>>> fail2ban: Building main/fail2ban 1.0.1-r0 (using abuild 3.10.0_rc1-r2) started Tue, 25 Oct 2022 15:41:19 +0000 >>> fail2ban: Checking sanity of /home/buildozer/aports/main/fail2ban/APKBUILD... >>> fail2ban: Analyzing dependencies... >>> fail2ban: Installing for build: build-base python3 iptables ip6tables logrotate python3-dev py3-setuptools bash (1/22) Installing libbz2 (1.0.8-r3) (2/22) Installing libffi (3.4.3-r0) (3/22) Installing gdbm (1.23-r0) (4/22) Installing xz-libs (5.2.7-r0) (5/22) Installing mpdecimal (2.5.1-r1) (6/22) Installing readline (8.2.0-r0) (7/22) Installing sqlite-libs (3.39.4-r0) (8/22) Installing python3 (3.10.8-r1) (9/22) Installing libmnl (1.0.5-r0) (10/22) Installing libnftnl (1.2.3-r0) (11/22) Installing iptables (1.8.8-r2) (12/22) Installing ip6tables (1.8.8-r2) (13/22) Installing logrotate (3.20.1-r3) (14/22) Installing python3-dev (3.10.8-r1) (15/22) Installing py3-parsing (3.0.9-r0) (16/22) Installing py3-packaging (21.3-r2) (17/22) Installing py3-setuptools (65.5.0-r0) (18/22) Installing bash (5.2.2-r0) Executing bash-5.2.2-r0.post-install (19/22) Installing .makedepends-fail2ban (20221025.154120) (20/22) Installing logrotate-openrc (3.20.1-r3) (21/22) Installing iptables-openrc (1.8.8-r2) (22/22) Installing ip6tables-openrc (1.8.8-r2) Executing busybox-1.35.0-r27.trigger OK: 353 MiB in 114 packages >>> fail2ban: Cleaning up srcdir >>> fail2ban: Cleaning up pkgdir >>> fail2ban: Fetching https://distfiles.alpinelinux.org/distfiles/v3.17/fail2ban-1.0.1.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 146 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 >>> fail2ban: Fetching fail2ban-1.0.1.tar.gz::https://github.com/fail2ban/fail2ban/archive/1.0.1.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 13204 0 13204 0 0 21313 0 --:--:-- --:--:-- --:--:-- 21313 100 568k 0 568k 0 0 803k 0 --:--:-- --:--:-- --:--:-- 6313k >>> fail2ban: Fetching https://distfiles.alpinelinux.org/distfiles/v3.17/fail2ban-1.0.1.tar.gz >>> fail2ban: Checking sha512sums... fail2ban-1.0.1.tar.gz: OK dovecot.patch: OK fail2ban.initd: OK fail2ban.confd: OK fail2ban.logrotate: OK alpine-ssh.jaild: OK alpine-sshd.filterd: OK alpine-sshd-ddos.filterd: OK >>> fail2ban: Unpacking /var/cache/distfiles/v3.17/fail2ban-1.0.1.tar.gz... >>> fail2ban: dovecot.patch patching file config/filter.d/dovecot.conf patching file fail2ban/tests/files/logs/dovecot RefactoringTool: Skipping optional fixer: buffer RefactoringTool: Skipping optional fixer: idioms RefactoringTool: Skipping optional fixer: set_literal RefactoringTool: Skipping optional fixer: ws_comma RefactoringTool: No changes to bin/fail2ban-client RefactoringTool: No changes to bin/fail2ban-regex RefactoringTool: No changes to bin/fail2ban-server RefactoringTool: No changes to bin/fail2ban-testcases RefactoringTool: No changes to fail2ban/__init__.py RefactoringTool: No changes to fail2ban/exceptions.py RefactoringTool: Refactored fail2ban/helpers.py RefactoringTool: No changes to fail2ban/protocol.py RefactoringTool: No changes to fail2ban/setup.py RefactoringTool: No changes to fail2ban/version.py RefactoringTool: No changes to fail2ban/client/__init__.py RefactoringTool: Refactored fail2ban/client/actionreader.py RefactoringTool: No changes to fail2ban/client/beautifier.py RefactoringTool: Refactored fail2ban/client/configparserinc.py RefactoringTool: Refactored fail2ban/client/configreader.py RefactoringTool: No changes to fail2ban/client/configurator.py RefactoringTool: Refactored fail2ban/client/csocket.py RefactoringTool: Refactored fail2ban/client/fail2banclient.py RefactoringTool: No changes to fail2ban/client/fail2bancmdline.py RefactoringTool: No changes to fail2ban/client/fail2banreader.py RefactoringTool: Refactored fail2ban/client/fail2banregex.py RefactoringTool: No changes to fail2ban/client/fail2banserver.py RefactoringTool: Refactored fail2ban/client/filterreader.py RefactoringTool: Refactored fail2ban/client/jailreader.py RefactoringTool: No changes to fail2ban/client/jailsreader.py RefactoringTool: No changes to fail2ban/server/__init__.py RefactoringTool: Refactored fail2ban/server/action.py RefactoringTool: Refactored fail2ban/server/actions.py RefactoringTool: Refactored fail2ban/server/asyncserver.py RefactoringTool: Refactored fail2ban/server/banmanager.py RefactoringTool: Refactored fail2ban/server/database.py RefactoringTool: No changes to fail2ban/server/datedetector.py RefactoringTool: No changes to fail2ban/server/datetemplate.py RefactoringTool: Refactored fail2ban/server/failmanager.py RefactoringTool: Refactored fail2ban/server/failregex.py RefactoringTool: Refactored fail2ban/server/filter.py RefactoringTool: No changes to fail2ban/server/filtergamin.py RefactoringTool: Refactored fail2ban/server/filterpoll.py RefactoringTool: Refactored fail2ban/server/filterpyinotify.py RefactoringTool: Refactored fail2ban/server/filtersystemd.py RefactoringTool: Refactored fail2ban/server/ipdns.py RefactoringTool: Refactored fail2ban/server/jail.py RefactoringTool: No changes to fail2ban/server/jails.py RefactoringTool: No changes to fail2ban/server/jailthread.py RefactoringTool: Refactored fail2ban/server/mytime.py RefactoringTool: No changes to fail2ban/server/observer.py RefactoringTool: Refactored fail2ban/server/server.py RefactoringTool: Refactored fail2ban/server/strptime.py RefactoringTool: Refactored fail2ban/server/ticket.py RefactoringTool: Refactored fail2ban/server/transmitter.py RefactoringTool: Refactored fail2ban/server/utils.py RefactoringTool: No changes to fail2ban/tests/__init__.py RefactoringTool: No changes to fail2ban/tests/actionstestcase.py RefactoringTool: Refactored fail2ban/tests/actiontestcase.py RefactoringTool: Refactored fail2ban/tests/banmanagertestcase.py RefactoringTool: No changes to fail2ban/tests/clientbeautifiertestcase.py RefactoringTool: Refactored fail2ban/tests/clientreadertestcase.py RefactoringTool: Refactored fail2ban/tests/databasetestcase.py RefactoringTool: Refactored fail2ban/tests/datedetectortestcase.py RefactoringTool: No changes to fail2ban/tests/dummyjail.py RefactoringTool: Refactored fail2ban/tests/fail2banclienttestcase.py RefactoringTool: Refactored fail2ban/tests/fail2banregextestcase.py RefactoringTool: Refactored fail2ban/tests/failmanagertestcase.py RefactoringTool: Refactored fail2ban/tests/filtertestcase.py RefactoringTool: Refactored fail2ban/tests/misctestcase.py RefactoringTool: Refactored fail2ban/tests/observertestcase.py RefactoringTool: Refactored fail2ban/tests/samplestestcase.py RefactoringTool: Refactored fail2ban/tests/servertestcase.py RefactoringTool: Refactored fail2ban/tests/sockettestcase.py RefactoringTool: No changes to fail2ban/tests/tickettestcase.py RefactoringTool: Refactored fail2ban/tests/utils.py RefactoringTool: No changes to fail2ban/tests/action_d/__init__.py RefactoringTool: No changes to fail2ban/tests/action_d/test_smtp.py RefactoringTool: No changes to fail2ban/tests/files/ignorecommand.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_checkainfo.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_errors.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_modifyainfo.py RefactoringTool: Refactored fail2ban/tests/files/config/apache-auth/digest.py RefactoringTool: Files that were modified: RefactoringTool: bin/fail2ban-client RefactoringTool: bin/fail2ban-regex RefactoringTool: bin/fail2ban-server RefactoringTool: bin/fail2ban-testcases RefactoringTool: fail2ban/__init__.py RefactoringTool: fail2ban/exceptions.py RefactoringTool: fail2ban/helpers.py RefactoringTool: fail2ban/protocol.py RefactoringTool: fail2ban/setup.py RefactoringTool: fail2ban/version.py RefactoringTool: fail2ban/client/__init__.py RefactoringTool: fail2ban/client/actionreader.py RefactoringTool: fail2ban/client/beautifier.py RefactoringTool: fail2ban/client/configparserinc.py RefactoringTool: fail2ban/client/configreader.py RefactoringTool: fail2ban/client/configurator.py RefactoringTool: fail2ban/client/csocket.py RefactoringTool: fail2ban/client/fail2banclient.py RefactoringTool: fail2ban/client/fail2bancmdline.py RefactoringTool: fail2ban/client/fail2banreader.py RefactoringTool: fail2ban/client/fail2banregex.py RefactoringTool: fail2ban/client/fail2banserver.py RefactoringTool: fail2ban/client/filterreader.py RefactoringTool: fail2ban/client/jailreader.py RefactoringTool: fail2ban/client/jailsreader.py RefactoringTool: fail2ban/server/__init__.py RefactoringTool: fail2ban/server/action.py RefactoringTool: fail2ban/server/actions.py RefactoringTool: fail2ban/server/asyncserver.py RefactoringTool: fail2ban/server/banmanager.py RefactoringTool: fail2ban/server/database.py RefactoringTool: fail2ban/server/datedetector.py RefactoringTool: fail2ban/server/datetemplate.py RefactoringTool: fail2ban/server/failmanager.py RefactoringTool: fail2ban/server/failregex.py RefactoringTool: fail2ban/server/filter.py RefactoringTool: fail2ban/server/filtergamin.py RefactoringTool: fail2ban/server/filterpoll.py RefactoringTool: fail2ban/server/filterpyinotify.py RefactoringTool: fail2ban/server/filtersystemd.py RefactoringTool: fail2ban/server/ipdns.py RefactoringTool: fail2ban/server/jail.py RefactoringTool: fail2ban/server/jails.py RefactoringTool: fail2ban/server/jailthread.py RefactoringTool: fail2ban/server/mytime.py RefactoringTool: fail2ban/server/observer.py RefactoringTool: fail2ban/server/server.py RefactoringTool: fail2ban/server/strptime.py RefactoringTool: fail2ban/server/ticket.py RefactoringTool: fail2ban/server/transmitter.py RefactoringTool: fail2ban/server/utils.py RefactoringTool: fail2ban/tests/__init__.py RefactoringTool: fail2ban/tests/actionstestcase.py RefactoringTool: fail2ban/tests/actiontestcase.py RefactoringTool: fail2ban/tests/banmanagertestcase.py RefactoringTool: fail2ban/tests/clientbeautifiertestcase.py RefactoringTool: fail2ban/tests/clientreadertestcase.py RefactoringTool: fail2ban/tests/databasetestcase.py RefactoringTool: fail2ban/tests/datedetectortestcase.py RefactoringTool: fail2ban/tests/dummyjail.py RefactoringTool: fail2ban/tests/fail2banclienttestcase.py RefactoringTool: fail2ban/tests/fail2banregextestcase.py RefactoringTool: fail2ban/tests/failmanagertestcase.py RefactoringTool: fail2ban/tests/filtertestcase.py RefactoringTool: fail2ban/tests/misctestcase.py RefactoringTool: fail2ban/tests/observertestcase.py RefactoringTool: fail2ban/tests/samplestestcase.py RefactoringTool: fail2ban/tests/servertestcase.py RefactoringTool: fail2ban/tests/sockettestcase.py RefactoringTool: fail2ban/tests/tickettestcase.py RefactoringTool: fail2ban/tests/utils.py RefactoringTool: fail2ban/tests/action_d/__init__.py RefactoringTool: fail2ban/tests/action_d/test_smtp.py RefactoringTool: fail2ban/tests/files/ignorecommand.py RefactoringTool: fail2ban/tests/files/action.d/action.py RefactoringTool: fail2ban/tests/files/action.d/action_checkainfo.py RefactoringTool: fail2ban/tests/files/action.d/action_errors.py RefactoringTool: fail2ban/tests/files/action.d/action_modifyainfo.py RefactoringTool: fail2ban/tests/files/config/apache-auth/digest.py Success! running build running build_py creating build creating build/lib creating build/lib/fail2ban copying fail2ban/helpers.py -> build/lib/fail2ban copying fail2ban/__init__.py -> build/lib/fail2ban copying fail2ban/version.py -> build/lib/fail2ban copying fail2ban/protocol.py -> build/lib/fail2ban copying fail2ban/exceptions.py -> build/lib/fail2ban copying fail2ban/setup.py -> build/lib/fail2ban creating build/lib/fail2ban/client copying fail2ban/client/fail2banserver.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banregex.py -> build/lib/fail2ban/client copying fail2ban/client/beautifier.py -> build/lib/fail2ban/client copying fail2ban/client/configreader.py -> build/lib/fail2ban/client copying fail2ban/client/configparserinc.py -> build/lib/fail2ban/client copying fail2ban/client/jailsreader.py -> build/lib/fail2ban/client copying fail2ban/client/__init__.py -> build/lib/fail2ban/client copying fail2ban/client/filterreader.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banclient.py -> build/lib/fail2ban/client copying fail2ban/client/fail2bancmdline.py -> build/lib/fail2ban/client copying fail2ban/client/csocket.py -> build/lib/fail2ban/client copying fail2ban/client/actionreader.py -> build/lib/fail2ban/client copying fail2ban/client/configurator.py -> build/lib/fail2ban/client copying fail2ban/client/jailreader.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banreader.py -> build/lib/fail2ban/client creating build/lib/fail2ban/server copying fail2ban/server/utils.py -> build/lib/fail2ban/server copying fail2ban/server/ipdns.py -> build/lib/fail2ban/server copying fail2ban/server/mytime.py -> build/lib/fail2ban/server copying fail2ban/server/transmitter.py -> build/lib/fail2ban/server copying fail2ban/server/action.py -> build/lib/fail2ban/server copying fail2ban/server/actions.py -> build/lib/fail2ban/server copying fail2ban/server/failmanager.py -> build/lib/fail2ban/server copying fail2ban/server/datetemplate.py -> build/lib/fail2ban/server copying fail2ban/server/filterpoll.py -> build/lib/fail2ban/server copying fail2ban/server/jailthread.py -> build/lib/fail2ban/server copying fail2ban/server/__init__.py -> build/lib/fail2ban/server copying fail2ban/server/strptime.py -> build/lib/fail2ban/server copying fail2ban/server/database.py -> build/lib/fail2ban/server copying fail2ban/server/banmanager.py -> build/lib/fail2ban/server copying fail2ban/server/asyncserver.py -> build/lib/fail2ban/server copying fail2ban/server/filtersystemd.py -> build/lib/fail2ban/server copying fail2ban/server/datedetector.py -> build/lib/fail2ban/server copying fail2ban/server/jail.py -> build/lib/fail2ban/server copying fail2ban/server/filtergamin.py -> build/lib/fail2ban/server copying fail2ban/server/jails.py -> build/lib/fail2ban/server copying fail2ban/server/ticket.py -> build/lib/fail2ban/server copying fail2ban/server/filterpyinotify.py -> build/lib/fail2ban/server copying fail2ban/server/server.py -> build/lib/fail2ban/server copying fail2ban/server/observer.py -> build/lib/fail2ban/server copying fail2ban/server/failregex.py -> build/lib/fail2ban/server copying fail2ban/server/filter.py -> build/lib/fail2ban/server creating build/lib/fail2ban/tests copying fail2ban/tests/utils.py -> build/lib/fail2ban/tests copying fail2ban/tests/observertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/filtertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/fail2banclienttestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/misctestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/servertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/__init__.py -> build/lib/fail2ban/tests copying fail2ban/tests/sockettestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/clientbeautifiertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/banmanagertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/databasetestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/actiontestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/clientreadertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/failmanagertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/actionstestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/tickettestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/samplestestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/fail2banregextestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/dummyjail.py -> build/lib/fail2ban/tests copying fail2ban/tests/datedetectortestcase.py -> build/lib/fail2ban/tests creating build/lib/fail2ban/tests/action_d copying fail2ban/tests/action_d/test_smtp.py -> build/lib/fail2ban/tests/action_d copying fail2ban/tests/action_d/__init__.py -> build/lib/fail2ban/tests/action_d creating build/lib/fail2ban/tests/files copying fail2ban/tests/files/zzz-sshd-obsolete-multiline.