"Fossies" - the Fresh Open Source Software Archive

Member "fail2ban-0.11.1/config/action.d/abuseipdb.conf" (11 Jan 2020, 3848 Bytes) of package /linux/misc/fail2ban-0.11.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "abuseipdb.conf": 0.10.5_vs_0.11.1.

    1 # Fail2ban configuration file
    2 #
    3 # Action to report IP address to abuseipdb.com
    4 # You must sign up to obtain an API key from abuseipdb.com.
    5 #
    6 # NOTE: These reports may include sensitive Info.
    7 # If you want cleaner reports that ensure no user data see the helper script at the below website.
    8 #
    9 # IMPORTANT:
   10 #
   11 # Reporting an IP of abuse is a serious complaint. Make sure that it is
   12 # serious. Fail2ban developers and network owners recommend you only use this
   13 # action for:
   14 #   * The recidive where the IP has been banned multiple times
   15 #   * Where maxretry has been set quite high, beyond the normal user typing
   16 #     password incorrectly.
   17 #   * For filters that have a low likelihood of receiving human errors
   18 #
   19 # This action relies on a api_key being added to the above action conf,
   20 # and the appropriate categories set.
   21 #
   22 # Example, for ssh bruteforce (in section [sshd] of `jail.local`): 
   23 #   action = %(known/action)s
   24 #            %(action_abuseipdb)s[abuseipdb_apikey="my-api-key", abuseipdb_category="18,22"]
   25 #
   26 # See below for catagories.
   27 #
   28 # Original Ref: https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
   29 # Added to fail2ban by Andrew James Collett (ajcollett)
   30 
   31 ## abuseIPDB Catagories, `the abuseipdb_category` MUST be set in the jail.conf action call.
   32 # Example, for ssh bruteforce: action = %(action_abuseipdb)s[abuseipdb_category="18,22"]
   33 # ID    Title   Description
   34 # 3   Fraud Orders
   35 # 4   DDoS Attack
   36 # 9   Open Proxy
   37 # 10    Web Spam
   38 # 11    Email Spam
   39 # 14    Port Scan
   40 # 18    Brute-Force
   41 # 19    Bad Web Bot
   42 # 20    Exploited Host
   43 # 21    Web App Attack
   44 # 22    SSH Secure Shell (SSH) abuse. Use this category in combination with more specific categories.
   45 # 23    IoT Targeted
   46 # See https://abuseipdb.com/categories for more descriptions
   47 
   48 [Definition]
   49 
   50 # bypass action for restored tickets
   51 norestored = 1
   52 
   53 # Option:  actionstart
   54 # Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
   55 # Values:  CMD
   56 #
   57 actionstart =
   58 
   59 # Option:  actionstop
   60 # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
   61 # Values:  CMD
   62 #
   63 actionstop =
   64 
   65 # Option:  actioncheck
   66 # Notes.:  command executed once before each actionban command
   67 # Values:  CMD
   68 #
   69 actioncheck =
   70 
   71 # Option:  actionban
   72 # Notes.:  command executed when banning an IP. Take care that the
   73 #          command is executed with Fail2Ban user rights.
   74 #
   75 #          ** IMPORTANT! **
   76 #
   77 #          By default, this posts directly to AbuseIPDB's API, unfortunately
   78 #          this results in a lot of backslashes/escapes appearing in the
   79 #          reports. This also may include info like your hostname.
   80 #          If you have your own web server with PHP available, you can
   81 #          use my (Shaun's) helper PHP script by commenting out the first #actionban
   82 #          line below, uncommenting the second one, and pointing the URL at
   83 #          wherever you install the helper script. For the PHP helper script, see
   84 #          <https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban>
   85 #
   86 # Tags:    See jail.conf(5) man page
   87 # Values:  CMD
   88 #
   89 actionban = lgm=$(printf '%%.1000s\n...' "<matches>"); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: <abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data-urlencode "ip=<ip>" --data "categories=<abuseipdb_category>"
   90 
   91 # Option:  actionunban
   92 # Notes.:  command executed when unbanning an IP. Take care that the
   93 #          command is executed with Fail2Ban user rights.
   94 # Tags:    See jail.conf(5) man page
   95 # Values:  CMD
   96 #
   97 actionunban =
   98 
   99 [Init]
  100 # Option:  abuseipdb_apikey
  101 # Notes    Your API key from abuseipdb.com
  102 # Values:  STRING  Default: None
  103 # Register for abuseipdb [https://www.abuseipdb.com], get api key and set below.
  104 # You will need to set the category in the action call.
  105 abuseipdb_apikey =