bruteforce (in section [sshd] of `jail.local`):

#   action = %(known/action)s

#            abuseipdb[abuseipdb_apikey="my-api-key", abuseipdb_category="18,22"]

#

# See below for categories.

#

# Added to fail2ban by Andrew James Collett (ajcollett)

## abuseIPDB Categories, `the abuseipdb_category` MUST be set in the jail.conf action call.

# Example, for ssh bruteforce: action = %(action_abuseipdb)s[abuseipdb_category="18,22"]

# ID	Title	Description

# 3	  Fraud Orders

# 4	  DDoS Attack

# 9	  Open Proxy

# 10	Web Spam

# 11	Email Spam

# 14	Port Scan

# 18	Brute-Force

# 19	Bad Web Bot

# 20	Exploited Host

# 21	Web App Attack

# 22	SSH	Secure Shell (SSH) abuse. Use this category in combination with more specific categories.

# 23	IoT Targeted

# See https://abuseipdb.com/categories for more descriptions

[Definition]

# bypass action for restored tickets

norestored = 1

# Option:  actionstart

# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).

# Values:  CMD

#

actionstart =

# Option:  actionstop

# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)

# Values:  CMD

#

actionstop =

# Option:  actioncheck

# Notes.:  command executed once before each actionban command

# Values:  CMD

#

actioncheck =

# Option:  actionban

# Notes.:  command executed when banning an IP. Take care that the

#          command is executed with Fail2Ban user rights.

#

#          ** IMPORTANT! **

#

#          By default, this posts directly to AbuseIPDB's API, unfortunately

#          this results in a lot of backslashes/escapes appearing in the

#          reports. This also may include info like your hostname.

#          If you have your own web server with PHP available, you can

#          use my (Shaun's) helper PHP script by commenting out the first #actionban

#          line below, uncommenting the second one, and pointing the URL at

#          wherever you install the helper script. For the PHP helper script, see

#          <https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban>

#

# Tags:    See jail.conf(5) man page

# Values:  CMD

#

actionban = lgm=$(printf '%%.1000s\n...' "<matches>"); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: <abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data-urlencode "ip=<ip>" --data "categories=<abuseipdb_category>"

# Option:  actionunban

# Notes.:  command executed when unbanning an IP. Take care that the

#          command is executed with Fail2Ban user rights.

# Tags:    See jail.conf(5) man page

# Values:  CMD

#

actionunban =

[Init]

# Option:  abuseipdb_apikey

# Notes    Your API key from abuseipdb.com

# Values:  STRING  Default: None

# Register for abuseipdb [https://www.abuseipdb.com], get api key and set below.

# You will need to set the category in the action call.

abuseipdb_apikey =