Re: [Fail2ban-users] Possible Reporting to badips.com and blocklist.de at same time?

Thu, 26 Oct 2017 04:16:45 -0700 

Hi Yehuda and everyone else.

I finally got this working and this is how, thanks to Yehuda for pointing me in 
the right direction and also to another post I found somewhere while googling 
this morning. I now have all 6 servers of mine carrying out all 3 actions on 
each jail.

First do NOT use the method recommend in the jail.local comments to create the 
file `jail.d/blocklist_de.local` it does not work.

Manually modify this line below in your jail.local as follows

action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, 
apikey="xxxxxxxxx"]

Where xxxxxxxxx is your actual API Key. Simply the API key string they issued 
you when you added your server without any curly or square brackets.

Then in your jail(s) do the following, this example of mine shows how to make 
one jail use 3 actions, sending the notification to me, reporting it to 
badips.com and reporting it to blocklist.de

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.*
maxretry = 6
action = %(action_mwl)s
              badips[category="sshd", key="my-api-key-for-bad-ips-dot-com"]
              blocklist_de

Restart Fail2ban and all actions will work.

You can also configure it like this if you want.

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.*
maxretry = 6
action = %(action_mwl)s
              badips[category="sshd", key="my-api-key-for-badips-dot-com"]
              blocklist_de[email="%(sender)s", service=%(filter)s, 
apikey="my-api-key"]


and if you have a custom blacklist filter like my permaban/blacklist filter 
here > 
https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning
  you can customize it as follows:

[blacklist]
enabled = true
logpath  = /var/log/fail2ban.*
filter = blacklist
banaction = blacklist
action = %(action_mwl)s
              badips[category="badbots", key="my-api-key-for-bad-ips-dot-com"]
              blocklist_de[email="%(sender)s", service=badbots, 
apikey="my-api-key"]
bantime  = 31536000   ; 1 year
findtime = 31536000   ; 1 year
maxretry = 10


I hope this helps somebody.




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to