Fail2ban Vuurmuur

From MS Computech
Jump to: navigation, search

Fail2ban + Vuurmuur 

apt-get install fail2ban
nano /etc/fail2ban/action.d/vuurmuur.conf
# Author: Nick Shobe
#
 
[Definition]
 
# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
# Create a zone in vuurmuur called fail2ban... this script will add the "<name>" network and all the hosts... you can use a custom rule in vuurmuur to block ports by network
# You can make multiple rules that block specific ports if you don't want to globally block an ip... Do this like any customized rules.
actionstart = vuurmuur_script --create --network <name>.fail2ban
       vuurmuur_script --modify --network <name>.fail2ban --variable ACTIVE --set Yes
       vuurmuur_script --modify --network <name>.fail2ban --variable NETWORK --set 0.0.0.0
       vuurmuur_script --modify --network <name>.fail2ban --variable NETMASK --set 0.0.0.0
       append=''
       for int in `vuurmuur_script --list --interface all`; do vuurmuur_script --modify --network <name>.fail2ban $append --variable INTERFACE --set $int ; append='--append' ; done
       vuurmuur_script --create --group <group>.<name>.fail2ban
       vuurmuur_script --modify --group <group>.<name>.fail2ban --variable ACTIVE --set Yes
 
# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = for group in `vuurmuur_script --list --group <name>.fail2ban`; do vuurmuur_script --delete --group $group; done
       for host in `vuurmuur_script --list --host <name>.fail2ban`; do vuurmuur_script --delete --host $host; done
       vuurmuur_script --delete --network <name>.fail2ban
       vuurmuur_script --create --network <name>.fail2ban
               vuurmuur_script --modify --network <name>.fail2ban --variable ACTIVE --set Yes
               vuurmuur_script --modify --network <name>.fail2ban --variable NETWORK --set 0.0.0.0
               vuurmuur_script --modify --network <name>.fail2ban --variable NETMASK --set 0.0.0.0
               append=''
               for int in `vuurmuur_script --list --interface all`; do vuurmuur_script --modify --network <name>.fail2ban $append --variable INTERFACE --set $int ; append='--append' ; done
       vuurmuur_script --create --group <group>.<name>.fail2ban
               vuurmuur_script --modify --group <group>.<name>.fail2ban --variable ACTIVE --set Yes
       vuurmuur_script --reload
     
# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = vuurmuur_script --list --host <name>.fail2ban | tr '-' '.'
 
# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban =     vuurmuur_script --create --host `echo <ip> | tr '.' "-"`.<name>.fail2ban
       vuurmuur_script --modify --host `echo <ip> | tr '.' "-"`.<name>.fail2ban --variable IPADDRESS --set <ip>
       vuurmuur_script --modify --host `echo <ip> | tr '.' "-"`.<name>.fail2ban --variable ACTIVE --set Yes
       append=''
       for x in `vuurmuur_script --print --group <name>.fail2ban --variable MEMBER`; do append='--append'; done
       vuurmuur_script --modify --apply --group <group>.<name>.fail2ban $append --variable MEMBER --set `echo <ip> | tr '.' '-'`
       vuurmuur_script --reload
 
# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
# If you want to keep known bad ip's around for review and moving to a perm ban list... use "--modify --variable ACTIVE --set No" instead of --delete You may need to change the way hosts are added to account for repeats.
# this script prints all of the current group members, deletes and recreates the group... without the member to be removed.
actionunban =     vuurmuur_script --delete --host `echo <ip> | tr '.' "-"`.<name>.fail2ban
               append='d'
               for member in `vuurmuur_script --print --group <group>.<name>.fail2ban --variable MEMBER`;
               do if [ $append != '--append' ];then
                       vuurmuur_script --delete --group <group>.<name>.fail2ban;
                       vuurmuur_script --create --group <group>.<name>.fail2ban;
                       vuurmuur_script --modify --group <group>.<name>.fail2ban --variable ACTIVE --set Yes;
               fi;
               tmp=`echo $member|grep -E -o "[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}"`;
               if [ -z "$tmp" ]
               then
                       tmp='d';
               fi
               if [ $tmp != `echo <ip> | tr '.' "-"` ];
                       then vuurmuur_script --modify --group <group>.<name>.fail2ban $append --variable MEMBER --set $member;
               fi;
               if [ $append != '--append' ];
               then append='--append';
               fi;
               done
               vuurmuur_script --reload
 
[Init]
 
# Defaut name of the chain
#
name = block
 
group = blockedhosts

source

Retrieved from "https://msc.siamtools.com/wiki/index.php?title=Fail2ban_Vuurmuur&oldid=1369"