Last active
October 27, 2016 20:12
-
-
Save sgnn7/71624a20026bb8dd29f8f7acb0bec3c1 to your computer and use it in GitHub Desktop.
fail2ban permanent ban configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fail2Ban configuration file | |
# | |
# Author: Srdjan Grubor <sgnn7@sgnn7.org> | |
[Definition] | |
# Option: actionstart | |
# Notes: Executed once at start of Fail2Ban. | |
# Values: CMD | |
actionstart = iptables -N fail2ban-PERMABAN-LOGGER | |
iptables -A fail2ban-PERMABAN-LOGGER -j LOG --log-prefix "iptables deny (permaban): " --log-level 7 | |
iptables -A fail2ban-PERMABAN-LOGGER -j DROP | |
iptables -N fail2ban-PERMABAN-<name> | |
iptables -A fail2ban-PERMABAN-<name> -j RETURN | |
iptables -I INPUT -j fail2ban-PERMABAN-<name> | |
# Create the permanent record store files | |
touch /etc/fail2ban/ip.blacklist.<name> | |
touch /etc/fail2ban/ip.whitelist.<name> | |
# Fill list from file of offenders | |
cat /etc/fail2ban/ip.blacklist.<name> | grep -vE '^\s*(#.*)*$' | awk '{print $1}' | while read IP; do iptables -I fail2ban-PERMABAN-<name> 1 -s $IP -j fail2ban-PERMABAN-LOGGER; done | |
# Option: actionstop | |
# Notes: Executed once at exit of Fail2Ban | |
# Values: CMD | |
actionstop = iptables -D INPUT -j fail2ban-PERMABAN-<name> | |
iptables -F fail2ban-PERMABAN-<name> | |
iptables -F fail2ban-PERMABAN-LOGGER | |
iptables -D fail2ban-PERMABAN-<name> -j fail2ban-PERMABAN-LOGGER | |
iptables -X fail2ban-PERMABAN-<name> | |
iptables -X fail2ban-PERMABAN-LOGGER | |
# Option: actioncheck | |
# Notes: Executed once before each actionban command | |
# Values: CMD | |
actioncheck = iptables -n -L INPUT | grep -q fail2ban-PERMABAN-<name> | |
# Option: actionban | |
# Notes: Executed when unbanning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
# Values: CMD | |
actionban = grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || iptables -I fail2ban-PERMABAN-<name> 1 -s <ip> -j fail2ban-PERMABAN-LOGGER | |
# Save into our permaban file if it's not in either list | |
grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || grep -Fq '<ip>' /etc/fail2ban/ip.blacklist.<name> || echo "<ip> # Added $( date '+%%Y-%%m-%%d %%T' ) - repeat offender" >> /etc/fail2ban/ip.blacklist.<name> | |
# Option: actionunban | |
# Notes: Executed when unbanning an IP. Take care that the | |
# command is executed with Fail2Ban user rights. | |
actionunban = iptables -D fail2ban-PERMABAN-<name> -s <ip> -j fail2ban-PERMABAN-LOGGER | |
# Save into our whitelist file if it's not in either list | |
grep -Fq '<ip>' /etc/fail2ban/ip.blacklist.<name> || grep -Fq '<ip>' /etc/fail2ban/ip.whitelist.<name> || echo "<ip> # Added $( date '+%%Y-%%m-%%d %%T' )" >> /etc/fail2ban/ip.whitelist.<name> | |
[Init] | |
# Default name when jail configuration doesn't specify it | |
name = default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Srdjan Grubor <sgnn7@sgnn7.org> | |
# | |
# Place in /etc/fail2ban/jail.d/repeat-offenders-ssh.conf | |
[ssh-repeat-offender] | |
enabled = true | |
filter = sshd | |
action = iptables-block-repeat-offenders[name=ssh] | |
# Replace this with /var/log/auth.log if you're running ancient version of fail2ban | |
logpath = %(sshd_log)s | |
maxretry = 30 | |
findtime = 604800 | |
bantime = -1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment