diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
| commit | 83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch) | |
| tree | 19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf | |
| parent | 51d43498b07dc97d795947964534f0903cd05db5 (diff) | |
| download | bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip | |
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf | 107 |
1 files changed, 0 insertions, 107 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf deleted file mode 100644 index 5a14fa3..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf +++ /dev/null @@ -1,107 +0,0 @@ -# IPThreat configuration file -# -# Added to fail2ban by Jeff Johnson (jjxtra) -# -# Action to report IP address to ipthreat.net -# -# You must sign up to obtain an API key from ipthreat.net and request bulk report permissions -# https://ipthreat.net/integrations -# -# IPThreat is a 100% free site and service, all data is licensed under a creative commons by attribution license -# Please do not integrate if you do not agree to the license -# -# IMPORTANT: -# -# Reporting an IP is a serious action. Make sure that it is legit. -# Consider using this action only for: -# * IP that has been banned more than once -# * High max retry to avoid user mis-typing password -# * Filters that are unlikely to be human error -# -# Example: -# ``` -# action = %(known/action)s -# ipthreat[] -# ``` -# -# The action accepts the following arguments: ipthreat[ipthreat_flags="8",ipthreat_system="SSH", ipthreat_apikey=...] -# In most cases your action could be as simple as: ipthreat[], since the default flags and system are set to the most correct default values. -# You can optionally override ipthreat_system and ipthreat_flags if desired. -# The ipthreat_apikey must be set at the bottom of this configuration file. -# -# `ipthreat_system` is a short name of the system attacked, i.e. SSH, SMTP, MYSQL, PHP, etc. -# -# For `ipthreat_flags`, most cases will use 8 (BruteForce) which is the default, but you could use others. -# You can use the name or the ordinal. -# Multiple values are comma separated. -# ``` -# Name Ordinal Description -# Dns 1 Abuse/attack of dns (domain name server) -# Fraud 2 General fraud, whether orders, misuse of payment info, etc -# DDos 4 Distributed denial of service attack, whether through http requests, large ping attack, etc -# BruteForce 8 Brute force login attack -# Proxy 16 IP is a proxy like TOR or other proxy server -# Spam 32 Email, comment or other type of spam -# Vpn 64 IP is part of a VPN -# Hacking 128 General hacking outside of brute force attack (includes vulnerability scans, sql injection, etc.). Use port scan flag instead if it's just probe on ports. -# BadBot 256 Bad bot that is not honoring robots.txt or just flooding with too many requests, etc -# Compromised 512 The ip has been taken over by malware or botnet -# Phishing 1024 The ip is involved in phishing or spoofing -# Iot 2048 The ip has targeted an iot (Internet of Things) device -# PortScan 4096 Port scan -# See https://ipthreat.net/bulkreportformat for more information -# ``` - -[Definition] - -# bypass action for restored tickets -norestored = 1 - -# Option: actionstart -# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). -# Values: CMD -# -actionstart = - -# Option: actionstop -# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -# Values: CMD -# -actionstop = - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionban = curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: <ipthreat_apikey>" -d "{\"ip\":\"<ip>\",\"flags\":\"<ipthreat_flags>\",\"system\":\"<ipthreat_system>\",\"notes\":\"fail2ban\"}" - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionunban = - -[Init] -# Option: ipthreat_apikey -# Notes Your API key from ipthreat.net -# Values: STRING Default: None -# Register for ipthreat [https://ipthreat.net], get api key and set below. -# You will need to set the flags and system in the action call in jail.conf -ipthreat_apikey = - -# By default, the ipthreat system is the name of the fail2ban jail -ipthreat_system = <name> - -# By default the ip threat flags is 8 (brute force), but you can override this per jail if desired -ipthreat_flags = 8
\ No newline at end of file |
