?¡ëPNG  IHDR ? f ??C1 sRGB ??¨¦ gAMA ¡À? ¨¹a pHYs ? ??o¡§d GIDATx^¨ª¨¹L¡±¡Âe¡ÂY?a?("Bh?_¨°???¡é¡ì?q5k?*:t0A-o??£¤]VkJ¡éM??f?¡À8\k2¨ªll¡ê1]q?¨´???T
Warning: file_get_contents(https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/ru.json): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/user1137782/www/china1.by/classwithtostring.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 213

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 214

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 215

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 216

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 217

Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 218
sendmail-whois-ipmatches.conf000066600000001716150473023160012323 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = sendmail-common.conf [Definition] # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n `/usr/bin/whois `\n\n Matches with failures IP:\n \n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [Init] # Default name of the chain # name = default nsupdate.conf000066600000006112150473023160007243 0ustar00# Fail2Ban configuration file # # Author: Andrew St. Jean # # Use nsupdate to perform dynamic DNS updates on a BIND zone file. # One may want to do this to update a local RBL with banned IP addresses. # # Options # # domain DNS domain that will appear in nsupdate add and delete # commands. # # ttl The time to live (TTL) in seconds of the TXT resource # record. # # rdata Data portion of the TXT resource record. # # nsupdatecmd Full path to the nsupdate command. # # keyfile Full path to TSIG key file used for authentication between # nsupdate and BIND. # # Create an nsupdate.local to set at least the and # options as they don't have default values. # # The ban and unban commands assume nsupdate will authenticate to the BIND # server using a TSIG key. The full path to the key file must be specified # in the parameter. Use this command to generate your TSIG key. # # dnssec-keygen -a HMAC-MD5 -b 256 -n HOST # # Replace with some meaningful name. # # This command will generate two files. Specify the .private file in the # option. Note that the .key file must also be present in the same # directory for nsupdate to use the key. # # Don't forget to add the key and appropriate allow-update or update-policy # option to your named.conf file. # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = echo | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". IN TXT \"\""; print "send"}' | -k # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = echo | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | -k [Init] # Option: domain # Notes.: DNS domain that nsupdate will update. # Values: STRING # domain = # Option: ttl # Notes.: time to live (TTL) in seconds of TXT resource record # added by nsupdate. # Values: NUM # ttl = 60 # Option: rdata # Notes.: data portion of the TXT resource record added by nsupdate. # Values: STRING # rdata = Your IP has been banned # Option: nsupdatecmd # Notes.: specifies the full path to the nsupdate program that dynamically # updates BIND zone files. # Values: CMD # nsupdatecmd = /usr/bin/nsupdate # Option: keyfile # Notes.: specifies the full path to the file containing the # TSIG key for communicating with BIND. # Values: STRING # keyfile = sendmail-whois-lines.conf000066600000002267150473023160011462 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = sendmail-common.conf [Definition] # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n `/usr/bin/whois || echo missing whois program`\n\n Lines containing IP: in \n `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [Init] # Default name of the chain # name = default # Path to the log files which contain relevant lines for the abuser IP # logpath = /dev/null # Number of log lines to include in the email # grepopts = -m 1000 mail-whois-lines.conf000066600000003773150473023160010613 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # Modified-By: Yaroslav Halchenko to include grepping on IP over log files # [INCLUDES] before = mail-whois-common.conf [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = printf %%b "Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] : started on `uname -n`" # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = printf %%b "Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] : stopped on `uname -n`" # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n `%(_whois_command)s`\n\n Lines containing IP: in \n `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] : banned from `uname -n`" # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = [Init] # Default name of the chain # name = default # Destinataire of the mail # dest = root # Path to the log files which contain relevant lines for the abuser IP # logpath = /dev/null # Number of log lines to include in the email # grepopts = -m 1000 badips.py000066600000024574150473023160006401 0ustar00# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- # vi: set ft=python sts=4 ts=4 sw=4 noet : # This file is part of Fail2Ban. # # Fail2Ban is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Fail2Ban is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Fail2Ban; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. import sys if sys.version_info < (2, 7): raise ImportError("badips.py action requires Python >= 2.7") import json import threading import logging if sys.version_info >= (3, ): from urllib.request import Request, urlopen from urllib.parse import urlencode from urllib.error import HTTPError else: from urllib2 import Request, urlopen, HTTPError from urllib import urlencode from fail2ban.server.actions import ActionBase class BadIPsAction(ActionBase): """Fail2Ban action which reports bans to badips.com, and also blacklist bad IPs listed on badips.com by using another action's ban method. Parameters ---------- jail : Jail The jail which the action belongs to. name : str Name assigned to the action. category : str Valid badips.com category for reporting failures. score : int, optional Minimum score for bad IPs. Default 3. age : str, optional Age of last report for bad IPs, per badips.com syntax. Default "24h" (24 hours) key : str, optional Key issued by badips.com to report bans, for later retrieval of personalised content. banaction : str, optional Name of banaction to use for blacklisting bad IPs. If `None`, no blacklist of IPs will take place. Default `None`. bancategory : str, optional Name of category to use for blacklisting, which can differ from category used for reporting. e.g. may want to report "postfix", but want to use whole "mail" category for blacklist. Default `category`. bankey : str, optional Key issued by badips.com to blacklist IPs reported with the associated key. updateperiod : int, optional Time in seconds between updating bad IPs blacklist. Default 900 (15 minutes) agent : str, optional User agent transmitted to server. Default `Fail2Ban/ver.` Raises ------ ValueError If invalid `category`, `score`, `banaction` or `updateperiod`. """ TIMEOUT = 10 _badips = "http://www.badips.com" def _Request(self, url, **argv): return Request(url, headers={'User-Agent': self.agent}, **argv) def __init__(self, jail, name, category, score=3, age="24h", key=None, banaction=None, bancategory=None, bankey=None, updateperiod=900, agent="Fail2Ban", timeout=TIMEOUT): super(BadIPsAction, self).__init__(jail, name) self.timeout = timeout self.agent = agent self.category = category self.score = score self.age = age self.key = key self.banaction = banaction self.bancategory = bancategory or category self.bankey = bankey self.updateperiod = updateperiod self._bannedips = set() # Used later for threading.Timer for updating badips self._timer = None def getCategories(self, incParents=False): """Get badips.com categories. Returns ------- set Set of categories. Raises ------ HTTPError Any issues with badips.com request. ValueError If badips.com response didn't contain necessary information """ try: response = urlopen( self._Request("/".join([self._badips, "get", "categories"])), timeout=self.timeout) except HTTPError as response: messages = json.loads(response.read().decode('utf-8')) self._logSys.error( "Failed to fetch categories. badips.com response: '%s'", messages['err']) raise else: response_json = json.loads(response.read().decode('utf-8')) if not 'categories' in response_json: err = "badips.com response lacked categories specification. Response was: %s" \ % (response_json,) self._logSys.error(err) raise ValueError(err) categories = response_json['categories'] categories_names = set( value['Name'] for value in categories) if incParents: categories_names.update(set( value['Parent'] for value in categories if "Parent" in value)) return categories_names def getList(self, category, score, age, key=None): """Get badips.com list of bad IPs. Parameters ---------- category : str Valid badips.com category. score : int Minimum score for bad IPs. age : str Age of last report for bad IPs, per badips.com syntax. key : str, optional Key issued by badips.com to fetch IPs reported with the associated key. Returns ------- set Set of bad IPs. Raises ------ HTTPError Any issues with badips.com request. """ try: url = "?".join([ "/".join([self._badips, "get", "list", category, str(score)]), urlencode({'age': age})]) if key: url = "&".join([url, urlencode({'key': key})]) response = urlopen(self._Request(url), timeout=self.timeout) except HTTPError as response: messages = json.loads(response.read().decode('utf-8')) self._logSys.error( "Failed to fetch bad IP list. badips.com response: '%s'", messages['err']) raise else: return set(response.read().decode('utf-8').split()) @property def category(self): """badips.com category for reporting IPs. """ return self._category @category.setter def category(self, category): if category not in self.getCategories(): self._logSys.error("Category name '%s' not valid. " "see badips.com