templates/jail_local.erb

################################################################################
##########                 jail.local managed by Puppet               ##########
##########            manual changes will be overwritten !!!          ##########
################################################################################
##########              full reference available under                ##########
##########   https://confdroid.com/2017/08/fail2ban-jail-conf/        ##########
################################################################################

[INCLUDES]

before              = paths-<%= @fn_jail_paths %>.conf

[DEFAULT]
ignoreip            = <%= @fn_ignoreip %>
ignorecommand       = <%= @fn_ignorecommand %>
bantime             = <%= @fn_bantime %>
findtime            = <%= @fn_findtime %>
maxretry            = <%= @fn_maxretry %>
backend             = <%= @fn_backend %>
usedns              = <%= @fn_usedns %>
logencoding         = <%= @fn_logencoding %>
enabled             = <%= @fn_enabled %>
filter              = <%= @fn_enabled %>
destemail           = <%= @fn_destemail %>
sender              = <%= @fn_sender %>
mta                 = <%= @fn_sender %>
protocol            = <%= @fn_protocol %>
chain               = <%= @fn_chain %>
port                = <%= @fn_port %>
fail2ban_agent      = <%= @fn_fail2ban_agent %>
banaction           = <%= @fn_banaction %>
banaction_allports  = <%= @fn_banaction_allports %>

action_             = <%= @fn_action_ %>
action_mw           = <%= @fn_action_mw %>

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]

# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# Report block via blocklist.de fail2ban reporting service API
#
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action. Create a file jail.d/blocklist_de.local containing
# [Init]
# blocklist_de_apikey = {api key from registration]
#
action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]

# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
#
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
#
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
added more file controls 2017-08-03 17:25:10 +01:00			`################################################################################`
			`########## jail.local managed by Puppet ##########`
			`########## manual changes will be overwritten !!! ##########`
			`################################################################################`
			`########## full reference available under ##########`
			`########## https://confdroid.com/2017/08/fail2ban-jail-conf/ ##########`
			`################################################################################`

			`[INCLUDES]`

checking auto-carriage return 2017-08-05 14:03:52 +01:00			`before = paths-<%= @fn_jail_paths %>.conf`
added more file controls 2017-08-03 17:25:10 +01:00
			`[DEFAULT]`
checking auto-carriage return 2017-08-05 14:03:52 +01:00			`ignoreip = <%= @fn_ignoreip %>`
			`ignorecommand = <%= @fn_ignorecommand %>`
			`bantime = <%= @fn_bantime %>`
			`findtime = <%= @fn_findtime %>`
			`maxretry = <%= @fn_maxretry %>`
			`backend = <%= @fn_backend %>`
			`usedns = <%= @fn_usedns %>`
			`logencoding = <%= @fn_logencoding %>`
			`enabled = <%= @fn_enabled %>`
			`filter = <%= @fn_enabled %>`
			`destemail = <%= @fn_destemail %>`
			`sender = <%= @fn_sender %>`
			`mta = <%= @fn_sender %>`
			`protocol = <%= @fn_protocol %>`
			`chain = <%= @fn_chain %>`
			`port = <%= @fn_port %>`
			`fail2ban_agent = <%= @fn_fail2ban_agent %>`
			`banaction = <%= @fn_banaction %>`
			`banaction_allports = <%= @fn_banaction_allports %>`

			`action_ = <%= @fn_action_ %>`
			`action_mw = <%= @fn_action_mw %>`
added more file controls 2017-08-03 17:25:10 +01:00
			`# ban & send an e-mail with whois report and relevant log lines`
			`# to the destemail.`
			`action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]`
			`%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]`

			`# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action`
			`#`
			`# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines`
			`# to the destemail.`
			`action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]`
			`xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]`

			`# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines`
			`# to the destemail.`
			`action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]`
			`%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]`

			`# Report block via blocklist.de fail2ban reporting service API`
			`#`
			`# See the IMPORTANT note in action.d/blocklist_de.conf for when to`
			`# use this action. Create a file jail.d/blocklist_de.local containing`
			`# [Init]`
			`# blocklist_de_apikey = {api key from registration]`
			`#`
			`action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]`

			`# Report ban via badips.com, and use as blacklist`
			`#`
			`# See BadIPsAction docstring in config/action.d/badips.py for`
			`# documentation for this action.`
			`#`
			`# NOTE: This action relies on banaction being present on start and therefore`
			`# should be last action defined for a jail.`
			`#`
			`action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]`
			`#`
			`# Report ban via badips.com (uses action.d/badips.conf for reporting only)`
			`#`
			`action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]`

			`# Choose default action. To change, just override value of 'action' with the`
			`# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local`
			`# globally (section [DEFAULT]) or per specific section`
			`action = %(action_)s`