CasperSecurity

Current Path : /etc/fail2ban/action.d/

Upload File :

Current File : //etc/fail2ban/action.d/sendmail-geoip-lines.conf

# Fail2Ban configuration file
#
# Author: Viktor Szépe
#
#

[INCLUDES]

before = sendmail-common.conf
         helpers-common.conf

[Definition]

# bypass ban/unban for restored tickets
norestored = 1

# Option:  actionban
# Notes.:  Command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
#          You need to install geoiplookup and the GeoLite or GeoIP databases.
#          (geoip-bin and geoip-database in Debian)
#          The host command comes from bind9-host package.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
            From: <sendername> <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here is more information about <ip> :\n
            http://bgp.he.net/ip/<ip>
            http://www.projecthoneypot.org/ip_<ip>
            http://whois.domaintools.com/<ip>\n\n
            Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
            AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
            hostname: <ip-host>\n\n
            Lines containing failures of <ip> (max <grepmax>)\n";
            %(_grep_logs)s;
            printf %%b "\n
            Regards,\n
            Fail2Ban" ) | <mailcmd>

[Init]

# Default name of the chain
#
name = default

# Path to the log files which contain relevant lines for the abuser IP
#
logpath = /dev/null

# Number of log lines to include in the email
#
#grepmax = 1000
#grepopts = -m <grepmax>