From 779ccdf27344f7dc9519d1282126caecf32e1979 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 15 Nov 2018 15:05:46 +0100 Subject: [PATCH] fail2ban new ip-blacklist mail if ssh into server --- .etckeeper | 5 +++++ fail2ban/action.d/ip-blacklist.conf | 15 +++++++++++++++ fail2ban/filter.d/ip-blacklist.conf | 15 +++++++++++++++ fail2ban/ip.blacklist | 1 + fail2ban/jail.d/ip-blacklist.conf | 8 ++++++++ profile.d/ssh_mail.sh | 1 + 6 files changed, 45 insertions(+) create mode 100644 fail2ban/action.d/ip-blacklist.conf create mode 100644 fail2ban/filter.d/ip-blacklist.conf create mode 100644 fail2ban/ip.blacklist create mode 100644 fail2ban/jail.d/ip-blacklist.conf create mode 100644 profile.d/ssh_mail.sh diff --git a/.etckeeper b/.etckeeper index 69cceca09..cc6550855 100755 --- a/.etckeeper +++ b/.etckeeper @@ -685,6 +685,7 @@ maybe chmod 0644 'fail2ban/action.d/firewallcmd-rich-logging.conf' maybe chmod 0644 'fail2ban/action.d/firewallcmd-rich-rules.conf' maybe chmod 0644 'fail2ban/action.d/helpers-common.conf' maybe chmod 0644 'fail2ban/action.d/hostsdeny.conf' +maybe chmod 0644 'fail2ban/action.d/ip-blacklist.conf' maybe chmod 0644 'fail2ban/action.d/ipfilter.conf' maybe chmod 0644 'fail2ban/action.d/ipfw.conf' maybe chmod 0644 'fail2ban/action.d/iptables-allports.conf' @@ -770,6 +771,7 @@ maybe chmod 0644 'fail2ban/filter.d/haproxy-http-auth.conf' maybe chmod 0644 'fail2ban/filter.d/horde.conf' maybe chmod 0755 'fail2ban/filter.d/ignorecommands' maybe chmod 0755 'fail2ban/filter.d/ignorecommands/apache-fakegooglebot' +maybe chmod 0644 'fail2ban/filter.d/ip-blacklist.conf' maybe chmod 0644 'fail2ban/filter.d/kerio.conf' maybe chmod 0644 'fail2ban/filter.d/lighttpd-auth.conf' maybe chmod 0644 'fail2ban/filter.d/mongodb-auth.conf' @@ -817,8 +819,10 @@ maybe chmod 0644 'fail2ban/filter.d/webmin-auth.conf' maybe chmod 0644 'fail2ban/filter.d/wuftpd.conf' maybe chmod 0644 'fail2ban/filter.d/xinetd-fail.conf' maybe chmod 0644 'fail2ban/filter.d/zoneminder.conf' +maybe chmod 0644 'fail2ban/ip.blacklist' maybe chmod 0644 'fail2ban/jail.conf' maybe chmod 0755 'fail2ban/jail.d' +maybe chmod 0644 'fail2ban/jail.d/ip-blacklist.conf' maybe chmod 0644 'fail2ban/jail.d/ssh.conf' maybe chmod 0644 'fail2ban/paths-arch.conf' maybe chmod 0644 'fail2ban/paths-common.conf' @@ -1459,6 +1463,7 @@ maybe chmod 0755 'profile.d' maybe chmod 0644 'profile.d/01-locale-fix.sh' maybe chmod 0644 'profile.d/bash_completion.sh' maybe chmod 0644 'profile.d/cedilla-portuguese.sh' +maybe chmod 0644 'profile.d/ssh_mail.sh' maybe chmod 0644 'protocols' maybe chmod 0755 'python' maybe chmod 0644 'python/debian_config' diff --git a/fail2ban/action.d/ip-blacklist.conf b/fail2ban/action.d/ip-blacklist.conf new file mode 100644 index 000000000..2ec3c0a09 --- /dev/null +++ b/fail2ban/action.d/ip-blacklist.conf @@ -0,0 +1,15 @@ +[Definition] + +# Option: failregex +# Notes : Detection of blocked ip addresses. +# Values: TEXT +# + +failregex = ^ \[.*\]$ + +# Option: ignoreregex +# Notes : Regex to ignore. +# Values: TEXT +# + +ignoreregex = diff --git a/fail2ban/filter.d/ip-blacklist.conf b/fail2ban/filter.d/ip-blacklist.conf new file mode 100644 index 000000000..2ec3c0a09 --- /dev/null +++ b/fail2ban/filter.d/ip-blacklist.conf @@ -0,0 +1,15 @@ +[Definition] + +# Option: failregex +# Notes : Detection of blocked ip addresses. +# Values: TEXT +# + +failregex = ^ \[.*\]$ + +# Option: ignoreregex +# Notes : Regex to ignore. +# Values: TEXT +# + +ignoreregex = diff --git a/fail2ban/ip.blacklist b/fail2ban/ip.blacklist new file mode 100644 index 000000000..645b232a9 --- /dev/null +++ b/fail2ban/ip.blacklist @@ -0,0 +1 @@ +116.31.116.7 [10/11/2018 12:00:00] diff --git a/fail2ban/jail.d/ip-blacklist.conf b/fail2ban/jail.d/ip-blacklist.conf new file mode 100644 index 000000000..62e98b5df --- /dev/null +++ b/fail2ban/jail.d/ip-blacklist.conf @@ -0,0 +1,8 @@ +[ip-blacklist] +enabled = true +action = iptables-allports[name=ip-blacklist] +filter = ip-blacklist +logpath = /etc/fail2ban/ip.blacklist +maxretry = 0 +findtime = 15552000 +bantime = -1 diff --git a/profile.d/ssh_mail.sh b/profile.d/ssh_mail.sh new file mode 100644 index 000000000..c27047b3f --- /dev/null +++ b/profile.d/ssh_mail.sh @@ -0,0 +1 @@ +/usr/local/sbin/shell-login.sh | mailx -s "SSH Login auf homeserver" mario@hoellein.online -- 2.43.0