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase01.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase01a.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase04.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase02.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/database_v1.db -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-wrong-char.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase03.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-multiline.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/database_v2.db -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/ignorecommand.py -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-usedns.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-journal.log -> build/lib/fail2ban/tests/files creating build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/proftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/haproxy-http-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/pam-generic -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/qmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/webmin-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/openwebmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/horde -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/asterisk -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/cyrus-imap -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mssql-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/softethervpn -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/bitwarden -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-http-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zzz-sshd-obsolete-multiline -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sogo-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/squirrelmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/portsentry -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zzz-generic-example -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/counter-strike -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/uwimap-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/exim -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-botsearch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-overflows -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/murmur -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-modsecurity -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/grafana -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-botsearch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/postfix -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/tine20 -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mongodb-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/openhab -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/wuftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sendmail-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/lighttpd-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-nohome -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/oracleims -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/scanlogd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zoneminder -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/znc-adminlog -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/selinux-ssh -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/stunnel -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/monitorix -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/solid-pop3d -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-noscript -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/centreon -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sshd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/ejabberd-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mysqld-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sieve -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/slapd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/gssftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/drupal-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-shellshock -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/suhosin -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/recidive -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/gitlab -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/roundcube-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/perdition -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nsd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/phpmyadmin-syslog -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/assp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/traefik-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-fakegooglebot -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-limit-req -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/kerio -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/php-url-fopen -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/named-refused -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/domino-smtp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/freeswitch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/3proxy -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/monit -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/dropbear -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sendmail-reject -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/pure-ftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/guacamole -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nagios -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sshd-journal -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/froxlor-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/groupoffice -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/xinetd-fail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/directadmin -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/dovecot -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/exim-spam -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/screensharingd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/vsftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/squid -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-badbots -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/courier-smtp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/courier-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-bad-request -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-pass -> build/lib/fail2ban/tests/files/logs creating build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-v.txt -> build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-vv.txt -> build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-plain.txt -> build/lib/fail2ban/tests/files/logs/bsd creating build/lib/fail2ban/tests/files/config creating build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/digest.py -> build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/digest.py.bak -> build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/README -> build/lib/fail2ban/tests/files/config/apache-auth creating build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm copying fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm copying fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm creating build/lib/fail2ban/tests/files/config/apache-auth/noentry copying fail2ban/tests/files/config/apache-auth/noentry/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/noentry creating build/lib/fail2ban/tests/files/config/apache-auth/basic creating build/lib/fail2ban/tests/files/config/apache-auth/basic/file copying fail2ban/tests/files/config/apache-auth/basic/file/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/basic/file copying fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/basic/file creating build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner creating build/lib/fail2ban/tests/files/config/apache-auth/digest_time copying fail2ban/tests/files/config/apache-auth/digest_time/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_time copying fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_time creating build/lib/fail2ban/tests/files/config/apache-auth/digest copying fail2ban/tests/files/config/apache-auth/digest/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest copying fail2ban/tests/files/config/apache-auth/digest/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest creating build/lib/fail2ban/tests/files/config/apache-auth/digest_anon copying fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_anon copying fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_anon creating build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/substition.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase01.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase-common.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase02.local -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase02.conf -> build/lib/fail2ban/tests/files/filter.d creating build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_errors.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_noAction.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_modifyainfo.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_nomethod.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_checkainfo.py -> build/lib/fail2ban/tests/files/action.d creating build/lib/fail2ban/tests/config copying fail2ban/tests/config/fail2ban.conf -> build/lib/fail2ban/tests/config copying fail2ban/tests/config/jail.conf -> build/lib/fail2ban/tests/config creating build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/test.local -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/zzz-generic-example.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/checklogtype_test.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/simple.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/test.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/checklogtype.conf -> build/lib/fail2ban/tests/config/filter.d creating build/lib/fail2ban/tests/config/action.d copying fail2ban/tests/config/action.d/action.conf -> build/lib/fail2ban/tests/config/action.d copying fail2ban/tests/config/action.d/brokenaction.conf -> build/lib/fail2ban/tests/config/action.d running build_scripts creating build/scripts-3.10 copying and adjusting bin/fail2ban-client -> build/scripts-3.10 copying and adjusting bin/fail2ban-server -> build/scripts-3.10 copying and adjusting bin/fail2ban-regex -> build/scripts-3.10 copying and adjusting bin/fail2ban-testcases -> build/scripts-3.10 changing mode of build/scripts-3.10/fail2ban-client from 644 to 755 changing mode of build/scripts-3.10/fail2ban-server from 644 to 755 changing mode of build/scripts-3.10/fail2ban-regex from 644 to 755 changing mode of build/scripts-3.10/fail2ban-testcases from 644 to 755 running test WARNING: Testing via this command is deprecated and will be removed in a future version. Users looking for a generic test entry point independent of test runner are encouraged to use tox. running egg_info creating fail2ban.egg-info writing fail2ban.egg-info/PKG-INFO writing dependency_links to fail2ban.egg-info/dependency_links.txt writing top-level names to fail2ban.egg-info/top_level.txt writing manifest file 'fail2ban.egg-info/SOURCES.txt' /usr/lib/python3.10/site-packages/setuptools/command/egg_info.py:643: SetuptoolsDeprecationWarning: Custom 'build_py' does not implement 'get_data_files_without_manifest'. Please extend command classes from setuptools instead of distutils. warnings.warn( reading manifest file 'fail2ban.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' adding license file 'COPYING' writing manifest file 'fail2ban.egg-info/SOURCES.txt' running build_ext testAction (fail2ban.tests.servertestcase.Transmitter) ... Fail2ban 1.0.1 test suite. Python 3.10.8 (main, Oct 19 2022, 18:16:05) [GCC 12.2.1 20220924]. Please wait... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'Action Start' Set actionstop = 'Action Stop' Set actioncheck = 'Action Check' Set actionban = 'Action Ban' Set actionunban = 'Action Unban' Set KEY = 'VALUE' Command ['get', 'TestJail1', 'action', 'TestCaseAction', 'InvalidKey'] has failed. Received AttributeError("'CommandAction' object has no attribute 'InvalidKey'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 144, in __commandHandler return self.__commandGet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 496, in __commandGet return getattr(action, actionvalue) AttributeError: 'CommandAction' object has no attribute 'InvalidKey' Set timeout = 10 Command ['set', 'TestJail1', 'delaction', "Doesn't exist"] has failed. Received KeyError("Invalid Action name: Doesn't exist") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/actions.py", line 180, in __delitem__ del self._actions[name] KeyError: "Doesn't exist" During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 382, in __commandSet self.__server.delAction(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 522, in delAction del self.__jails[name].actions[value] File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/actions.py", line 182, in __delitem__ raise KeyError("Invalid Action name: %s" % name) KeyError: "Invalid Action name: Doesn't exist" Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testAddJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail3' Backend 'pyinotify' failed to initialize due to No module named 'pyinotify' Backend 'gamin' failed to initialize due to No module named 'gamin' Jail 'TestJail3' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail3')) Created FilterPoll(Jail('TestJail3')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail4' Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto' Command ['add', 'TestJail4', 'invalid backend'] has failed. Received ValueError("Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 84, in __commandHandler self.__server.addJail(name, backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 258, in addJail self.__jails.add(name, backend, self.__db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jails.py", line 73, in add self._jails[name] = Jail(name, backend, db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 85, in __init__ self._setBackend(backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 101, in _setBackend raise ValueError("Unknown backend %s. Must be among %s or 'auto'" ValueError: Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto' Creating new jail 'TestJail4' Backend 'pyinotify' failed to initialize due to No module named 'pyinotify' Backend 'gamin' failed to initialize due to No module named 'gamin' Jail 'TestJail4' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail4')) Created FilterPoll(Jail('TestJail4')) Created FilterPoll Initiated 'polling' backend Command ['add', 'TestJail1', 'polling'] has failed. Received NameError("name 'noduplicates' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 84, in __commandHandler self.__server.addJail(name, backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 258, in addJail self.__jails.add(name, backend, self.__db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jails.py", line 70, in add if noduplicates: NameError: name 'noduplicates' is not defined Command ['add', '--all', 'polling'] has failed. Received Exception("Reserved name '--all'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 79, in __commandHandler raise Exception("Reserved name %r" % (name,)) Exception: Reserved name '--all' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Jail 'TestJail2' stopped Jail 'TestJail3' stopped Jail 'TestJail4' stopped Exiting Fail2ban ok testDatabase (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'dbfile', '/tmp/fail2ban_lcc94auj.db'] has failed. Received RuntimeError('Cannot change database when there are jails present') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 187, in __commandSet self.__server.setDatabase(command[1]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 837, in setDatabase raise RuntimeError( RuntimeError: Cannot change database when there are jails present Stopping jail 'TestJail1' Stop FilterPoll(Jail('TestJail1')) of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Stop of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Jail 'TestJail1' stopped Connected to fail2ban persistent database '/tmp/fail2ban_lcc94auj.db' New database created. Version '4' Command ['set', 'dbmaxmatches', 'LIZARD'] has failed. Received ValueError("invalid literal for int() with base 10: 'LIZARD'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 200, in __commandSet db.maxMatches = int(command[1]) ValueError: invalid literal for int() with base 10: 'LIZARD' Command ['set', 'dbpurgeage', 'LIZARD'] has failed. Received NameError("name 'LIZARD' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 209, in __commandSet db.purgeage = command[1] File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/database.py", line 348, in purgeage self._purgeAge = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'LIZARD' is not defined Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Stopping jail 'TestJail1' Stop FilterPoll(Jail('TestJail1')) of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Stop of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Jail 'TestJail1' stopped dbmaxmatches setting was not in effect since no db yet dbpurgeage setting was not in effect since no db yet Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testDatePattern (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend date pattern `'%%%Y%m%d%H%M%S'`: `%YearMonthDay24hourMinuteSecond` date pattern regex for '%%%Y%m%d%H%M%S': (?=^|\b|\W)(%(?P\d{4})(?P0?[1-9]|1[0-2])(?P[1-2]\d|[0 ]?[1-9]|3[0-1])(?P[0-1]?\d|2[0-3])(?P[0-5]?\d)(?P[0-5]?\d|6[0-1]))(?=\b|\W|$) date pattern `''`: `Epoch` date pattern regex for '': ((?:^|(?P(?<=^\[))|(?P(?<=\baudit\()))\d{10,11}\b(?:\.\d{3,6})?)(?:(?(selinux)(?=:\d+\)))|(?(square)(?=\])))(?=\b|\W|$) date pattern `''`: `{^LN-BEG}Epoch` date pattern regex for '': ^(?:\W{0,2})?((?P(?<=^\[))?\d{10,11}\b(?:\.\d{3,6})?)(?(square)(?=\]))(?=\b|\W|$) date pattern `''`: `TAI64N` date pattern regex for '': (@[0-9a-f]{24})(?=\b|\W|$) Command ['set', 'TestJail1', 'datepattern', '%Cat%a%%%g'] has failed. Received TypeError("Failed to set datepattern '%Cat%a%%%g' (may be an invalid format or unescaped percent char): unsupported format character 'C' (0x43) at index 1") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/datetemplate.py", line 323, in setRegex self.name = fmt % self._patternName ValueError: unsupported format character 'C' (0x43) at index 1 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 323, in __commandSet self.__server.setDatePattern(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 430, in setDatePattern self.__jails[name].filter.setDatePattern(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 312, in setDatePattern dd.appendTemplate(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/datedetector.py", line 288, in appendTemplate template = _getPatternTemplate(pattern, key) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/datedetector.py", line 63, in _getPatternTemplate template = DatePatternRegex(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/datetemplate.py", line 291, in __init__ self.setRegex(pattern, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/datetemplate.py", line 330, in setRegex raise TypeError("Failed to set datepattern '%s' (may be an invalid format or unescaped percent char): %s" % (pattern, e)) TypeError: Failed to set datepattern '%Cat%a%%%g' (may be an invalid format or unescaped percent char): unsupported format character 'C' (0x43) at index 1 Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testGetNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['get', 'INVALID', 'COMMAND'] has failed. Received Exception('Invalid command (no get action or not yet implemented)') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 144, in __commandHandler return self.__commandGet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 510, in __commandGet raise Exception("Invalid command (no get action or not yet implemented)") Exception: Invalid command (no get action or not yet implemented) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailAttemptIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started maxRetry: 5 [TestJail1] Attempt 192.0.2.1 - 2022-10-25 17:41:45 Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 192.0.2.1:1 [TestJail1] Attempt 192.0.2.2 - 2022-10-25 17:41:45 Total # of detected failures: 2. Current failures from 2 IPs (IP:count): 192.0.2.1:1, 192.0.2.2:1 [TestJail1] Attempt 192.0.2.1 - 2022-10-25 17:41:45 Total # of detected failures: 3. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:1 [TestJail1] Attempt 192.0.2.2 - 2022-10-25 17:41:45 Total # of detected failures: 4. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:2 [TestJail1] Attempt 192.0.2.2 - 2022-10-25 17:41:45 Total # of detected failures: 5. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:5 [TestJail1] Ban 192.0.2.2 Banned 1 / 1, 1 ticket(s) in 'TestJail1' Shutdown in progress... Stopping all jails Stopping jail 'TestJail1' Flush ban list [TestJail1] Unban 192.0.2.2 Unbanned 1, 0 ticket(s) in 'TestJail1' [TestJail1] filter terminated Jail 'TestJail1' stopped Exiting Fail2ban ok testJailBanIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started [TestJail1] Ban 192.0.2.1 [TestJail1] 192.0.2.1 already banned [TestJail1] Ban 192.0.2.2 Banned 2 / 2, 2 ticket(s) in 'TestJail1' [TestJail1] Ban Badger Banned 1 / 3, 3 ticket(s) in 'TestJail1' 192.0.2.255 is not banned [TestJail1] Unban 192.0.2.1 [TestJail1] Unban 192.0.2.2 192.0.2.254 is not banned 192.0.2.255 is not banned Command ['set', 'TestJail1', 'unbanip', '--report-absent', '192.0.2.255'] has failed. Received ValueError("not banned: ['192.0.2.255']") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 372, in __commandSet return self.__server.setUnbanIP(name, value, ifexists=ifexists) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 547, in setUnbanIP cnt += jail.actions.removeBannedIP(value, ifexists=ifexists) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/actions.py", line 275, in removeBannedIP raise ValueError("not banned: %r" % missed) ValueError: not banned: ['192.0.2.255'] 192.0.2.255 is not banned 192.0.2.254 is not banned Shutdown in progress... Stopping all jails Stopping jail 'TestJail1' [TestJail1] filter terminated Flush ban list [TestJail1] Unban Badger Unbanned 1, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped Exiting Fail2ban ok testJailBanList (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJailBanList' Jail 'TestJailBanList' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJailBanList')) Created FilterPoll(Jail('TestJailBanList')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJailBanList' Jail 'TestJailBanList' started [TestJailBanList] Ban 127.0.0.1 Banned 1 / 1, 1 ticket(s) in 'TestJailBanList' [TestJailBanList] Ban 192.168.0.1 Banned 1 / 2, 2 ticket(s) in 'TestJailBanList' [TestJailBanList] Ban 192.168.1.10 Banned 1 / 3, 3 ticket(s) in 'TestJailBanList' [TestJailBanList] Unban 127.0.0.1 [TestJailBanList] Unban 192.168.1.10 [TestJailBanList] Unban 192.168.0.1 Shutdown in progress... Stopping all jails Stopping jail 'TestJailBanList' Jail 'TestJail1' stopped [TestJailBanList] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJailBanList' Jail 'TestJailBanList' stopped Exiting Fail2ban ok testJailBanTime (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend banTime: 600 banTime: 50 banTime: -50 banTime: 1315800 Command ['set', 'TestJail1', 'bantime', 'Cat'] has failed. Received NameError("name 'Cat' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 349, in __commandSet self.__server.setBanTime(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 528, in setBanTime self.__jails[name].actions.setBanTime(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/actions.py", line 202, in setBanTime value = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'Cat' is not defined Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailFindTime (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend findtime: 120 findtime: 60 findtime: 1800 findtime: -60 Command ['set', 'TestJail1', 'findtime', 'Dog'] has failed. Received NameError("name 'Dog' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 318, in __commandSet self.__server.setFindTime(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 424, in setFindTime self.__jails[name].filter.setFindTime(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 284, in setFindTime value = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'Dog' is not defined Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIdle (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'idle', 'CAT'] has failed. Received Exception("Invalid idle option, must be 'on' or 'off'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 219, in __commandSet raise Exception("Invalid idle option, must be 'on' or 'off'") Exception: Invalid idle option, must be 'on' or 'off' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreCache (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreCommand (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Add '127.0.0.1' to ignore list ('127.0.0.1') Add '192.168.1.1' to ignore list ('192.168.1.1') Add '8.8.8.8' to ignore list ('8.8.8.8') Remove '127.0.0.1' from ignore list Remove '192.168.1.1' from ignore list Remove '8.8.8.8' from ignore list Add '127.0.0.1' to ignore list ('127.0.0.1') Ignore duplicate '127.0.0.1' ('127.0.0.1'), already in ignore list Remove '127.0.0.1' from ignore list Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend ignoreregex: 'user john' ignoreregex: 'Admin user login from ' ignoreregex: 'Dont match me!' ignoreregex: 'Invalid [regex' Unable to compile regular expression 'Invalid [regex': unterminated character set at position 8 Command ['set', 'TestJail1', 'addignoreregex', 'Invalid [regex'] has failed. Received RegexException("Unable to compile regular expression 'Invalid [regex':\nunterminated character set at position 8") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 142, in __init__ self._regexObj = re.compile(regex, re.MULTILINE if multiline else 0) File "/usr/lib/python3.10/re.py", line 251, in compile return _compile(pattern, flags) File "/usr/lib/python3.10/re.py", line 303, in _compile p = sre_compile.compile(pattern, flags) File "/usr/lib/python3.10/sre_compile.py", line 788, in compile p = sre_parse.parse(p, flags) File "/usr/lib/python3.10/sre_parse.py", line 955, in parse p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0) File "/usr/lib/python3.10/sre_parse.py", line 444, in _parse_sub itemsappend(_parse(source, state, verbose, nested + 1, File "/usr/lib/python3.10/sre_parse.py", line 550, in _parse raise source.error("unterminated character set", re.error: unterminated character set at position 8 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 301, in __commandSet self.__server.addIgnoreRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 480, in addIgnoreRegex flt.addIgnoreRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 229, in addIgnoreRegex raise e File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 225, in addIgnoreRegex regex = Regex(value, useDns=self.__useDns) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 159, in __init__ raise RegexException("Unable to compile regular expression '%s':\n%s" % fail2ban.server.failregex.RegexException: Unable to compile regular expression 'Invalid [regex': unterminated character set at position 8 ignoreregex: 50 Command ['set', 'TestJail1', 'addignoreregex', 50] has failed. Received TypeError('expected string or bytes-like object') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 301, in __commandSet self.__server.addIgnoreRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 480, in addIgnoreRegex flt.addIgnoreRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 225, in addIgnoreRegex regex = Regex(value, useDns=self.__useDns) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 134, in __init__ regex = Regex._resolveHostTag(regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 220, in _resolveHostTag return FTAG_CRE.sub(substTag, regex) TypeError: expected string or bytes-like object Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogEncoding (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend encoding: UTF-8 encoding: ascii encoding: UTF-8 Command ['set', 'TestJail1', 'logencoding', 'Monkey'] has failed. Received LookupError('unknown encoding: Monkey') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 268, in __commandSet self.__server.setLogEncoding(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 417, in setLogEncoding filter_.setLogEncoding(encoding) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 1081, in setLogEncoding encoding = super(FileFilter, self).setLogEncoding(encoding) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 396, in setLogEncoding codecs.lookup(encoding) # Raise LookupError if invalid codec LookupError: unknown encoding: Monkey Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPath (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase01.log' (pos = 0, hash = 78326ba6fc2a389f12526f28b3cca2df2ce791f9) Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase02.log' (pos = 0, hash = 3d6a949c741e6c757c4de4158db995098d8bc62b) Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase03.log' (pos = 0, hash = 421b4a8d7575f35da4a636619cde917ecb759155) Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase01.log' Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase02.log' Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase03.log' Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log' (pos = 0, hash = f36501e23dfff6fbf4fe08282455aed0ecad8b3d) /home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log already exists Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log' Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log' (pos = 880, hash = f36501e23dfff6fbf4fe08282455aed0ecad8b3d) /home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log already exists Command ['set', 'TestJail1', 'addlogpath', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log', 'badger'] has failed. Received ValueError("File option must be 'head' or 'tail'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 255, in __commandSet raise ValueError("File option must be 'head' or 'tail'") ValueError: File option must be 'head' or 'tail' Command ['set', 'TestJail1', 'addlogpath', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/files/testcase04.log'] has failed. Received ValueError('Only one file can be added at a time') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 257, in __commandSet raise ValueError("Only one file can be added at a time") ValueError: Only one file can be added at a time Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPathBrokenSymlink (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'addlogpath', '/tmp/tmp_fail2ban_broken_symlinko2872fdv.slink'] has failed. Received FileNotFoundError(2, 'No such file or directory') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 258, in __commandSet self.__server.addLogPath(name, value, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 382, in addLogPath filter_.addLogPath(fileName, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 1006, in addLogPath log = FileContainer(path, self.getLogEncoding(), tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 1327, in __init__ handler = open(filename, 'rb') FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmp_fail2ban_broken_symlinko2872fdv.slink' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPathInvalidFile (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'addlogpath', "this_file_shouldn't_exist"] has failed. Received FileNotFoundError(2, 'No such file or directory') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 258, in __commandSet self.__server.addLogPath(name, value, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 382, in addLogPath filter_.addLogPath(fileName, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 1006, in addLogPath log = FileContainer(path, self.getLogEncoding(), tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 1327, in __init__ handler = open(filename, 'rb') FileNotFoundError: [Errno 2] No such file or directory: "this_file_shouldn't_exist" Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxLines (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend maxLines: 5 maxLines: 2 Command ['set', 'TestJail1', 'maxlines', '-2'] has failed. Received ValueError('maxlines must be integer greater than zero') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 343, in __commandSet self.__server.setMaxLines(name, int(value)) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 507, in setMaxLines self.__jails[name].filter.setMaxLines(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 376, in setMaxLines raise ValueError("maxlines must be integer greater than zero") ValueError: maxlines must be integer greater than zero Command ['set', 'TestJail1', 'maxlines', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 343, in __commandSet self.__server.setMaxLines(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxMatches (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'maxmatches', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 333, in __commandSet self.__server.setMaxMatches(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxRetry (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend maxRetry: 5 maxRetry: 2 maxRetry: -2 Command ['set', 'TestJail1', 'maxretry', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 338, in __commandSet self.__server.setMaxRetry(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailPrefRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend prefregex: '^Test' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend failregex: 'user john at ' failregex: 'Admin user login from ' failregex: 'failed attempt from again' failregex: 'No host regex' No failure-id group in 'No host regex' Command ['set', 'TestJail1', 'addfailregex', 'No host regex'] has failed. Received RegexException("No failure-id group in 'No host regex'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 289, in __commandSet self.__server.addFailRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 467, in addFailRegex flt.addFailRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 194, in addFailRegex raise e File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 189, in addFailRegex regex = FailRegex(value, prefRegex=self.__prefRegex, multiline=multiLine, File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 432, in __init__ raise RegexException("No failure-id group in '%s'" % self._regex) fail2ban.server.failregex.RegexException: No failure-id group in 'No host regex' failregex: 654 Command ['set', 'TestJail1', 'addfailregex', 654] has failed. Received TypeError('expected string or bytes-like object') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 289, in __commandSet self.__server.addFailRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 467, in addFailRegex flt.addFailRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 189, in addFailRegex regex = FailRegex(value, prefRegex=self.__prefRegex, multiline=multiLine, File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 426, in __init__ Regex.__init__(self, regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 134, in __init__ regex = Regex._resolveHostTag(regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/failregex.py", line 220, in _resolveHostTag return FTAG_CRE.sub(substTag, regex) TypeError: expected string or bytes-like object Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatus (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusBasic (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusBasicKwarg (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Unsupported extended jail status flavor 'INVALID'. Supported: ['short', 'basic', 'cymru'] Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusCymru (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend dnspython package is required but could not be imported Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailUseDNS (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Setting usedns = yes for FilterPoll(Jail('TestJail1')) Setting usedns = warn for FilterPoll(Jail('TestJail1')) Setting usedns = no for FilterPoll(Jail('TestJail1')) Incorrect value 'fish' specified for usedns. Using safe 'no' Setting usedns = no for FilterPoll(Jail('TestJail1')) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJournalFlagsMatch (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban skipped 'systemd python interface not available' testJournalMatch (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban skipped 'systemd python interface not available' testLogTimeZone (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'logtimezone', 'not-a-time-zone'] has failed. Received ValueError("Unknown or unsupported time zone: 'not-a-time-zone'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 328, in __commandSet self.__server.setLogTimeZone(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 436, in setLogTimeZone self.__jails[name].filter.setLogTimeZone(tz) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/filter.py", line 340, in setLogTimeZone validateTimeZone(tz); # avoid setting of wrong value, but hold original File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/strptime.py", line 156, in validateTimeZone raise ValueError("Unknown or unsupported time zone: %r" % tz) ValueError: Unknown or unsupported time zone: 'not-a-time-zone' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['INVALID', 'COMMAND'] has failed. Received Exception('Invalid command') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 152, in __commandHandler raise Exception("Invalid command") Exception: Invalid command Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testPing (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testPythonActionMethodsAndProperties (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend :283: DeprecationWarning: the load_module() method is deprecated and slated for removal in Python 3.12; use exec_module() instead TestAction initialised Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testServerIsNotStarted (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSetIPv6 (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend IPv6 is on IPv6 is off IPv6 is auto Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSetNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'INVALID', 'COMMAND'] has failed. Received Exception("Invalid command 'COMMAND' (no set action or not yet implemented)") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 409, in __commandSet raise Exception("Invalid command %r (no set action or not yet implemented)" % (command[1],)) Exception: Invalid command 'COMMAND' (no set action or not yet implemented) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSleep (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testStartStopAllJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started Starting jail 'TestJail2' Jail 'TestJail2' started Stopping all jails Stopping jail 'TestJail1' Stopping jail 'TestJail2' [TestJail1] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped [TestJail2] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail2' Jail 'TestJail2' stopped Shutdown in progress... Stopping all jails Exiting Fail2ban ok testStartStopJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started Stopping jail 'TestJail1' [TestJail1] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped Shutdown in progress... Stopping all jails Exiting Fail2ban ok testStatus (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Jail 'TestJail2' stopped Exiting Fail2ban ok testStatusNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['status', 'INVALID', 'COMMAND'] has failed. Received UnknownJailException('INVALID') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jails.py", line 81, in __getitem__ return self._jails[name] KeyError: 'INVALID' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 146, in __commandHandler return self.status(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/transmitter.py", line 521, in status return self.__server.statusJail(name, flavor=flavor) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/server.py", line 625, in statusJail return self.__jails[name].status(flavor=flavor) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jails.py", line 83, in __getitem__ raise UnknownJailException(name) fail2ban.exceptions.UnknownJailException: 'INVALID' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testStopServer (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testVersion (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testLongName (fail2ban.tests.servertestcase.JailTests) ... ok testHost (fail2ban.tests.servertestcase.RegexTests) ... ok testInit (fail2ban.tests.servertestcase.RegexTests) ... ok testStr (fail2ban.tests.servertestcase.RegexTests) ... ok testFail2BanExceptHook (fail2ban.tests.servertestcase.LoggingTests) ... Unhandled exception in Fail2Ban: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/server/jailthread.py", line 69, in run_with_except_hook run(*args, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.1/fail2ban/tests/servertestcase.py", line 1143, in run raise RuntimeError('run bad thread exception') RuntimeError: run bad thread exception ok testGetF2BLogger (fail2ban.tests.servertestcase.LoggingTests) ... ok testStartFailedSockExists (fail2ban.tests.servertestcase.LoggingTests) ... -------------------------------------------------- Starting Fail2ban v1.0.1 Creating PID file /tmp/f2b-testp53hk0vrfail2ban.pid Observer start... Starting communication Fail2ban seems to be already running Could not start server: Server already running Shutdown in progress... Stop communication, shutdown Observer stop ... try to end queue 5 seconds Observer stopped, 0 events remaining. Stopping all jails Exiting Fail2ban Remove PID file /tmp/f2b-testp53hk0vrfail2ban.pid ok testCheckStockAllActions (fail2ban.tests.servertestcase.ServerConfigReaderTests) ... Loading configs for action.d/firewallcmd-rich-logging under config Reading configs for action.d/firewallcmd-rich-logging under config Reading config files: config/action.d/firewallcmd-rich-logging.conf Loading files: ['config/action.d/firewallcmd-rich-logging.conf'] Loading files: ['config/action.d/firewallcmd-rich-rules.conf'] Loading files: ['config/action.d/firewallcmd-common.conf'] Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-rich-rules.conf', 'config/action.d/firewallcmd-rich-logging.conf'] Jail name 'j-firewallcmd-rich-logging' might be too long and some commands might not function correctly. Please shorten Creating new jail 'j-firewallcmd-rich-logging' Jail 'j-firewallcmd-rich-logging' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-rich-logging')) Created FilterPoll(Jail('j-firewallcmd-rich-logging')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' log prefix=\'f2b-j-firewallcmd-rich-logging\' level=\'info\' limit value=\'1/m\' reject type=\'\'"; done' Set actionunban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' log prefix=\'f2b-j-firewallcmd-rich-logging\' level=\'info\' limit value=\'1/m\' reject type=\'\'"; done' Set name = 'j-firewallcmd-rich-logging' Set actname = 'firewallcmd-rich-logging' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Set level = 'info' Set rate = '1' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === Loading configs for action.d/cloudflare-token under config Reading configs for action.d/cloudflare-token under config Reading config files: config/action.d/cloudflare-token.conf Loading files: ['config/action.d/cloudflare-token.conf'] Loading files: ['config/action.d/cloudflare-token.conf'] Creating new jail 'j-cloudflare-token' Jail 'j-cloudflare-token' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-cloudflare-token')) Created FilterPoll(Jail('j-cloudflare-token')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n--data \'{"mode":"block","configuration":{"target":"","value":""},"notes":"Fail2Ban j-cloudflare-token"}\'' Set actionunban = 'id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=&configuration.value=" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n| awk -F"[,:}]" \'{for(i=1;i<=NF;i++){if($i~/\'id\'\\042/){print $(i+1)}}}\' \\\n| tr -d \' "\' \\\n| head -n 1)\nif [ -z "$id" ]; then echo "j-cloudflare-token: id for cannot be found using target "; exit 0; fi; \\\ncurl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n--data \'{"cascade": "none"}\'' Set name = 'j-cloudflare-token' Set actname = 'cloudflare-token' Set cftarget = 'ip' Set cfmode = 'block' Set notes = 'Fail2Ban ' Set cftarget?family=inet6 = 'ip6' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === Loading configs for action.d/firewallcmd-common under config Reading configs for action.d/firewallcmd-common under config Reading config files: config/action.d/firewallcmd-common.conf Loading files: ['config/action.d/firewallcmd-common.conf'] No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' Creating new jail 'j-firewallcmd-common' Jail 'j-firewallcmd-common' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-common')) Created FilterPoll(Jail('j-firewallcmd-common')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = None Set actionstart_on_demand = None Set actionstop = None Set actionflush = None Set actionreload = None Set actioncheck = None Set actionrepair = None Set actionrepair_on_unban = None Set actionban = None Set actionprolong = None Set actionreban = None Set actionunban = None Set norestored = None Set name = 'j-firewallcmd-common' Set actname = 'firewallcmd-common' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` Loading configs for action.d/ipfilter under config Reading configs for action.d/ipfilter under config Reading config files: config/action.d/ipfilter.conf Loading files: ['config/action.d/ipfilter.conf'] Loading files: ['config/action.d/ipfilter.conf'] Creating new jail 'j-ipfilter' Jail 'j-ipfilter' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-ipfilter')) Created FilterPoll(Jail('j-ipfilter')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '/sbin/ipf -E' Set actionstop = '' Set actioncheck = '' Set actionban = 'echo block "return-icmp(port-unr)" in quick from /32 | /sbin/ipf -f -' Set actionunban = 'echo block "return-icmp(port-unr)" in quick from /32 | /sbin/ipf -r -f -' Set name = 'j-ipfilter' Set actname = 'ipfilter' Set blocktype = '"return-icmp(port-unr)"' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === Loading configs for action.d/complain under config Reading configs for action.d/complain under config Reading config files: config/action.d/complain.conf Loading files: ['config/action.d/complain.conf'] Loading files: ['config/action.d/helpers-common.conf'] Loading files: ['config/action.d/helpers-common.conf', 'config/action.d/complain.conf'] Creating new jail 'j-complain' Jail 'j-complain' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-complain')) Created FilterPoll(Jail('j-complain')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'oifs=${IFS};\nRESOLVER_ADDR="abuse-contacts.abusix.org"\nif [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi\nADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d \'"\')\nIFS=,; ADDRESSES=$(echo $ADDRESSES)\nIFS=${oifs}\nIP=\nif [ ! -z "$ADDRESSES" ]; then\n( printf %b "Dear Sir/Madam,\\n\\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\\n\\nLog lines are given below, but please ask if you require any further information.\\n\\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\\n\\n This mail was generated by Fail2Ban.\\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\\n\\n"; date \'+Note: Local timezone is %z (%Z)\';\nprintf %b "\\nLines containing failures of (max 1000)\\n";\nlogpath="/dev/null"; grep -m 1000 -wF "" $logpath | tail -n 1000;\n) | mail -E \'set escape\' -s "Abuse from " $ADDRESSES\nfi' Set actionunban = '' Set norestored = True Set name = 'j-complain' Set actname = 'complain' Set greplimit = 'tail -n ' Set grepmax = '1000' Set grepopts = '-m ' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === Loading configs for action.d/sendmail-buffered under config Reading configs for action.d/sendmail-buffered under config Reading config files: config/action.d/sendmail-buffered.conf Loading files: ['config/action.d/sendmail-buffered.conf'] Loading files: ['config/action.d/sendmail-common.conf'] Loading files: ['config/action.d/sendmail-common.local'] Loading files: ['config/action.d/sendmail-common.conf', 'config/action.d/sendmail-buffered.conf'] Creating new jail 'j-sendmail-buffered' Jail 'j-sendmail-buffered' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-buffered')) Created FilterPoll(Jail('j-sendmail-buffered')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-buffered has been started successfully.\\n\nOutput will be buffered until 5 lines are available.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'if [ -f /var/run/fail2ban/tmp-mail.txt ]; then\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"\nrm /var/run/fail2ban/tmp-mail.txt\nfi\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-buffered has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = 'printf %b "`date`: ( failures)\\n" >> /var/run/fail2ban/tmp-mail.txt\nLINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk \'{ print $1 }\' )\nif [ $LINE -ge 5 ]; then\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"\nrm /var/run/fail2ban/tmp-mail.txt\nfi' Set actionunban = '' Set norestored = True Set name = 'j-sendmail-buffered' Set actname = 'sendmail-buffered' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Set lines = '5' Set tmpfile = '/var/run/fail2ban/tmp-mail.txt' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/osx-ipfw under config Reading configs for action.d/osx-ipfw under config Reading config files: config/action.d/osx-ipfw.conf Loading files: ['config/action.d/osx-ipfw.conf'] Loading files: ['config/action.d/osx-ipfw.conf'] Creating new jail 'j-osx-ipfw' Jail 'j-osx-ipfw' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-osx-ipfw')) Created FilterPoll(Jail('j-osx-ipfw')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from to me ssh' Set actionunban = "ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from to me' | awk '{print $1;}'`" Set name = 'j-osx-ipfw' Set actname = 'osx-ipfw' Set port = 'ssh' Set dst = 'me' Set block = 'tcp' Set blocktype = 'unreach port' Set setnum = '10' Set rulenum = '"`echo $((RANDOM%2000+10000))`"' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === Loading configs for action.d/firewallcmd-new under config Reading configs for action.d/firewallcmd-new under config Reading config files: config/action.d/firewallcmd-new.conf Loading files: ['config/action.d/firewallcmd-new.conf'] Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-new.conf'] Creating new jail 'j-firewallcmd-new' Jail 'j-firewallcmd-new' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-new')) Created FilterPoll(Jail('j-firewallcmd-new')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'firewall-cmd --direct --add-chain filter f2b-j-firewallcmd-new\nfirewall-cmd --direct --add-rule filter f2b-j-firewallcmd-new 1000 -j RETURN\nfirewall-cmd --direct --add-rule filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new' Set actionstop = 'firewall-cmd --direct --remove-rule filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new\nfirewall-cmd --direct --remove-rules filter f2b-j-firewallcmd-new\nfirewall-cmd --direct --remove-chain filter f2b-j-firewallcmd-new' Set actioncheck = "firewall-cmd --direct --get-chains filter | sed -e 's, ,\\n,g' | grep -q 'f2b-j-firewallcmd-new$'" Set actionban = 'firewall-cmd --direct --add-rule filter f2b-j-firewallcmd-new 0 -s -j REJECT --reject-with ' Set actionunban = 'firewall-cmd --direct --remove-rule filter f2b-j-firewallcmd-new 0 -s -j REJECT --reject-with ' Set name = 'j-firewallcmd-new' Set actname = 'firewallcmd-new' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` Loading configs for action.d/sendmail-whois under config Reading configs for action.d/sendmail-whois under config Reading config files: config/action.d/sendmail-whois.conf Loading files: ['config/action.d/sendmail-whois.conf'] Loading files: ['config/action.d/mail-whois-common.conf'] Loading files: ['config/action.d/mail-whois-common.local'] Loading files: ['config/action.d/sendmail-common.conf', 'config/action.d/mail-whois-common.conf', 'config/action.d/sendmail-whois.conf'] Creating new jail 'j-sendmail-whois' Jail 'j-sendmail-whois' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-whois')) Created FilterPoll(Jail('j-sendmail-whois')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-whois has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-whois has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = 'printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned from \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe IP has just been banned by Fail2Ban after\n attempts against j-sendmail-whois.\\n\\n\nHere is more information about :\\n\n`whois || echo "missing whois program"`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionunban = '' Set norestored = True Set name = 'j-sendmail-whois' Set actname = 'sendmail-whois' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/hostsdeny under config Reading configs for action.d/hostsdeny under config Reading config files: config/action.d/hostsdeny.conf Loading files: ['config/action.d/hostsdeny.conf'] Loading files: ['config/action.d/hostsdeny.conf'] Creating new jail 'j-hostsdeny' Jail 'j-hostsdeny' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-hostsdeny')) Created FilterPoll(Jail('j-hostsdeny')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'printf %b "ALL: \\n" >> /etc/hosts.deny' Set actionunban = 'IP=$(echo "" | sed \'s/[][\\.]