Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban configuration file## Author: Viktor Szépe##[INCLUDES]before = sendmail-common.conf[Definition]# Option: actionban# Notes.: Command executed when banning an IP. Take care that the# command is executed with Fail2Ban user rights.# You need to install geoiplookup and the GeoLite or GeoIP databases.# (geoip-bin and geoip-database in Debian)# The host command comes from bind9-host package.# Tags: See jail.conf(5) man page# Values: CMD#actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`From: <sendername> <<sender>>To: <dest>\nHi,\nThe IP <ip> has just been banned by Fail2Ban after<failures> attempts against <name>.\n\nHere is more information about <ip>:\nhttp://bgp.he.net/ip/<ip>http://www.projecthoneypot.org/ip_<ip>http://whois.domaintools.com/<ip>\n\nCountry:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`hostname: `host -t A <ip> 2>&1`\n\nLines containing IP:<ip> in <logpath>\n`grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\nRegards,\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>[Init]# Default name of the chain#name = default# Path to the log files which contain relevant lines for the abuser IP#logpath = /dev/null