finalized jail.local
This commit is contained in:
Arne Teuke
@@ -105,6 +105,18 @@
|
||||
# @param [string] fn_action_ ban only
|
||||
# @param [string] fn_action_mw ban & send an e-mail with whois report to the
|
||||
# destemail.
|
||||
# @param [string] fn_action_mwl ban & send an e-mail with whois report and
|
||||
# relevant log lines
|
||||
# @param [string] fn_action_xarf ban & send a xarf e-mail to abuse contact of
|
||||
# IP address and include relevant log lines.
|
||||
# @param [string] fn_action_cf_mwl ban IP on CloudFlare & send an e-mail with
|
||||
# whois report and relevant log lines.
|
||||
# @param [string] fn_action_blocklist_de Report block via blocklist.de fail2ban
|
||||
# reporting service API
|
||||
# @param [string] Report ban via badips.com, and use as blacklist
|
||||
# @param [string] fn_action_badips_report # Report ban via badips.com
|
||||
# (uses action.d/badips.conf for reporting only).
|
||||
# @param [string] fn_default_action Choose default action.
|
||||
###############################################################################
|
||||
class cd_fail2ban::params (
|
||||
|
||||
@@ -145,6 +157,13 @@ $fn_banaction = 'iptables-multiport',
|
||||
$fn_banaction_allports = 'iptables-allports',
|
||||
$fn_action_ = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]',
|
||||
$fn_action_mw = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]',
|
||||
$fn_action_mwl = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
|
||||
$fn_action_xarf = '%(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]',
|
||||
$fn_action_cf_mwl = 'cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]',
|
||||
$fn_action_blocklist_de = 'blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]',
|
||||
$fn_action_badips = 'badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]',
|
||||
$fn_action_badips_report = 'badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]',
|
||||
$fn_default_action = 'action_',
|
||||
|
||||
) {
|
||||
|
||||
|
||||
@@ -31,50 +31,15 @@ fail2ban_agent = <%= @fn_fail2ban_agent %>
|
||||
banaction = <%= @fn_banaction %>
|
||||
banaction_allports = <%= @fn_banaction_allports %>
|
||||
|
||||
# available actions
|
||||
action_ = <%= @fn_action_ %>
|
||||
action_mw = <%= @fn_action_mw %>
|
||||
action_mwl = <%= @fn_action_mwl %>
|
||||
action_xarf = <%= @fn_action_xarf %>
|
||||
action_cf_mwl = <%= @fn_action_cf_mwl %>
|
||||
action_blocklist_de = <%= @fn_action_blocklist_de %>
|
||||
action_badips = <%= @fn_action_badips %>
|
||||
action_badips_report = <%= @fn_action_badips_report %>
|
||||
|
||||
# ban & send an e-mail with whois report and relevant log lines
|
||||
# to the destemail.
|
||||
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
||||
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
||||
|
||||
# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
|
||||
#
|
||||
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
|
||||
# to the destemail.
|
||||
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
|
||||
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
|
||||
|
||||
# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
|
||||
# to the destemail.
|
||||
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
|
||||
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
|
||||
|
||||
# Report block via blocklist.de fail2ban reporting service API
|
||||
#
|
||||
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
|
||||
# use this action. Create a file jail.d/blocklist_de.local containing
|
||||
# [Init]
|
||||
# blocklist_de_apikey = {api key from registration]
|
||||
#
|
||||
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
|
||||
|
||||
# Report ban via badips.com, and use as blacklist
|
||||
#
|
||||
# See BadIPsAction docstring in config/action.d/badips.py for
|
||||
# documentation for this action.
|
||||
#
|
||||
# NOTE: This action relies on banaction being present on start and therefore
|
||||
# should be last action defined for a jail.
|
||||
#
|
||||
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
|
||||
#
|
||||
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
|
||||
#
|
||||
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
|
||||
|
||||
# Choose default action. To change, just override value of 'action' with the
|
||||
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
|
||||
# globally (section [DEFAULT]) or per specific section
|
||||
action = %(action_)s
|
||||
# Default action
|
||||
action = %(<%= @fn_default_action %>)s
|
||||
|
||||
Reference in New Issue
Block a user