for list of valid categories", category) raise ValueError("Invalid category: %s" % category) self._category = category @property def bancategory(self): """badips.com bancategory for fetching IPs. """ return self._bancategory @bancategory.setter def bancategory(self, bancategory): if bancategory not in self.getCategories(incParents=True): self._logSys.error("Category name '%s' not valid. " "see badips.com for list of valid categories", bancategory) raise ValueError("Invalid bancategory: %s" % bancategory) self._bancategory = bancategory @property def score(self): """badips.com minimum score for fetching IPs. """ return self._score @score.setter def score(self, score): score = int(score) if 0 <= score <= 5: self._score = score else: raise ValueError("Score must be 0-5") @property def banaction(self): """Jail action to use for banning/unbanning. """ return self._banaction @banaction.setter def banaction(self, banaction): if banaction is not None and banaction not in self._jail.actions: self._logSys.error("Action name '%s' not in jail '%s'", banaction, self._jail.name) raise ValueError("Invalid banaction") self._banaction = banaction @property def updateperiod(self): """Period in seconds between banned bad IPs will be updated. """ return self._updateperiod @updateperiod.setter def updateperiod(self, updateperiod): updateperiod = int(updateperiod) if updateperiod > 0: self._updateperiod = updateperiod else: raise ValueError("Update period must be integer greater than 0") def _banIPs(self, ips): for ip in ips: try: self._jail.actions[self.banaction].ban({ 'ip': ip, 'failures': 0, 'matches': "", 'ipmatches': "", 'ipjailmatches': "", }) except Exception as e: self._logSys.error( "Error banning IP %s for jail '%s' with action '%s': %s", ip, self._jail.name, self.banaction, e, exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) else: self._bannedips.add(ip) self._logSys.info( "Banned IP %s for jail '%s' with action '%s'", ip, self._jail.name, self.banaction) def _unbanIPs(self, ips): for ip in ips: try: self._jail.actions[self.banaction].unban({ 'ip': ip, 'failures': 0, 'matches': "", 'ipmatches': "", 'ipjailmatches': "", }) except Exception as e: self._logSys.info( "Error unbanning IP %s for jail '%s' with action '%s': %s", ip, self._jail.name, self.banaction, e, exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG) else: self._logSys.info( "Unbanned IP %s for jail '%s' with action '%s'", ip, self._jail.name, self.banaction) finally: self._bannedips.remove(ip) def start(self): """If `banaction` set, blacklists bad IPs. """ if self.banaction is not None: self.update() def update(self): """If `banaction` set, updates blacklisted IPs. Queries badips.com for list of bad IPs, removing IPs from the blacklist if no longer present, and adds new bad IPs to the blacklist. """ if self.banaction is not None: if self._timer: self._timer.cancel() self._timer = None try: ips = self.getList( self.bancategory, self.score, self.age, self.bankey) # Remove old IPs no longer listed self._unbanIPs(self._bannedips - ips) # Add new IPs which are now listed self._banIPs(ips - self._bannedips) self._logSys.info( "Updated IPs for jail '%s'. Update again in %i seconds", self._jail.name, self.updateperiod) finally: self._timer = threading.Timer(self.updateperiod, self.update) self._timer.start() def stop(self): """If `banaction` set, clears blacklisted IPs. """ if self.banaction is not None: if self._timer: self._timer.cancel() self._timer = None self._unbanIPs(self._bannedips.copy()) def ban(self, aInfo): """Reports banned IP to badips.com. Parameters ---------- aInfo : dict Dictionary which includes information in relation to the ban. Raises ------ HTTPError Any issues with badips.com request. """ try: url = "/".join([self._badips, "add", self.category, aInfo['ip']]) if self.key: url = "?".join([url, urlencode({'key': self.key})]) response = urlopen(self._Request(url), timeout=self.timeout) except HTTPError as response: messages = json.loads(response.read().decode('utf-8')) self._logSys.error( "Response from badips.com report: '%s'", messages['err']) raise else: messages = json.loads(response.read().decode('utf-8')) self._logSys.info( "Response from badips.com report: '%s'", messages['suc']) Action = BadIPsAction firewallcmd-ipset.conf000066600000002772150473023160011043 0ustar00# Fail2Ban action file for firewall-cmd/ipset # # This requires: # ipset (package: ipset) # firewall-cmd (package: firewalld) # # This is for ipset protocol 6 (and hopefully later) (ipset v6.14). # Use ipset -V to see the protocol and version. # # IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels. # # If you are running on an older kernel you make need to patch in external # modules. [INCLUDES] before = iptables-common.conf [Definition] actionstart = ipset create fail2ban- hash:ip timeout firewall-cmd --direct --add-rule ipv4 filter 0 -p -m multiport --dports -m set --match-set fail2ban- src -j actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -p -m multiport --dports -m set --match-set fail2ban- src -j ipset flush fail2ban- ipset destroy fail2ban- actionban = ipset add fail2ban- timeout -exist actionunban = ipset del fail2ban- -exist [Init] # Option: chain # Notes specifies the iptables chain to which the fail2ban rules should be # added # Values: [ STRING ] # chain = INPUT_direct # Option: bantime # Notes: specifies the bantime in seconds (handled internally rather than by fail2ban) # Values: [ NUM ] Default: 600 bantime = 600 # DEV NOTES: # # Author: Edgar Hoch and Daniel Black # firewallcmd-new / iptables-ipset-proto6 combined for maximium goodness sendmail-whois-ipjailmatches.conf000066600000001741150473023160013161 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = sendmail-common.conf [Definition] # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n `/usr/bin/whois `\n\n Matches for with failures IP:\n \n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [Init] # Default name of the chain # name = default nftables-multiport.conf000066600000000760150473023160011256 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # Modified: Yaroslav O. Halchenko # made active on all ports from original iptables.conf # Modified: Alexander Belykh # adapted for nftables # [INCLUDES] before = nftables-common.conf [Definition] # Option: nftables_mode # Notes.: additional expressions for nftables filter rule # Values: nftables expressions # nftables_mode = dport \{ \} [Init] iptables-multiport.conf000066600000002627150473023160011267 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # Modified by Yaroslav Halchenko for multiport banning # [INCLUDES] before = iptables-common.conf [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = -N f2b- -A f2b- -j -I -p -m multiport --dports -j f2b- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = -D -p -m multiport --dports -j f2b- -F f2b- -X f2b- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = -n -L | grep -q 'f2b-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = -I f2b- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = -D f2b- -s -j [Init] iptables-common.conf000066600000003511150473023160010511 0ustar00# Fail2Ban configuration file # # Author: Daniel Black # # This is a included configuration file and includes the definitions for the iptables # used in all iptables based actions by default. # # The user can override the defaults in iptables-common.local [INCLUDES] after = iptables-blocktype.local iptables-common.local # iptables-blocktype.local is obsolete [Init] # Option: chain # Notes specifies the iptables chain to which the Fail2Ban rules should be # added # Values: STRING Default: INPUT chain = INPUT # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: # port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = tcp # Option: blocktype # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp-port-unreachable # Values: STRING blocktype = REJECT --reject-with icmp-port-unreachable # Option: returntype # Note: This is the default rule on "actionstart". This should be RETURN # in all (blocking) actions, except REJECT in allowing actions. # Values: STRING returntype = RETURN # Option: lockingopt # Notes.: Option was introduced to iptables to prevent multiple instances from # running concurrently and causing irratic behavior. -w was introduced # in iptables 1.4.20, so might be absent on older systems # See https://github.com/fail2ban/fail2ban/issues/1122 # Values: STRING lockingopt = # Option: iptables # Notes.: Actual command to be executed, including common to all calls options # Values: STRING iptables = iptables sendmail-whois.conf000066600000001626150473023160010350 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = sendmail-common.conf [Definition] # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here is more information about :\n `/usr/bin/whois || echo missing whois program`\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f [Init] # Default name of the chain # name = default iptables-allports.conf000066600000002635150473023160011067 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # Modified: Yaroslav O. Halchenko # made active on all ports from original iptables.conf # # [INCLUDES] before = iptables-common.conf [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = -N f2b- -A f2b- -j -I -p -j f2b- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = -D -p -j f2b- -F f2b- -X f2b- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = -n -L | grep -q 'f2b-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = -I f2b- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = -D f2b- -s -j [Init] firewallcmd-allports.conf000066600000003002150473023160011542 0ustar00# Fail2Ban configuration file # # Author: Donald Yandt # Because of the --remove-rules in stop this action requires firewalld-0.3.8+ [INCLUDES] before = iptables-common.conf [Definition] actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN firewall-cmd --direct --add-rule ipv4 filter 0 -j f2b- actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -j f2b- firewall-cmd --direct --remove-rules ipv4 filter f2b- firewall-cmd --direct --remove-chain ipv4 filter f2b- # Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$' actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j [Init] # Default name of the chain # name = default chain = INPUT_direct # DEV NOTES: # # Author: Donald Yandt # Uses "FirewallD" instead of the "iptables daemon". # # # Output: # actionstart: # $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive # success # $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN # success # $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive # success shorewall.conf000066600000003366150473023160007430 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # # The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see # file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a # new shorewall rule to ban an IP address, that rule will affect only new # connections. So if the attempter goes on trying using the same connection # he could even log in. In order to get the same behavior of the iptable # action (so that the ban is immediate) the /etc/shorewall/shorewall.conf # file should me modified with "BLACKLISTNEWONLY=No". Note that as of # Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent # of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL". # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = shorewall # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = shorewall allow [Init] # Option: blocktype # Note: This is what the action does with rules. # See man page of shorewall for options that include drop, logdrop, reject, or logreject # Values: STRING blocktype = reject sendmail-buffered.conf000066600000005312150473023160010775 0ustar00# Fail2Ban configuration file # # Author: Cyril Jaquier # # [INCLUDES] before = sendmail-common.conf [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] : started on `uname -n` From: <> To: \n Hi,\n The jail has been started successfully.\n Output will be buffered until lines are available.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = if [ -f ]; then printf %%b "Subject: [Fail2Ban] : summary from `uname -n` From: <> To: \n Hi,\n These hosts have been banned by Fail2Ban.\n `cat ` Regards,\n Fail2Ban" | /usr/sbin/sendmail -f rm fi printf %%b "Subject: [Fail2Ban] : stopped on `uname -n` From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = printf %%b "`date`: ( failures)\n" >> LINE=$( wc -l | awk '{ print $1 }' ) if [ $LINE -ge ]; then printf %%b "Subject: [Fail2Ban] : summary from `uname -n` From: <> To: \n Hi,\n These hosts have been banned by Fail2Ban.\n `cat ` Regards,\n Fail2Ban" | /usr/sbin/sendmail -f rm fi # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = [Init] # Default name of the chain # name = default # Default number of lines that are buffered # lines = 5 # Default temporary file # tmpfile = /var/run/fail2ban/tmp-mail.txt apf.conf000066600000001113150473023160006162 0ustar00# Fail2Ban configuration file # https://www.rfxn.com/projects/advanced-policy-firewall/ # # Note: APF doesn't play nicely with other actions. It has been observed to # remove bans created by other iptables based actions. If you are going to use # this action, use it for all of your jails. # # DON'T MIX APF and other IPTABLES based actions [Definition] actionstart = actionstop = actioncheck = actionban = apf --deny "banned by Fail2Ban " actionunban = apf --remove [Init] # Name used in APF configuration # name = default # DEV NOTES: # # Author: Mark McKinstry dshield.conf000066600000016544150473023160007046 0ustar00# Fail2Ban configuration file # # Author: Russell Odom # Submits attack reports to DShield (http://www.dshield.org/) # # You MUST configure at least: # (the port that's being attacked - use number not name). # # You SHOULD also provide: # (your public IP address, if it's not the address of eth0) # (your DShield userID, if you have one - recommended, but reports will # be used anonymously if not) # (the protocol in use - defaults to tcp) # # Best practice is to provide and in jail.conf like this: # action = dshield[port=1234,protocol=tcp] # # ...and create "dshield.local" with contents something like this: # [Init] # myip = 10.0.0.1 # userid = 12345 # # Other useful configuration values are (you can use for specifying # a different sender address for the report e-mails, which should match what is # configured at DShield), and // (to # configure how often the buffer is flushed). # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = if [ -f .buffer ]; then cat .buffer | "FORMAT DSHIELD USERID TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" date +%%s > .lastsent fi rm -f .buffer .first # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # # See http://www.dshield.org/specs.html for more on report format/notes # # Note: We are currently using