aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
commit83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch)
tree19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf
parent51d43498b07dc97d795947964534f0903cd05db5 (diff)
downloadbin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz
bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf207
1 files changed, 0 insertions, 207 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf
deleted file mode 100644
index 3d5a7a5..0000000
--- a/straper/db/public/fail2ban/etc-fail2ban/action.d/dshield.conf
+++ /dev/null
@@ -1,207 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Russell Odom <russ@gloomytrousers.co.uk>
-# Submits attack reports to DShield (http://www.dshield.org/)
-#
-# You MUST configure at least:
-# <port> (the port that's being attacked - use number not name).
-#
-# You SHOULD also provide:
-# <myip> (your public IP address, if it's not the address of eth0)
-# <userid> (your DShield userID, if you have one - recommended, but reports will
-# be used anonymously if not)
-# <protocol> (the protocol in use - defaults to tcp)
-#
-# Best practice is to provide <port> and <protocol> in jail.conf like this:
-# action = dshield[port=1234,protocol=tcp]
-#
-# ...and create "dshield.local" with contents something like this:
-# [Init]
-# myip = 10.0.0.1
-# userid = 12345
-#
-# Other useful configuration values are <mailargs> (you can use for specifying
-# a different sender address for the report e-mails, which should match what is
-# configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to
-# configure how often the buffer is flushed).
-#
-
-[Definition]
-
-# bypass ban/unban for restored tickets
-norestored = 1
-
-# Option: actionstart
-# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
-# Values: CMD
-#
-actionstart =
-
-# Option: actionstop
-# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-# Values: CMD
-#
-actionstop = if [ -f <tmpfile>.buffer ]; then
- cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
- date +%%s > <tmpfile>.lastsent
- fi
- rm -f <tmpfile>.buffer <tmpfile>.first
-
-# Option: actioncheck
-# Notes.: command executed once before each actionban command
-# Values: CMD
-#
-actioncheck =
-
-# Option: actionban
-# Notes.: command executed when banning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-# Tags: See jail.conf(5) man page
-# Values: CMD
-#
-# See http://www.dshield.org/specs.html for more on report format/notes
-#
-# Note: We are currently using <time> for the timestamp because no tag is
-# available to indicate the timestamp of the log message(s) which triggered the
-# ban. Therefore the timestamps we are using in the report, whilst often only a
-# few seconds out, are incorrect. See
-# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
-#
-actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
- DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
- PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
- if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
- printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer
- NOW=`date +%%s`
- if [ ! -f <tmpfile>.first ]; then
- echo <time> | cut -d. -f1 > <tmpfile>.first
- fi
- if [ ! -f <tmpfile>.lastsent ]; then
- echo 0 > <tmpfile>.lastsent
- fi
- LOGAGE=$(($NOW - `cat <tmpfile>.first`))
- LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
- LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
- if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then
- cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <mailargs> <dest>
- rm -f <tmpfile>.buffer <tmpfile>.first
- echo $NOW > <tmpfile>.lastsent
- fi
-
-# Option: actionunban
-# Notes.: command executed when unbanning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-# Tags: See jail.conf(5) man page
-# Values: CMD
-#
-actionunban = if [ -f <tmpfile>.first ]; then
- NOW=`date +%%s`
- LOGAGE=$(($NOW - `cat <tmpfile>.first`))
- if [ $LOGAGE -gt <maxbufferage> ]; then
- cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
- rm -f <tmpfile>.buffer <tmpfile>.first
- echo $NOW > <tmpfile>.lastsent
- fi
- fi
-
-
-[Init]
-# Option: port
-# Notes.: The target port for the attack (numerical). MUST be provided in the
-# jail config, as it cannot be detected here.
-# Values: [ NUM ]
-#
-port = ???
-
-# Option: userid
-# Notes.: Your DShield user ID. Should be provided either in the jail config or
-# in a .local file.
-# Register at https://secure.dshield.org/register.html
-# Values: [ NUM ]
-#
-userid = 0
-
-# Option: myip
-# Notes.: The target IP for the attack (your public IP). Should be provided
-# either in the jail config or in a .local file unless your PUBLIC IP
-# is the first IP assigned to eth0
-# Values: [ an IP address ] Default: Tries to find the IP address of eth0,
-# which in most cases will be a private IP, and therefore incorrect
-#
-myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
-
-# Option: protocol
-# Notes.: The protocol over which the attack is happening
-# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
-#
-protocol = tcp
-
-# Option: lines
-# Notes.: How many lines to buffer before making a report. Regardless of this,
-# reports are sent a minimum of <minreportinterval> apart, or if the
-# buffer contains an event over <maxbufferage> old, or on shutdown
-# Values: [ NUM ]
-#
-lines = 50
-
-# Option: minreportinterval
-# Notes.: Minimum period (in seconds) that must elapse before we submit another
-# batch of reports. DShield request a minimum of 1 hour (3600 secs)
-# between reports.
-# Values: [ NUM ]
-#
-minreportinterval = 3600
-
-# Option: maxbufferage
-# Notes.: Maximum age (in seconds) of the oldest report in the buffer before we
-# submit the batch, even if we haven't reached <lines> yet. Note that
-# this is only checked on each ban/unban, and that we always send
-# anything in the buffer on shutdown. Must be greater than
-# Values: [ NUM ]
-#
-maxbufferage = 21600
-
-# Option: srcport
-# Notes.: The source port of the attack. You're unlikely to have this info, so
-# you can leave the default
-# Values: [ NUM ]
-#
-srcport = ???
-
-# Option: tcpflags
-# Notes.: TCP flags on attack. You're unlikely to have this info, so you can
-# leave empty
-# Values: [ STRING ]
-#
-tcpflags =
-
-# Option: mailcmd
-# Notes.: Your system mail command. Is passed 2 args: subject and recipient
-# Values: CMD
-#
-mailcmd = mail -E 'set escape' -s
-
-# Option: mailargs
-# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-# CC reports to another address:
-# -c me@example.com
-# Appear to come from a different address (the From address must match
-# the one configured at DShield - the '--' indicates arguments to be
-# passed to Sendmail):
-# -- -f me@example.com
-# Values: [ STRING ]
-#
-mailargs =
-
-# Option: dest
-# Notes.: Destination e-mail address for reports
-# Values: [ STRING ]
-#
-dest = reports@dshield.org
-
-# Option: tmpfile
-# Notes.: Base name of temporary files used for buffering
-# Values: [ STRING ]
-#
-tmpfile = /var/run/fail2ban/tmp-dshield
-