Initial
This commit is contained in:
Acid
@@ -0,0 +1,5 @@
|
||||
[Definition]
|
||||
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
|
||||
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
|
||||
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
|
||||
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
|
||||
@@ -0,0 +1,10 @@
|
||||
[nextcloud]
|
||||
backend = auto
|
||||
enabled = true
|
||||
port = 80,443
|
||||
protocol = tcp
|
||||
bantime = 1h
|
||||
findtime = 30m
|
||||
maxretry = 5
|
||||
filter = nextcloud
|
||||
logpath = /nextcloud/data/nextcloud.log
|
||||
@@ -0,0 +1,31 @@
|
||||
[global]
|
||||
bantime = 15m
|
||||
findtime = 40m
|
||||
maxretry = 8
|
||||
ignoreip = 192.168.1.67
|
||||
|
||||
[sshd]
|
||||
enabled = true
|
||||
logpath = /var/log/auth.log
|
||||
action = iptables[name=SSH, port=22, protocol=tcp]
|
||||
telegram
|
||||
|
||||
[recidive]
|
||||
enabled = true
|
||||
logpath = /var/log/auth.log
|
||||
findtime = 7d
|
||||
bantime = -1
|
||||
maxretry = 4
|
||||
action = iptables[name=SSH, port=22, protocol=tcp]
|
||||
telegram
|
||||
|
||||
[nextcloud]
|
||||
backend = auto
|
||||
enabled = true
|
||||
port = 80,443
|
||||
protocol = tcp
|
||||
bantime = 1h
|
||||
findtime = 30m
|
||||
maxretry = 5
|
||||
filter = nextcloud
|
||||
logpath = /nextcloud/data/nextcloud.log
|
||||
Executable
+60
@@ -0,0 +1,60 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Sends text messages using Telegram
|
||||
# to alert webmaster of banning.
|
||||
|
||||
# Require one argument, one of the following
|
||||
# start
|
||||
# stop
|
||||
# ban
|
||||
# unban
|
||||
# Optional second argument: Ip for ban/unband
|
||||
|
||||
|
||||
# Display usage information
|
||||
function show_usage {
|
||||
echo "Usage: $0 action <ip>"
|
||||
echo "Where action start, stop, ban, unban"
|
||||
echo "and IP is optional passed to ban, unban"
|
||||
exit
|
||||
}
|
||||
|
||||
|
||||
# Send notification
|
||||
function send_msg {
|
||||
apiToken=6303844336:AAH6gtpXi3dfvK4cUYKnhLp8CeU7GDW4U0E
|
||||
chatId=5295465362
|
||||
url="https://api.telegram.org/bot$apiToken/sendMessage"
|
||||
|
||||
curl -s -X POST $url -d chat_id=$chatId -d text="$1"
|
||||
exit
|
||||
}
|
||||
|
||||
|
||||
# Check for script arguments
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
show_usage
|
||||
fi
|
||||
|
||||
|
||||
# Take action depending on argument
|
||||
if [ "$1" = 'start' ]
|
||||
then
|
||||
msg='Fail2ban+just+started.'
|
||||
send_msg $msg
|
||||
elif [ "$1" = 'stop' ]
|
||||
then
|
||||
msg='Fail2ban+just+stoped.'
|
||||
send_msg $msg
|
||||
elif [ "$1" = 'ban' ]
|
||||
then
|
||||
msg=$([ "$2" != '' ] && echo "Fail2ban+just+banned+$2" || echo 'Fail2ban+just+banned+an+ip.' )
|
||||
send_msg $msg
|
||||
elif [ "$1" = 'unban' ]
|
||||
then
|
||||
msg=$([ "$2" != '' ] && echo "Fail2ban+just+unbanned+$2" || echo "Fail2ban+just+unbanned+an+ip." )
|
||||
send_msg $msg
|
||||
else
|
||||
show_usage
|
||||
fi
|
||||
Reference in New Issue
Block a user