/\\\\\\0/g\') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny' Set name = 'j-hostsdeny' Set actname = 'hostsdeny' Set file = '/etc/hosts.deny' Set daemon_list = 'ALL' Set ip_value = '' Set ip_value?family=inet6 = '[]' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === Loading configs for action.d/nftables-multiport under config Reading configs for action.d/nftables-multiport under config Reading config files: config/action.d/nftables-multiport.conf Loading files: ['config/action.d/nftables-multiport.conf'] Loading files: ['config/action.d/nftables.conf'] Loading files: ['config/action.d/nftables-common.local'] Loading files: ['config/action.d/nftables.conf', 'config/action.d/nftables-multiport.conf'] Creating new jail 'j-nftables-multiport' Jail 'j-nftables-multiport' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-nftables-multiport')) Created FilterPoll(Jail('j-nftables-multiport')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "nft add table inet f2b-table\nnft -- add chain inet f2b-table f2b-chain \\{ type filter hook input priority -1 \\; \\}\nnft add set inet f2b-table \\{ type \\; \\}\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\nnft add rule inet f2b-table f2b-chain $proto dport \\{ $(echo 'ssh' | sed s/:/-/g) \\} saddr @ reject\ndone" Set actionstop = "{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \n{ nft list table inet f2b-table | grep -qP '^\\s+set\\s+'; } || {\nnft delete table inet f2b-table\n}" Set actionflush = "{ nft flush set inet f2b-table 2> /dev/null; } || {\n{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \nnft add set inet f2b-table \\{ type \\; \\}\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\nnft add rule inet f2b-table f2b-chain $proto dport \\{ $(echo 'ssh' | sed s/:/-/g) \\} saddr @ reject\ndone\n}" Set actioncheck = "nft list chain inet f2b-table f2b-chain | grep -q '@[ \\t]'" Set actionban = 'nft add element inet f2b-table \\{ \\}' Set actionunban = 'nft delete element inet f2b-table \\{ \\}' Set name = 'j-nftables-multiport' Set actname = 'nftables-multiport' Set table = 'f2b-table' Set table_family = 'inet' Set chain = 'f2b-chain' Set chain_type = 'filter' Set chain_hook = 'input' Set chain_priority = '-1' Set addr_type = 'ipv4_addr' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'reject' Set nftables = 'nft' Set addr_set = 'addr-set-' Set addr_family = 'ip' Set addr_family?family=inet6 = 'ip6' Set addr_type?family=inet6 = 'ipv6_addr' Set addr_set?family=inet6 = 'addr6-set-' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` Loading configs for action.d/shorewall under config Reading configs for action.d/shorewall under config Reading config files: config/action.d/shorewall.conf Loading files: ['config/action.d/shorewall.conf'] Loading files: ['config/action.d/shorewall.conf'] Creating new jail 'j-shorewall' Jail 'j-shorewall' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-shorewall')) Created FilterPoll(Jail('j-shorewall')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'shorewall reject ' Set actionunban = 'shorewall allow ' Set name = 'j-shorewall' Set actname = 'shorewall' Set family = '' Set blocktype = 'reject' Set family?family=inet6 = '6' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === Loading configs for action.d/iptables-ipset-proto4 under config Reading configs for action.d/iptables-ipset-proto4 under config Reading config files: config/action.d/iptables-ipset-proto4.conf Loading files: ['config/action.d/iptables-ipset-proto4.conf'] Loading files: ['config/action.d/iptables.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-ipset-proto4.conf'] Creating new jail 'j-iptables-ipset-proto4' Jail 'j-iptables-ipset-proto4' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-ipset-proto4')) Created FilterPoll(Jail('j-iptables-ipset-proto4')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "ipset --create f2b-j-iptables-ipset-proto4 iphash\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j >/dev/null 2>&1; } || { -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j ; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j \ndone\nipset --flush f2b-j-iptables-ipset-proto4\nipset --destroy f2b-j-iptables-ipset-proto4" Set actionflush = 'ipset --flush f2b-j-iptables-ipset-proto4' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j \ndone" Set actionban = 'ipset --test f2b-j-iptables-ipset-proto4 || ipset --add f2b-j-iptables-ipset-proto4 ' Set actionunban = 'ipset --test f2b-j-iptables-ipset-proto4 && ipset --del f2b-j-iptables-ipset-proto4 ' Set name = 'j-iptables-ipset-proto4' Set actname = 'iptables-ipset-proto4' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` Loading configs for action.d/mail-whois-common under config Reading configs for action.d/mail-whois-common under config Reading config files: config/action.d/mail-whois-common.conf Loading files: ['config/action.d/mail-whois-common.conf'] No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' Creating new jail 'j-mail-whois-common' Jail 'j-mail-whois-common' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mail-whois-common')) Created FilterPoll(Jail('j-mail-whois-common')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = None Set actionstart_on_demand = None Set actionstop = None Set actionflush = None Set actionreload = None Set actioncheck = None Set actionrepair = None Set actionrepair_on_unban = None Set actionban = None Set actionprolong = None Set actionreban = None Set actionunban = None Set norestored = None Set name = 'j-mail-whois-common' Set actname = 'mail-whois-common' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` Loading configs for action.d/abuseipdb under config Reading configs for action.d/abuseipdb under config Reading config files: config/action.d/abuseipdb.conf Loading files: ['config/action.d/abuseipdb.conf'] Loading files: ['config/action.d/abuseipdb.conf'] Creating new jail 'j-abuseipdb' Jail 'j-abuseipdb' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-abuseipdb')) Created FilterPoll(Jail('j-abuseipdb')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'lgm=$(printf \'%.1000s\\n...\' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=" --data "categories="' Set actionunban = '' Set norestored = True Set name = 'j-abuseipdb' Set actname = 'abuseipdb' Set abuseipdb_apikey = '' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === Loading configs for action.d/nftables-allports under config Reading configs for action.d/nftables-allports under config Reading config files: config/action.d/nftables-allports.conf Loading files: ['config/action.d/nftables-allports.conf'] Loading files: ['config/action.d/nftables.conf', 'config/action.d/nftables-allports.conf'] Creating new jail 'j-nftables-allports' Jail 'j-nftables-allports' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-nftables-allports')) Created FilterPoll(Jail('j-nftables-allports')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'nft add table inet f2b-table\nnft -- add chain inet f2b-table f2b-chain \\{ type filter hook input priority -1 \\; \\}\nnft add set inet f2b-table \\{ type \\; \\}\n\nnft add rule inet f2b-table f2b-chain meta l4proto \\{ tcp \\} saddr @ reject\n' Set actionstop = "{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \n{ nft list table inet f2b-table | grep -qP '^\\s+set\\s+'; } || {\nnft delete table inet f2b-table\n}" Set actionflush = "{ nft flush set inet f2b-table 2> /dev/null; } || {\n{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \nnft add set inet f2b-table \\{ type \\; \\}\n\nnft add rule inet f2b-table f2b-chain meta l4proto \\{ tcp \\} saddr @ reject\n\n}" Set actioncheck = "nft list chain inet f2b-table f2b-chain | grep -q '@[ \\t]'" Set actionban = 'nft add element inet f2b-table \\{ \\}' Set actionunban = 'nft delete element inet f2b-table \\{ \\}' Set name = 'j-nftables-allports' Set actname = 'nftables-allports' Set table = 'f2b-table' Set table_family = 'inet' Set chain = 'f2b-chain' Set chain_type = 'filter' Set chain_hook = 'input' Set chain_priority = '-1' Set addr_type = 'ipv4_addr' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'reject' Set nftables = 'nft' Set addr_set = 'addr-set-' Set addr_family = 'ip' Set addr_family?family=inet6 = 'ip6' Set addr_type?family=inet6 = 'ipv6_addr' Set addr_set?family=inet6 = 'addr6-set-' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` Loading configs for action.d/iptables-xt_recent-echo under config Reading configs for action.d/iptables-xt_recent-echo under config Reading config files: config/action.d/iptables-xt_recent-echo.conf Loading files: ['config/action.d/iptables-xt_recent-echo.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-xt_recent-echo.conf'] Creating new jail 'j-iptables-xt_recent-echo' Jail 'j-iptables-xt_recent-echo' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-xt_recent-echo')) Created FilterPoll(Jail('j-iptables-xt_recent-echo')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'if [ `id -u` -eq 0 ];then\n{ -C INPUT -m recent --update --seconds 3600 --name -j >/dev/null 2>&1; } || { -I INPUT -m recent --update --seconds 3600 --name -j ; }\nfi' Set actionstop = 'echo / > /proc/net/xt_recent/\nif [ `id -u` -eq 0 ];then\n -D INPUT -m recent --update --seconds 3600 --name -j ;\nfi' Set actionflush = '' Set actioncheck = '{ -C INPUT -m recent --update --seconds 3600 --name -j ; } && test -e /proc/net/xt_recent/' Set actionban = 'echo + > /proc/net/xt_recent/' Set actionunban = 'echo - > /proc/net/xt_recent/' Set name = 'j-iptables-xt_recent-echo' Set actname = 'iptables-xt_recent-echo' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Set iptname = 'f2b-' Set iptname?family=inet6 = 'f2b-6' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` Loading configs for action.d/iptables-ipset-proto6 under config Reading configs for action.d/iptables-ipset-proto6 under config Reading config files: config/action.d/iptables-ipset-proto6.conf Loading files: ['config/action.d/iptables-ipset-proto6.conf'] Loading files: ['config/action.d/iptables-ipset.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-ipset.conf', 'config/action.d/iptables-ipset-proto6.conf'] Creating new jail 'j-iptables-ipset-proto6' Jail 'j-iptables-ipset-proto6' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-ipset-proto6')) Created FilterPoll(Jail('j-iptables-ipset-proto6')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "ipset -exist create hash:ip timeout 0 \nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j >/dev/null 2>&1; } || { -I INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j ; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j \ndone\nipset flush \nipset destroy " Set actionflush = 'ipset flush ' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j \ndone" Set actionban = 'ipset -exist add timeout 0' Set actionunban = 'ipset -exist del ' Set name = 'j-iptables-ipset-proto6' Set actname = 'iptables-ipset-proto6' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Set default-ipsettime = '0' Set ipsettime = '0' Set timeout-bantime = '$([ "" -le 2147483 ] && echo "" || echo 0)' Set ipmset = 'f2b-' Set familyopt = '' Set ipmset?family=inet6 = 'f2b-6' Set familyopt?family=inet6 = 'family inet6' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` Loading configs for action.d/ipthreat under config Reading configs for action.d/ipthreat under config Reading config files: config/action.d/ipthreat.conf Loading files: ['config/action.d/ipthreat.conf'] Loading files: ['config/action.d/ipthreat.conf'] Creating new jail 'j-ipthreat' Jail 'j-ipthreat' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-ipthreat')) Created FilterPoll(Jail('j-ipthreat')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\\"ip\\":\\"\\",\\"flags\\":\\"8\\",\\"system\\":\\"j-ipthreat\\",\\"notes\\":\\"fail2ban\\"}"' Set actionunban = '' Set norestored = True Set name = 'j-ipthreat' Set actname = 'ipthreat' Set ipthreat_apikey = '' Set ipthreat_system = '' Set ipthreat_flags = '8' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === Loading configs for action.d/mail under config Reading configs for action.d/mail under config Reading config files: config/action.d/mail.conf Loading files: ['config/action.d/mail.conf'] Loading files: ['config/action.d/mail.conf'] Creating new jail 'j-mail' Jail 'j-mail' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mail')) Created FilterPoll(Jail('j-mail')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Hi,\\n\nThe jail j-mail has been started successfully.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail: started on " root' Set actionstop = 'printf %b "Hi,\\n\nThe jail j-mail has been stopped.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail: stopped on " root' Set actioncheck = '' Set actionban = 'printf %b "Hi,\\n\nThe IP has just been banned by Fail2Ban after\n attempts against j-mail.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail: banned from " root' Set actionunban = '' Set norestored = True Set name = 'j-mail' Set actname = 'mail' Set dest = 'root' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` Loading configs for action.d/iptables-multiport under config Reading configs for action.d/iptables-multiport under config Reading config files: config/action.d/iptables-multiport.conf Loading files: ['config/action.d/iptables-multiport.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-multiport.conf'] Creating new jail 'j-iptables-multiport' Jail 'j-iptables-multiport' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-multiport')) Created FilterPoll(Jail('j-iptables-multiport')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "{ -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { -N f2b-j-iptables-multiport || true; -A f2b-j-iptables-multiport -j RETURN; }\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport\ndone\n -F f2b-j-iptables-multiport\n -X f2b-j-iptables-multiport" Set actionflush = ' -F f2b-j-iptables-multiport' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport\ndone" Set actionban = ' -I f2b-j-iptables-multiport 1 -s -j ' Set actionunban = ' -D f2b-j-iptables-multiport -s -j ' Set name = 'j-iptables-multiport' Set actname = 'iptables-multiport' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` Loading configs for action.d/blocklist_de under config Reading configs for action.d/blocklist_de under config Reading config files: config/action.d/blocklist_de.conf Loading files: ['config/action.d/blocklist_de.conf'] Loading files: ['config/action.d/blocklist_de.conf'] Creating new jail 'j-blocklist_de' Jail 'j-blocklist_de' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-blocklist_de')) Created FilterPoll(Jail('j-blocklist_de')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=" --data-urlencode "logs=
" --data \'format=text\' --user-agent "" "https://www.blocklist.de/en/httpreports.html"' Set actionunban = '' Set name = 'j-blocklist_de' Set actname = 'blocklist_de' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === Loading configs for action.d/apf under config Reading configs for action.d/apf under config Reading config files: config/action.d/apf.conf Loading files: ['config/action.d/apf.conf'] Loading files: ['config/action.d/apf.conf'] Creating new jail 'j-apf' Jail 'j-apf' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-apf')) Created FilterPoll(Jail('j-apf')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'apf --deny "banned by Fail2Ban j-apf"' Set actionunban = 'apf --remove ' Set name = 'j-apf' Set actname = 'apf' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === Loading configs for action.d/ipfw under config Reading configs for action.d/ipfw under config Reading config files: config/action.d/ipfw.conf Loading files: ['config/action.d/ipfw.conf'] Loading files: ['config/action.d/ipfw.conf'] Creating new jail 'j-ipfw' Jail 'j-ipfw' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-ipfw')) Created FilterPoll(Jail('j-ipfw')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ipfw add unreach port tcp from to 127.0.0.1 ssh' Set actionunban = 'ipfw delete `ipfw list | grep -i "[^0-9][^0-9]" | awk \'{print $1;}\'`' Set name = 'j-ipfw' Set actname = 'ipfw' Set port = 'ssh' Set localhost = '127.0.0.1' Set blocktype = 'unreach port' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === Loading configs for action.d/nginx-block-map under config Reading configs for action.d/nginx-block-map under config Reading config files: config/action.d/nginx-block-map.conf Loading files: ['config/action.d/nginx-block-map.conf'] Loading files: ['config/action.d/nginx-block-map.conf'] Creating new jail 'j-nginx-block-map' Jail 'j-nginx-block-map' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-nginx-block-map')) Created FilterPoll(Jail('j-nginx-block-map')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "touch '/etc/nginx//blacklisted-sessions.map'" Set actionstart_on_demand = False Set actionstop = 'truncate -s 0 \'/etc/nginx//blacklisted-sessions.map\'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then\nnginx -s reload; if [ $? -ne 0 ]; then echo \'reload failed.\'; fi;\nfi;' Set actionflush = 'truncate -s 0 \'/etc/nginx//blacklisted-sessions.map\'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then\nnginx -s reload; if [ $? -ne 0 ]; then echo \'reload failed.\'; fi;\nfi;' Set actioncheck = '' Set actionban = 'printf \'\\%s 1;\\n\' "" >> \'/etc/nginx//blacklisted-sessions.map\'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then\nnginx -s reload; if [ $? -ne 0 ]; then echo \'reload failed.\'; fi;\nfi;' Set actionunban = 'id=$(printf \'\\%s 1;\\n\' "" | sed -e \'s/[]\\/$*.^|[]/\\\\&/g\'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then\nnginx -s reload; if [ $? -ne 0 ]; then echo \'reload failed.\'; fi;\nfi;' Set name = 'j-nginx-block-map' Set actname = 'nginx-block-map' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` Loading configs for action.d/cloudflare under config Reading configs for action.d/cloudflare under config Reading config files: config/action.d/cloudflare.conf Loading files: ['config/action.d/cloudflare.conf'] Loading files: ['config/action.d/cloudflare.conf'] Creating new jail 'j-cloudflare' Jail 'j-cloudflare' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-cloudflare')) Created FilterPoll(Jail('j-cloudflare')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl -s -o /dev/null -X POST -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' \\\n-d \'{"mode":"block","configuration":{"target":"","value":""},"notes":"Fail2Ban j-cloudflare"}\' \\\nhttps://api.cloudflare.com/client/v4/user/firewall/access_rules/rules' Set actionunban = 'id=$(curl -s -X GET -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' \\\n"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=&configuration_value=&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \\\n| { jq -r \'.result[0].id\' 2>/dev/null || tr -d \'\\n\' | sed -nE \'s/^.*"result"\\s*:\\s*\\[\\s*\\{\\s*"id"\\s*:\\s*"([^"]+)".*$/\\1/p\'; })\nif [ -z "$id" ]; then echo "j-cloudflare: id for cannot be found"; exit 0; fi;\ncurl -s -o /dev/null -X DELETE -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"' Set name = 'j-cloudflare' Set actname = 'cloudflare' Set cftoken = '' Set cfuser = '' Set cftarget = 'ip' Set cftarget?family=inet6 = 'ip6' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === Loading configs for action.d/route under config Reading configs for action.d/route under config Reading config files: config/action.d/route.conf Loading files: ['config/action.d/route.conf'] Loading files: ['config/action.d/route.conf'] Creating new jail 'j-route' Jail 'j-route' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-route')) Created FilterPoll(Jail('j-route')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ip route add unreachable ' Set actionunban = 'ip route del unreachable ' Set name = 'j-route' Set actname = 'route' Set blocktype = 'unreachable' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === Loading configs for action.d/mail-whois-lines under config Reading configs for action.d/mail-whois-lines under config Reading config files: config/action.d/mail-whois-lines.conf Loading files: ['config/action.d/mail-whois-lines.conf'] Loading files: ['config/action.d/mail-whois-common.conf', 'config/action.d/helpers-common.conf', 'config/action.d/mail-whois-lines.conf'] Creating new jail 'j-mail-whois-lines' Jail 'j-mail-whois-lines' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mail-whois-lines')) Created FilterPoll(Jail('j-mail-whois-lines')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Hi,\\n\nThe jail j-mail-whois-lines has been started successfully.\\n\nRegards,\\n\nFail2Ban" | mail -E \'set escape\' -s "[Fail2Ban] j-mail-whois-lines: started on " root' Set actionstop = 'printf %b "Hi,\\n\nThe jail j-mail-whois-lines has been stopped.\\n\nRegards,\\n\nFail2Ban" | mail -E \'set escape\' -s "[Fail2Ban] j-mail-whois-lines: stopped on " root' Set actioncheck = '' Set actionban = '( printf %b "Hi,\\n\nThe IP has just been banned by Fail2Ban after\n attempts against j-mail-whois-lines.\\n\\n\nHere is more information about :\\n"\nwhois || echo "missing whois program";\nprintf %b "\\nLines containing failures of (max 1000)\\n";\nlogpath="/dev/null"; grep -m 1000 -wF "" $logpath | tail -n 1000;\nprintf %b "\\n\nRegards,\\n\nFail2Ban" ) | mail -E \'set escape\' -s "[Fail2Ban] j-mail-whois-lines: banned from " root' Set actionunban = '' Set norestored = True Set name = 'j-mail-whois-lines' Set actname = 'mail-whois-lines' Set greplimit = 'tail -n ' Set grepmax = '1000' Set grepopts = '-m ' Set mailcmd = "mail -E 'set escape' -s" Set dest = 'root' Set logpath = '/dev/null' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` Loading configs for action.d/iptables-new under config Reading configs for action.d/iptables-new under config Reading config files: config/action.d/iptables-new.conf Loading files: ['config/action.d/iptables-new.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-new.conf'] Creating new jail 'j-iptables-new' Jail 'j-iptables-new' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-new')) Created FilterPoll(Jail('j-iptables-new')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "{ -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { -N f2b-j-iptables-new || true; -A f2b-j-iptables-new -j RETURN; }\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { -I INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new\ndone\n -F f2b-j-iptables-new\n -X f2b-j-iptables-new" Set actionflush = ' -F f2b-j-iptables-new' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new\ndone" Set actionban = ' -I f2b-j-iptables-new 1 -s -j ' Set actionunban = ' -D f2b-j-iptables-new -s -j ' Set name = 'j-iptables-new' Set actname = 'iptables-new' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` Loading configs for action.d/nftables under config Reading configs for action.d/nftables under config Reading config files: config/action.d/nftables.conf Loading files: ['config/action.d/nftables.conf'] Creating new jail 'j-nftables' Jail 'j-nftables' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-nftables')) Created FilterPoll(Jail('j-nftables')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "nft add table inet f2b-table\nnft -- add chain inet f2b-table f2b-chain \\{ type filter hook input priority -1 \\; \\}\nnft add set inet f2b-table \\{ type \\; \\}\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\nnft add rule inet f2b-table f2b-chain $proto dport \\{ $(echo 'ssh' | sed s/:/-/g) \\} saddr @ reject\ndone" Set actionstop = "{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \n{ nft list table inet f2b-table | grep -qP '^\\s+set\\s+'; } || {\nnft delete table inet f2b-table\n}" Set actionflush = "{ nft flush set inet f2b-table 2> /dev/null; } || {\n{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@\\s+.*\\s+\\Khandle\\s+(\\d+)$'; } | while read -r hdl; do\nnft delete rule inet f2b-table f2b-chain $hdl; done\nnft delete set inet f2b-table \nnft add set inet f2b-table \\{ type \\; \\}\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\nnft add rule inet f2b-table f2b-chain $proto dport \\{ $(echo 'ssh' | sed s/:/-/g) \\} saddr @ reject\ndone\n}" Set actioncheck = "nft list chain inet f2b-table f2b-chain | grep -q '@[ \\t]'" Set actionban = 'nft add element inet f2b-table \\{ \\}' Set actionunban = 'nft delete element inet f2b-table \\{ \\}' Set name = 'j-nftables' Set actname = 'nftables' Set table = 'f2b-table' Set table_family = 'inet' Set chain = 'f2b-chain' Set chain_type = 'filter' Set chain_hook = 'input' Set chain_priority = '-1' Set addr_type = 'ipv4_addr' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'reject' Set nftables = 'nft' Set addr_set = 'addr-set-' Set addr_family = 'ip' Set addr_family?family=inet6 = 'ip6' Set addr_type?family=inet6 = 'ipv6_addr' Set addr_set?family=inet6 = 'addr6-set-' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-nftables - nftables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` Loading configs for action.d/netscaler under config Reading configs for action.d/netscaler under config Reading config files: config/action.d/netscaler.conf Loading files: ['config/action.d/netscaler.conf'] Loading files: ['config/action.d/netscaler.conf'] Creating new jail 'j-netscaler' Jail 'j-netscaler' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-netscaler')) Created FilterPoll(Jail('j-netscaler')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "curl -kH 'Authorization: Basic ' https:///nitro/v1/config" Set actioncheck = '' Set actionban = 'curl -k -H \'Authorization: Basic \' -X PUT -d \'{"policydataset_value_binding":{"name":"","value":""}}\' https:///nitro/v1/config/' Set actionunban = 'curl -H \'Authorization: Basic \' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:"' Set name = 'j-netscaler' Set actname = 'netscaler' Set ns_host = '' Set ns_auth = '' Set ns_dataset = '' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-nftables - nftables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-netscaler - netscaler == # ================================================== # === start === exec-cmd: `curl -kH 'Authorization: Basic ' https:///nitro/v1/config` # === ban-ipv4 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"192.0.2.1"}}' https:///nitro/v1/config/` # === unban ipv4 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:192.0.2.1"` # === ban ipv6 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"2001:db8::"}}' https:///nitro/v1/config/` # === unban ipv6 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:2001:db8::"` # === stop === Loading configs for action.d/mail-buffered under config Reading configs for action.d/mail-buffered under config Reading config files: config/action.d/mail-buffered.conf Loading files: ['config/action.d/mail-buffered.conf'] Loading files: ['config/action.d/mail-buffered.conf'] Creating new jail 'j-mail-buffered' Jail 'j-mail-buffered' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mail-buffered')) Created FilterPoll(Jail('j-mail-buffered')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Hi,\\n\nThe jail j-mail-buffered has been started successfully.\\n\nOutput will be buffered until 5 lines are available.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: started on " root' Set actionstop = 'if [ -f /var/run/fail2ban/tmp-mail.txt ]; then\nprintf %b "Hi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: Summary from " root\nrm /var/run/fail2ban/tmp-mail.txt\nfi\nprintf %b "Hi,\\n\nThe jail j-mail-buffered has been stopped.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: stopped on " root' Set actioncheck = '' Set actionban = 'printf %b "`date`: ( failures)\\n" >> /var/run/fail2ban/tmp-mail.txt\nLINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk \'{ print $1 }\' )\nif [ $LINE -ge 5 ]; then\nprintf %b "Hi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\n\\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: Summary" root\nrm /var/run/fail2ban/tmp-mail.txt\nfi' Set actionunban = '' Set norestored = True Set name = 'j-mail-buffered' Set actname = 'mail-buffered' Set lines = '5' Set tmpfile = '/var/run/fail2ban/tmp-mail.txt' Set dest = 'root' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-nftables - nftables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-netscaler - netscaler == # ================================================== # === start === exec-cmd: `curl -kH 'Authorization: Basic ' https:///nitro/v1/config` # === ban-ipv4 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"192.0.2.1"}}' https:///nitro/v1/config/` # === unban ipv4 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:192.0.2.1"` # === ban ipv6 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"2001:db8::"}}' https:///nitro/v1/config/` # === unban ipv6 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:2001:db8::"` # === stop === # ================================================== # == j-mail-buffered - mail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary from build-3-17-x86" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: stopped on build-3-17-x86" root` Loading configs for action.d/firewallcmd-rich-rules under config Reading configs for action.d/firewallcmd-rich-rules under config Reading config files: config/action.d/firewallcmd-rich-rules.conf Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-rich-rules.conf'] Creating new jail 'j-firewallcmd-rich-rules' Jail 'j-firewallcmd-rich-rules' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-rich-rules')) Created FilterPoll(Jail('j-firewallcmd-rich-rules')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' reject type=\'\'"; done' Set actionunban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' reject type=\'\'"; done' Set name = 'j-firewallcmd-rich-rules' Set actname = 'firewallcmd-rich-rules' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Creating new jail 'DummyJail' # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-firewallcmd-common - firewallcmd-common == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `` exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-ipfilter - ipfilter == # ================================================== # === start === exec-cmd: `/sbin/ipf -E` # === ban-ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -f -` # === unban ipv4 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 192.0.2.1/32 | /sbin/ipf -r -f -` # === ban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -f -` # === unban ipv6 === exec-cmd: `echo block "return-icmp(port-unr)" in quick from 2001:db8::/32 | /sbin/ipf -r -f -` # === stop === # ================================================== # == j-complain - complain == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="1.2.0.192.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=192.0.2.1` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 192.0.2.1" $ADDRESSES` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `oifs=${IFS};` exec-cmd: `RESOLVER_ADDR="0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.org"` exec-cmd: `if [ "0" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi` exec-cmd: `ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')` exec-cmd: `IFS=,; ADDRESSES=$(echo $ADDRESSES)` exec-cmd: `IFS=${oifs}` exec-cmd: `IP=2001:db8::` exec-cmd: `if [ ! -z "$ADDRESSES" ]; then` exec-cmd: `( printf %b "Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n\n"; date '+Note: Local timezone is %z (%Z)';` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `) | mail -E 'set escape' -s "Abuse from 2001:db8::" $ADDRESSES` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-x86` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-osx-ipfw - osx-ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 192.0.2.1 to me ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 192.0.2.1 to me' | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add "`echo $((RANDOM%2000+10000))`" set 10 unreach port log tcp from 2001:db8:: to me ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw -S list | grep -i 'set 10 unreach port log tcp from 2001:db8:: to me' | awk '{print $1;}'`` # === stop === # ================================================== # == j-firewallcmd-new - firewallcmd-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-new 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-new 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 1:65535 -j f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-new` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-new` # ================================================== # == j-sendmail-whois - sendmail-whois == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: started on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 192.0.2.1 from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: ``whois 192.0.2.1 || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: banned 2001:db8:: from build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: ``whois 2001:db8:: || echo "missing whois program"`\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois: stopped on build-3-17-x86` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-hostsdeny - hostsdeny == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `printf %b "ALL: 192.0.2.1\n" >> /etc/hosts.deny` # === unban ipv4 === exec-cmd: `IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === ban ipv6 === exec-cmd: `printf %b "ALL: [2001:db8::]\n" >> /etc/hosts.deny` # === unban ipv6 === exec-cmd: `IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /etc/hosts.deny` # === stop === # ================================================== # == j-nftables-multiport - nftables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-multiport \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-multiport \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-multiport \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables-multiport reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-multiport \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-multiport\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-multiport` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-shorewall - shorewall == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `shorewall reject 192.0.2.1` # === unban ipv4 === exec-cmd: `shorewall allow 192.0.2.1` # === ban ipv6 === exec-cmd: `shorewall6 reject 2001:db8::` # === unban ipv6 === exec-cmd: `shorewall6 allow 2001:db8::` # === stop === # ================================================== # == j-iptables-ipset-proto4 - iptables-ipset-proto4 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 || ipset --add f2b-j-iptables-ipset-proto4 192.0.2.1` # === unban ipv4 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 192.0.2.1 && ipset --del f2b-j-iptables-ipset-proto4 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset --create f2b-j-iptables-ipset-proto4 iphash` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: || ipset --add f2b-j-iptables-ipset-proto4 2001:db8::` # === unban ipv6 === exec-cmd: `ipset --test f2b-j-iptables-ipset-proto4 2001:db8:: && ipset --del f2b-j-iptables-ipset-proto4 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -m set --match-set f2b-j-iptables-ipset-proto4 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset --flush f2b-j-iptables-ipset-proto4` exec-cmd: `ipset --destroy f2b-j-iptables-ipset-proto4` # ================================================== # == j-mail-whois-common - mail-whois-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-abuseipdb - abuseipdb == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=192.0.2.1" --data "categories="` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `lgm=$(printf '%.1000s\n...' ""); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: " --data-urlencode "comment=$lgm" --data-urlencode "ip=2001:db8::" --data "categories="` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-nftables-allports - nftables-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables-allports \{ type ipv4_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables-allports \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables-allports \{ type ipv6_addr\; \}` exec-cmd: `` exec-cmd: `nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip6 saddr @addr6-set-j-nftables-allports reject` exec-cmd: `` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables-allports \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables-allports\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables-allports` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-ipthreat - ipthreat == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"192.0.2.1\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: " -d "{\"ip\":\"2001:db8::\",\"flags\":\"8\",\"system\":\"j-ipthreat\",\"notes\":\"fail2ban\"}"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-mail - mail == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-multiport - iptables-multiport == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-multiport || true; iptables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-multiport 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-multiport -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-multiport -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-multiport || true; ip6tables -w -A f2b-j-iptables-multiport -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-multiport 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-multiport -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-multiport` exec-cmd: `iptables -w -X f2b-j-iptables-multiport` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -j f2b-j-iptables-multiport` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-multiport` exec-cmd: `ip6tables -w -X f2b-j-iptables-multiport` # ================================================== # == j-blocklist_de - blocklist_de == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=192.0.2.1" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `curl --fail --data-urlencode "server=" --data "apikey=" --data "service=" --data "ip=2001:db8::" --data-urlencode "logs=` exec-cmd: `" --data 'format=text' --user-agent "" "https://www.blocklist.de/en/httpreports.html"` # === unban ipv6 === exec-cmd: `` # === stop === # ================================================== # == j-apf - apf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `apf --deny 192.0.2.1 "banned by Fail2Ban j-apf"` # === unban ipv4 === exec-cmd: `apf --remove 192.0.2.1` # === ban ipv6 === exec-cmd: `apf --deny 2001:db8:: "banned by Fail2Ban j-apf"` # === unban ipv6 === exec-cmd: `apf --remove 2001:db8::` # === stop === # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-nginx-block-map - nginx-block-map == # ================================================== # === start === exec-cmd: `touch '/etc/nginx//blacklisted-sessions.map'` # === ban-ipv4 === exec-cmd: `printf '\%s 1;\n' "192.0.2.1" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv4 === exec-cmd: `id=$(printf '\%s 1;\n' "192.0.2.1" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === ban ipv6 === exec-cmd: `printf '\%s 1;\n' "2001:db8::" >> '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === unban ipv6 === exec-cmd: `id=$(printf '\%s 1;\n' "2001:db8::" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" /etc/nginx//blacklisted-sessions.map; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # === stop === exec-cmd: `truncate -s 0 '/etc/nginx//blacklisted-sessions.map'; [ -f "/run/nginx.pid" ] && nginx -qt; if [ $? -eq 0 ]; then` exec-cmd: `nginx -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;` exec-cmd: `fi;` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-route - route == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ip route add unreachable 192.0.2.1` # === unban ipv4 === exec-cmd: `ip route del unreachable 192.0.2.1` # === ban ipv6 === exec-cmd: `ip route add unreachable 2001:db8::` # === unban ipv6 === exec-cmd: `ip route del unreachable 2001:db8::` # === stop === # ================================================== # == j-mail-whois-lines - mail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 192.0.2.1 from build-3-17-x86" root` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-mail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: banned 2001:db8:: from build-3-17-x86" root` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | mail -E 'set escape' -s "[Fail2Ban] j-mail-whois-lines: stopped on build-3-17-x86" root` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-nftables - nftables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr-set-j-nftables \{ type ipv4_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip saddr @addr-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === unban ipv4 === exec-cmd: `nft delete element inet f2b-table addr-set-j-nftables \{ 192.0.2.1 \}` # === ban ipv6 === exec-cmd: `nft add table inet f2b-table` exec-cmd: `nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}` exec-cmd: `nft add set inet f2b-table addr6-set-j-nftables \{ type ipv6_addr\; \}` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'ssh' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-nftables reject` exec-cmd: `done` exec-cmd: `nft add element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === unban ipv6 === exec-cmd: `nft delete element inet f2b-table addr6-set-j-nftables \{ 2001:db8:: \}` # === stop === exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` exec-cmd: `{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-nftables\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do` exec-cmd: `nft delete rule inet f2b-table f2b-chain $hdl; done` exec-cmd: `nft delete set inet f2b-table addr6-set-j-nftables` exec-cmd: `{ nft list table inet f2b-table | grep -qP '^\s+set\s+'; } || {` exec-cmd: `nft delete table inet f2b-table` exec-cmd: `}` # ================================================== # == j-netscaler - netscaler == # ================================================== # === start === exec-cmd: `curl -kH 'Authorization: Basic ' https:///nitro/v1/config` # === ban-ipv4 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"192.0.2.1"}}' https:///nitro/v1/config/` # === unban ipv4 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:192.0.2.1"` # === ban ipv6 === exec-cmd: `curl -k -H 'Authorization: Basic ' -X PUT -d '{"policydataset_value_binding":{"name":"","value":"2001:db8::"}}' https:///nitro/v1/config/` # === unban ipv6 === exec-cmd: `curl -H 'Authorization: Basic ' -X DELETE -k "https:///nitro/v1/config/policydataset_value_binding/?args=value:2001:db8::"` # === stop === # ================================================== # == j-mail-buffered - mail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: started on build-3-17-x86" root` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary from build-3-17-x86" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: stopped on build-3-17-x86" root` # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === Loading configs for action.d/mynetwatchman under config Reading configs for action.d/mynetwatchman under config Reading config files: config/action.d/mynetwatchman.conf Loading files: ['config/action.d/mynetwatchman.conf'] Loading files: ['config/action.d/mynetwatchman.conf'] Creating new jail 'j-mynetwatchman' Jail 'j-mynetwatchman' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mynetwatchman')) Created FilterPoll(Jail('j-mynetwatchman')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'MNWLOGIN=`perl -e \'$s=shift;$s=~s/([\\W])/"%".uc(sprintf("%2.2x",ord($1)))/eg;print $s\' \'\'`\nMNWPASS=`perl -e \'$s=shift;$s=~s/([\\W])/"%".uc(sprintf("%2.2x",ord($1)))/eg;print $s\' \'\'`\nPROTOCOL=`awk \'{IGNORECASE=1;if($1=="tcp"){print $2;exit}}\' /etc/protocols`\nif [ -z "$PROTOCOL" ]; then PROTOCOL=tcp; fi\nDATETIME=`perl -e \'@t=gmtime(