| 192 |
- |
1 |
# Fail2ban Citrix Netscaler Action
|
|
|
2 |
# by Juliano Jeziorny
|
|
|
3 |
# juliano@jeziorny.eu
|
|
|
4 |
#
|
|
|
5 |
# The script will add offender IPs to a dataset on netscaler, the dataset can then be used to block the IPs at a cs/vserver or global level
|
|
|
6 |
# This dataset is then used to block IPs using responder policies on the netscaler.
|
|
|
7 |
#
|
|
|
8 |
# The script assumes using HTTPS with unsecure certificate to access the netscaler,
|
|
|
9 |
# if you have a valid certificate installed remove the -k from the curl lines, or if you want http change it accordingly (and remove the -k)
|
|
|
10 |
#
|
|
|
11 |
# This action depends on curl
|
|
|
12 |
#
|
|
|
13 |
# You need to populate the 3 options inside Init
|
|
|
14 |
#
|
|
|
15 |
# ns_host: IP or hostname of netslcaer appliance
|
|
|
16 |
# ns_auth: username:password, suggest base64 encoded for a little added security (echo -n "username:password" | base64)
|
|
|
17 |
# ns_dataset: Name of the netscaler dataset holding the IPs to be blocked.
|
|
|
18 |
#
|
|
|
19 |
# For further details on how to use it please check http://blog.ckzone.eu/2017/01/fail2ban-action-for-citrix-netscaler.html
|
|
|
20 |
|
|
|
21 |
[Init]
|
|
|
22 |
ns_host =
|
|
|
23 |
ns_auth =
|
|
|
24 |
ns_dataset =
|
|
|
25 |
|
|
|
26 |
[Definition]
|
|
|
27 |
actionstart = curl -kH 'Authorization: Basic <ns_auth>' https://<ns_host>/nitro/v1/config
|
|
|
28 |
|
|
|
29 |
actioncheck =
|
|
|
30 |
|
|
|
31 |
actionban = curl -k -H 'Authorization: Basic <ns_auth>' -X PUT -d '{"policydataset_value_binding":{"name":"<ns_dataset>","value":"<ip>"}}' https://<ns_host>/nitro/v1/config/
|
|
|
32 |
|
|
|
33 |
actionunban = curl -H 'Authorization: Basic <ns_auth>' -X DELETE -k "https://<ns_host>/nitro/v1/config/policydataset_value_binding/<ns_dataset>?args=value:<ip>"
|