diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
| commit | 83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch) | |
| tree | 19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf | |
| parent | 51d43498b07dc97d795947964534f0903cd05db5 (diff) | |
| download | bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip | |
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf | 143 |
1 files changed, 0 insertions, 143 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf deleted file mode 100644 index b0ab2cc..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/mynetwatchman.conf +++ /dev/null @@ -1,143 +0,0 @@ -# Fail2Ban configuration file -# -# Author: Russell Odom <russ@gloomytrousers.co.uk> -# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/) -# -# You MUST configure at least: -# <port> (the port that's being attacked - use number not name). -# <mnwlogin> (your mNW login). -# <mnwpass> (your mNW password). -# -# You SHOULD also provide: -# <myip> (your public IP address, if it's not the address of eth0) -# <protocol> (the protocol in use - defaults to tcp) -# -# Best practice is to provide <port> and <protocol> in jail.conf like this: -# action = mynetwatchman[port=1234,protocol=udp] -# -# ...and create "mynetwatchman.local" with contents something like this: -# [Init] -# mnwlogin = me@example.com -# mnwpass = SECRET -# myip = 10.0.0.1 -# -# Another useful configuration value is <getcmd>, if you don't have wget -# installed (an example config for curl is given below) -# - -[Definition] - -# Option: actionstart -# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). -# Values: CMD -# -actionstart = - -# Option: actionstop -# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -# Values: CMD -# -actionstop = - -# Option: actioncheck -# Notes.: command executed once before each actionban command -# Values: CMD -# -actioncheck = - -# Option: actionban -# Notes.: command executed when banning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -# -# Note: We are currently using <time> for the timestamp because no tag is -# available to indicate the timestamp of the log message(s) which triggered the -# ban. Therefore the timestamps we are using in the report, whilst often only a -# few seconds out, are incorrect. See -# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047 -# -actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'` - MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'` - PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols` - if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi - DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` - <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out - -# Option: actionunban -# Notes.: command executed when unbanning an IP. Take care that the -# command is executed with Fail2Ban user rights. -# Tags: See jail.conf(5) man page -# Values: CMD -# -actionunban = - -[Init] -# Option: port -# Notes.: The target port for the attack (numerical). MUST be provided in -# the jail config, as it cannot be detected here. -# Values: [ NUM ] Default: ??? -# -port = 0 - -# Option: mnwlogin -# Notes.: Your mNW login e-mail address. MUST be provided either in the jail -# config or in a .local file. -# Register at http://www.mynetwatchman.com/reg.asp -# Values: [ STRING ] Default: (empty) -# -mnwlogin = - -# Option: mnwpass -# Notes.: The password corresponding to your mNW login e-mail address. MUST be -# provided either in the jail config or in a .local file. -# Values: [ STRING ] Default: (empty) -# -mnwpass = - -# Option: myip -# Notes.: The target IP for the attack (your public IP). Should be overridden -# either in the jail config or in a .local file unless your PUBLIC IP -# is the first IP assigned to eth0 -# Values: [ an IP address ] Default: Tries to find the IP address of eth0, -# which in most cases will be a private IP, and therefore incorrect -# -myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'` - -# Option: protocol -# Notes.: The protocol over which the attack is happening -# Values: [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp -# -protocol = tcp - -# Option: agent -# Default: Fail2ban -agent = Fail2ban - -# Option: getcmd -# Notes.: A command to fetch a URL. Should output page to STDOUT -# Values: CMD Default: wget -# -getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=<agent> -# Alternative value: -# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent <agent> - -# Option: srcport -# Notes.: The source port of the attack. You're unlikely to have this info, so -# you can leave the default -# Values: [ NUM ] Default: 0 -# -srcport = 0 - -# Option: mnwurl -# Notes.: The report service URL on the mNW site -# Values: STRING Default: http://mynetwatchman.com/insertwebreport.asp -# -mnwurl = http://mynetwatchman.com/insertwebreport.asp - -# Option: tmpfile -# Notes.: Base name of temporary files -# Values: [ STRING ] Default: /var/run/fail2ban/tmp-mynetwatchman -# -tmpfile = /var/run/fail2ban/tmp-mynetwatchman |
