diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-03-20 19:16:32 +0100 |
| commit | 39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch) | |
| tree | 9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf | |
| parent | 6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff) | |
| download | bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip | |
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf new file mode 100644 index 0000000..b0ab2cc --- /dev/null +++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf @@ -0,0 +1,143 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom <russ@gloomytrousers.co.uk> +# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/) +# +# You MUST configure at least: +# <port> (the port that's being attacked - use number not name). +# <mnwlogin> (your mNW login). +# <mnwpass> (your mNW password). +# +# You SHOULD also provide: +# <myip> (your public IP address, if it's not the address of eth0) +# <protocol> (the protocol in use - defaults to tcp) +# +# Best practice is to provide <port> and <protocol> in jail.conf like this: +# action = mynetwatchman[port=1234,protocol=udp] +# +# ...and create "mynetwatchman.local" with contents something like this: +# [Init] +# mnwlogin = me@example.com +# mnwpass = SECRET +# myip = 10.0.0.1 +# +# Another useful configuration value is <getcmd>, if you don't have wget +# installed (an example config for curl is given below) +# + +[Definition] + +# Option: actionstart +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +# +# Note: We are currently using <time> for the timestamp because no tag is +# available to indicate the timestamp of the log message(s) which triggered the +# ban. Therefore the timestamps we are using in the report, whilst often only a +# few seconds out, are incorrect. See +# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047 +# +actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'` + MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'` + PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols` + if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi + DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` + <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] +# Option: port +# Notes.: The target port for the attack (numerical). MUST be provided in +# the jail config, as it cannot be detected here. +# Values: [ NUM ] Default: ??? +# +port = 0 + +# Option: mnwlogin +# Notes.: Your mNW login e-mail address. MUST be provided either in the jail +# config or in a .local file. +# Register at http://www.mynetwatchman.com/reg.asp +# Values: [ STRING ] Default: (empty) +# +mnwlogin = + +# Option: mnwpass +# Notes.: The password corresponding to your mNW login e-mail address. MUST be +# provided either in the jail config or in a .local file. +# Values: [ STRING ] Default: (empty) +# +mnwpass = + +# Option: myip +# Notes.: The target IP for the attack (your public IP). Should be overridden +# either in the jail config or in a .local file unless your PUBLIC IP +# is the first IP assigned to eth0 +# Values: [ an IP address ] Default: Tries to find the IP address of eth0, +# which in most cases will be a private IP, and therefore incorrect +# +myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'` + +# Option: protocol +# Notes.: The protocol over which the attack is happening +# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp +# +protocol = tcp + +# Option: agent +# Default: Fail2ban +agent = Fail2ban + +# Option: getcmd +# Notes.: A command to fetch a URL. Should output page to STDOUT +# Values: CMD Default: wget +# +getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=<agent> +# Alternative value: +# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent <agent> + +# Option: srcport +# Notes.: The source port of the attack. You're unlikely to have this info, so +# you can leave the default +# Values: [ NUM ] Default: 0 +# +srcport = 0 + +# Option: mnwurl +# Notes.: The report service URL on the mNW site +# Values: STRING Default: http://mynetwatchman.com/insertwebreport.asp +# +mnwurl = http://mynetwatchman.com/insertwebreport.asp + +# Option: tmpfile +# Notes.: Base name of temporary files +# Values: [ STRING ] Default: /var/run/fail2ban/tmp-mynetwatchman +# +tmpfile = /var/run/fail2ban/tmp-mynetwatchman |
