# Fail2Ban configuration file
#
# Author: IGAM Muliarsa
#
#
# Action to report IP address to abuseipdb.com
# you must sign up in https://www.abuseipdb.com
# This action requires API_KEY
# https://www.abuseipdb.com/report/json?key=[API_KEY]&category=[CATEGORIES]&comment=[COMMENT]&ip=[IP]
#
# IMPORTANT:
#
# Reporting an IP of abuse is a serious complaint. Make sure that it is
# serious. Fail2ban developers and network owners recommend you only use this
# action for:
# * The recidive where the IP has been banned multiple times
# * Where maxretry has been set quite high, beyond the normal user typing
# password incorrectly.
# * For filters that have a low likelyhood of receiving human errors
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban
= curl --data 'key=<apikey>' --data 'category=<category>'
--data 'ip=<ip>' --data-urlencode 'comment=<matches>'
--user-agent 'fail2ban v0.8.12' 'https://www.abuseipdb.com/report/json'
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
[Init]
# Option: apikey
# Notes your user apikey from abuseipdb.com user account
# Values: STRING Default: None
#
apikey = REPLACE_WITH_YOUR_API_KEY
# Option: service
# Notes service name you are reporting on, typically aligns with filter name
# Values: STRING Default: None
#
#service =
Edit /etc/fail2ban/jail.conf
...
[sshd]
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
filter = sshd
action = iptables-ipset-proto4[]
mlocaldb[category=10]
abuseipdb[category=4,18,22]
...
To find available category, follow this rule.
Restart your fail2ban.
Tested on Fail2ban 0.9.x
No comments:
Post a Comment