Subversion Repositories ALCASAR

Rev

Rev 2271 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2271 Rev 2272
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
# $Id: fail2ban.sh 2271 2017-06-04 18:45:27Z tom.houdayer $
 2 
# $Id: fail2ban.sh 2272 2017-06-04 19:03:43Z tom.houdayer $
3 
 
 3 
 
4 
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
 4 
FAIL_CONF="/etc/fail2ban/fail2ban.conf"
5 
JAIL_CONF="/etc/fail2ban/jail.conf"
 5 
JAIL_CONF="/etc/fail2ban/jail.conf"
6 
DIR_FILTER="/etc/fail2ban/filter.d/"
 6 
DIR_FILTER="/etc/fail2ban/filter.d/"
7 
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
 7 
ACTION_ALLPORTS="/etc/fail2ban/action.d/iptables-allports.conf"
Line 262... Line 262...
262 
#          host must be matched by a group named "host". The tag "<HOST>" can
 262 
#          host must be matched by a group named "host". The tag "<HOST>" can
263 
#          be used for standard IP/hostname matching and is only an alias for
 263 
#          be used for standard IP/hostname matching and is only an alias for
264 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 264 
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
265 
# Values:  TEXT
 265 
# Values:  TEXT
266 
#
 266 
#
267 
failregex = \[<HOST>\] \"POST \/pass
 267 
failregex = \[<HOST>\] \"POST \/password\.php
268 
 
 268 
 
269 
 
 269 
 
270 
# Option:  ignoreregex
 270 
# Option:  ignoreregex
271 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
 271 
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
272 
# Values:  TEXT
 272 
# Values:  TEXT
Line 317... Line 317...
317 
#          <failures>  number of failures
 317 
#          <failures>  number of failures
318 
#          <time>  unix timestamp of the ban time
 318 
#          <time>  unix timestamp of the ban time
319 
# Values:  CMD
 319 
# Values:  CMD
320 
 
 320 
 
321 
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
 321 
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
322 
            iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 322 
	    iptables -I fail2ban-<name> 1 -s <ip> -j DROP
323 
 
 323 
 
324 
# Option:  actionunban
 324 
# Option:  actionunban
325 
# Notes.:  command executed when unbanning an IP. Take care that the
 325 
# Notes.:  command executed when unbanning an IP. Take care that the
326 
#          command is executed with Fail2Ban user rights.
 326 
#          command is executed with Fail2Ban user rights.
327 
# Tags:    <ip>  IP address
 327 
# Tags:    <ip>  IP address
328 
#          <failures>  number of failures
 328 
#          <failures>  number of failures
329 
#          <time>  unix timestamp of the ban time
 329 
#          <time>  unix timestamp of the ban time
330 
# Values:  CMD
 330 
# Values:  CMD
331 
#
 331 
#
332 
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
 332 
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
333 
              iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
 333 
	      iptables -D fail2ban-<name> -s <ip> -j ULOG --ulog-prefix "Fail2Ban -- DROP"
334 
 
 334 
 
335 
[Init]
 335 
[Init]
336 
 
 336 
 
337 
# Defaut name of the chain
 337 
# Defaut name of the chain
338 
#
 338 
#