diff options
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/mikrotik.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/mikrotik.conf | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/mikrotik.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/mikrotik.conf deleted file mode 100644 index 9343c86..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/mikrotik.conf +++ /dev/null @@ -1,84 +0,0 @@ -# Fail2Ban configuration file -# -# Mikrotik routerOS action to add/remove address-list entries -# -# Author: Duncan Bellamy <dunk@denkimushi.com> -# based on forum.mikrotik.com post by pakjebakmeel -# -# in the instructions: -# (10.0.0.1 is ip of mikrotik router) -# (10.0.0.2 is ip of fail2ban machine) -# -# on fail2ban machine: -# sudo mkdir /var/lib/fail2ban/ssh -# sudo chmod 700 /var/lib/fail2ban/ssh -# sudo ssh-keygen -N "" -f /var/lib/fail2ban/ssh/fail2ban_id_rsa -# sudo scp /var/lib/fail2ban/ssh/fail2ban_id_rsa.pub admin@10.0.0.1:/ -# ssh admin@10.0.0.1 -# -# on mikrotik router: -# /user add name=miki-f2b group=write address=10.0.0.2 password="" -# /user ssh-keys import public-key-file=fail2ban_id_rsa.pub user=miki-f2b -# /quit -# -# on fail2ban machine: -# (check password login fails) -# ssh miki-f2b@10.0.0.1 -# (check private key works) -# sudo ssh -i /var/lib/fail2ban/ssh/fail2ban_id_rsa miki-f2b@10.0.0.1 -# -# Then create rules on mikrorik router that use address -# list(s) maintained by fail2ban eg in the forward chain -# drop from address list, or in the forward chain drop -# from address list to server -# -# example extract from jail.local overriding some defaults -# action = mikrotik[keyfile="%(mkeyfile)s", user="%(muser)s", host="%(mhost)s", list="%(mlist)s"] -# -# ignoreip = 127.0.0.1/8 192.168.0.0/24 - -# mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa -# muser = myuser -# mhost = 192.168.0.1 -# mlist = BAD LIST - -[Definition] - -actionstart = - -actionstop = %(actionflush)s - -actionflush = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment~\"%(startcomment)s-*\"]" - -actioncheck = - -actionban = %(command)s "/ip firewall address-list add list=\"%(list)s\" address=<ip> comment=%(comment)s" - -actionunban = %(command)s "/ip firewall address-list remove [find list=\"%(list)s\" comment=%(comment)s]" - -command = ssh -l %(user)s -p%(port)s -i %(keyfile)s %(host)s - -# Option: user -# Notes.: username to use when connecting to routerOS -user = -# Option: port -# Notes.: port to use when connecting to routerOS -port = 22 -# Option: keyfile -# Notes.: ssh private key to use for connecting to routerOS -keyfile = -# Option: host -# Notes.: hostname or ip of router -host = -# Option: list -# Notes.: name of "address-list" to use on router -list = Fail2Ban -# Option: startcomment -# Notes.: used as a prefix to all comments, and used to match for flushing rules -startcomment = f2b-<name> -# Option: comment -# Notes.: comment to use on routerOS (must be unique as used for ip address removal) -comment = %(startcomment)s-<ip> - -[Init] -name="%(__name__)s" |
