Skip to content

Instantly share code, notes, and snippets.

@sgnn7
Last active October 27, 2016 20:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sgnn7/71624a20026bb8dd29f8f7acb0bec3c1 to your computer and use it in GitHub Desktop.
Save sgnn7/71624a20026bb8dd29f8f7acb0bec3c1 to your computer and use it in GitHub Desktop.
fail2ban permanent ban configuration
# Fail2Ban configuration file
#
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
[Definition]
# Option: actionstart
# Notes: Executed once at start of Fail2Ban.
# Values: CMD
actionstart = iptables -N fail2ban-PERMABAN-LOGGER
iptables -A fail2ban-PERMABAN-LOGGER -j LOG --log-prefix "iptables deny (permaban): " --log-level 7
iptables -A fail2ban-PERMABAN-LOGGER -j DROP
iptables -N fail2ban-PERMABAN-<name>
iptables -A fail2ban-PERMABAN-<name> -j RETURN
iptables -I INPUT -j fail2ban-PERMABAN-<name>
# Create the permanent record store files
touch /etc/fail2ban/ip.blacklist.<name>
touch /etc/fail2ban/ip.whitelist.<name>
# Fill list from file of offenders
cat /etc/fail2ban/ip.blacklist.<name> | grep -vE '^\s*(#.*)*$' | awk '{print $1}' | while read IP; do iptables -I fail2ban-PERMABAN-<name> 1 -s $IP -j fail2ban-PERMABAN-LOGGER; done
# Option: actionstop
# Notes: Executed once at exit of Fail2Ban
# Values: CMD
actionstop = iptables -D INPUT -j fail2ban-PERMABAN-<name>
iptables -F fail2ban-PERMABAN-<name>
iptables -F fail2ban-PERMABAN-LOGGER
iptables -D fail2ban-PERMABAN-<name> -j fail2ban-PERMABAN-LOGGER
iptables -X fail2ban-PERMABAN-<name>
iptables -X fail2ban-PERMABAN-LOGGER
# Option: actioncheck
# Notes: Executed once before each actionban command
# Values: CMD
actioncheck = iptables -n -L INPUT | grep -q fail2ban-PERMABAN-<name>
# Option: actionban
# Notes: Executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Values: CMD
actionban = grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || iptables -I fail2ban-PERMABAN-<name> 1 -s <ip> -j fail2ban-PERMABAN-LOGGER
# Save into our permaban file if it's not in either list
grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || grep -Fq '<ip>' /etc/fail2ban/ip.blacklist.<name> || echo "<ip> # Added $( date '+%%Y-%%m-%%d %%T' ) - repeat offender" >> /etc/fail2ban/ip.blacklist.<name>
# Option: actionunban
# Notes: Executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
actionunban = iptables -D fail2ban-PERMABAN-<name> -s <ip> -j fail2ban-PERMABAN-LOGGER
# Save into our whitelist file if it's not in either list
grep -Fq '<ip>' /etc/fail2ban/ip.blacklist.<name> || grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || echo "<ip> # Added $( date '+%%Y-%%m-%%d %%T' )" >> /etc/fail2ban/ip.whitelist.<name>
[Init]
# Default name when jail configuration doesn't specify it
name = default
# Author: Srdjan Grubor <sgnn7@sgnn7.org>
#
# Place in /etc/fail2ban/jail.d/repeat-offenders-ssh.conf
[ssh-repeat-offender]
enabled = true
filter = sshd
action = iptables-block-repeat-offenders[name=ssh]
# Replace this with /var/log/auth.log if you're running ancient version of fail2ban
logpath = %(sshd_log)s
maxretry = 30
findtime = 604800
bantime = -1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment