fail2ban new ip-blacklist

mail if ssh into server

diff --git a/.etckeeper b/.etckeeper
index 69cceca09819fee1ffa349dadcb52a92b22e5d99..cc65508556dd215b82a4addcc66dc78145bdb7c3 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -685,6 +685,7 @@ maybe chmod 0644 'fail2ban/action.d/firewallcmd-rich-logging.conf'
 maybe chmod 0644 'fail2ban/action.d/firewallcmd-rich-rules.conf'
 maybe chmod 0644 'fail2ban/action.d/helpers-common.conf'
 maybe chmod 0644 'fail2ban/action.d/hostsdeny.conf'
+maybe chmod 0644 'fail2ban/action.d/ip-blacklist.conf'
 maybe chmod 0644 'fail2ban/action.d/ipfilter.conf'
 maybe chmod 0644 'fail2ban/action.d/ipfw.conf'
 maybe chmod 0644 'fail2ban/action.d/iptables-allports.conf'
@@ -770,6 +771,7 @@ maybe chmod 0644 'fail2ban/filter.d/haproxy-http-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/horde.conf'
 maybe chmod 0755 'fail2ban/filter.d/ignorecommands'
 maybe chmod 0755 'fail2ban/filter.d/ignorecommands/apache-fakegooglebot'
+maybe chmod 0644 'fail2ban/filter.d/ip-blacklist.conf'
 maybe chmod 0644 'fail2ban/filter.d/kerio.conf'
 maybe chmod 0644 'fail2ban/filter.d/lighttpd-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/mongodb-auth.conf'
@@ -817,8 +819,10 @@ maybe chmod 0644 'fail2ban/filter.d/webmin-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/wuftpd.conf'
 maybe chmod 0644 'fail2ban/filter.d/xinetd-fail.conf'
 maybe chmod 0644 'fail2ban/filter.d/zoneminder.conf'
+maybe chmod 0644 'fail2ban/ip.blacklist'
 maybe chmod 0644 'fail2ban/jail.conf'
 maybe chmod 0755 'fail2ban/jail.d'
+maybe chmod 0644 'fail2ban/jail.d/ip-blacklist.conf'
 maybe chmod 0644 'fail2ban/jail.d/ssh.conf'
 maybe chmod 0644 'fail2ban/paths-arch.conf'
 maybe chmod 0644 'fail2ban/paths-common.conf'
@@ -1459,6 +1463,7 @@ maybe chmod 0755 'profile.d'
 maybe chmod 0644 'profile.d/01-locale-fix.sh'
 maybe chmod 0644 'profile.d/bash_completion.sh'
 maybe chmod 0644 'profile.d/cedilla-portuguese.sh'
+maybe chmod 0644 'profile.d/ssh_mail.sh'
 maybe chmod 0644 'protocols'
 maybe chmod 0755 'python'
 maybe chmod 0644 'python/debian_config'

diff --git a/fail2ban/action.d/ip-blacklist.conf b/fail2ban/action.d/ip-blacklist.conf
new file mode 100644 (file)
index 0000000..2ec3c0a
--- /dev/null
+++ b/fail2ban/action.d/ip-blacklist.conf
@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST> \[.*\]$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =

diff --git a/fail2ban/filter.d/ip-blacklist.conf b/fail2ban/filter.d/ip-blacklist.conf
new file mode 100644 (file)
index 0000000..2ec3c0a
--- /dev/null
+++ b/fail2ban/filter.d/ip-blacklist.conf
@@ -0,0 +1,15 @@
+[Definition]
+
+# Option:  failregex
+# Notes :  Detection of blocked ip addresses.
+# Values:  TEXT
+#
+
+failregex = ^<HOST> \[.*\]$
+
+# Option:  ignoreregex
+# Notes :  Regex to ignore.
+# Values:  TEXT
+#
+
+ignoreregex =

diff --git a/fail2ban/ip.blacklist b/fail2ban/ip.blacklist
new file mode 100644 (file)
index 0000000..645b232
--- /dev/null
+++ b/fail2ban/ip.blacklist
@@ -0,0 +1 @@
+116.31.116.7 [10/11/2018 12:00:00]

diff --git a/fail2ban/jail.d/ip-blacklist.conf b/fail2ban/jail.d/ip-blacklist.conf
new file mode 100644 (file)
index 0000000..62e98b5
--- /dev/null
+++ b/fail2ban/jail.d/ip-blacklist.conf
@@ -0,0 +1,8 @@
+[ip-blacklist]
+enabled   = true
+action    = iptables-allports[name=ip-blacklist]
+filter    = ip-blacklist
+logpath   = /etc/fail2ban/ip.blacklist
+maxretry  = 0
+findtime  = 15552000
+bantime   = -1

diff --git a/profile.d/ssh_mail.sh b/profile.d/ssh_mail.sh
new file mode 100644 (file)
index 0000000..c27047b
--- /dev/null
+++ b/profile.d/ssh_mail.sh
@@ -0,0 +1 @@
+/usr/local/sbin/shell-login.sh | mailx -s "SSH Login auf homeserver" mario@hoellein.online