>>> fail2ban: Building main/fail2ban 1.0.2-r0 (using abuild 3.10.0_rc1-r2) started Thu, 10 Nov 2022 10:49:14 +0000 >>> fail2ban: Checking sanity of /home/buildozer/aports/main/fail2ban/APKBUILD... >>> fail2ban: Analyzing dependencies... >>> fail2ban: Installing for build: build-base python3 iptables ip6tables logrotate python3-dev py3-setuptools bash (1/14) Installing libmnl (1.0.5-r0) (2/14) Installing libnftnl (1.2.3-r0) (3/14) Installing iptables (1.8.8-r2) (4/14) Installing ip6tables (1.8.8-r2) (5/14) Installing logrotate (3.20.1-r3) (6/14) Installing python3-dev (3.10.8-r3) (7/14) Installing py3-parsing (3.0.9-r0) (8/14) Installing py3-packaging (21.3-r2) (9/14) Installing py3-setuptools (65.5.1-r0) (10/14) Installing bash (5.2.9-r0) Executing bash-5.2.9-r0.post-install (11/14) Installing .makedepends-fail2ban (20221110.104914) (12/14) Installing logrotate-openrc (3.20.1-r3) (13/14) Installing iptables-openrc (1.8.8-r2) (14/14) Installing ip6tables-openrc (1.8.8-r2) Executing busybox-1.35.0-r27.trigger OK: 405 MiB in 115 packages >>> fail2ban: Cleaning up srcdir >>> fail2ban: Cleaning up pkgdir >>> fail2ban: Fetching https://distfiles.alpinelinux.org/distfiles/v3.17/fail2ban-1.0.2.tar.gz >>> fail2ban: Fetching https://distfiles.alpinelinux.org/distfiles/v3.17/fail2ban-1.0.2.tar.gz >>> fail2ban: Checking sha512sums... fail2ban-1.0.2.tar.gz: OK fail2ban.initd: OK fail2ban.confd: OK fail2ban.logrotate: OK alpine-ssh.jaild: OK alpine-sshd.filterd: OK alpine-sshd-ddos.filterd: OK >>> fail2ban: Unpacking /var/cache/distfiles/v3.17/fail2ban-1.0.2.tar.gz... RefactoringTool: Skipping optional fixer: buffer RefactoringTool: Skipping optional fixer: idioms RefactoringTool: Skipping optional fixer: set_literal RefactoringTool: Skipping optional fixer: ws_comma RefactoringTool: No changes to bin/fail2ban-client RefactoringTool: No changes to bin/fail2ban-regex RefactoringTool: No changes to bin/fail2ban-server RefactoringTool: No changes to bin/fail2ban-testcases RefactoringTool: No changes to fail2ban/__init__.py RefactoringTool: No changes to fail2ban/exceptions.py RefactoringTool: Refactored fail2ban/helpers.py RefactoringTool: No changes to fail2ban/protocol.py RefactoringTool: No changes to fail2ban/setup.py RefactoringTool: No changes to fail2ban/version.py RefactoringTool: No changes to fail2ban/client/__init__.py RefactoringTool: Refactored fail2ban/client/actionreader.py RefactoringTool: No changes to fail2ban/client/beautifier.py RefactoringTool: Refactored fail2ban/client/configparserinc.py RefactoringTool: Refactored fail2ban/client/configreader.py RefactoringTool: No changes to fail2ban/client/configurator.py RefactoringTool: Refactored fail2ban/client/csocket.py RefactoringTool: Refactored fail2ban/client/fail2banclient.py RefactoringTool: No changes to fail2ban/client/fail2bancmdline.py RefactoringTool: No changes to fail2ban/client/fail2banreader.py RefactoringTool: Refactored fail2ban/client/fail2banregex.py RefactoringTool: No changes to fail2ban/client/fail2banserver.py RefactoringTool: Refactored fail2ban/client/filterreader.py RefactoringTool: Refactored fail2ban/client/jailreader.py RefactoringTool: No changes to fail2ban/client/jailsreader.py RefactoringTool: No changes to fail2ban/server/__init__.py RefactoringTool: Refactored fail2ban/server/action.py RefactoringTool: Refactored fail2ban/server/actions.py RefactoringTool: Refactored fail2ban/server/asyncserver.py RefactoringTool: Refactored fail2ban/server/banmanager.py RefactoringTool: Refactored fail2ban/server/database.py RefactoringTool: No changes to fail2ban/server/datedetector.py RefactoringTool: No changes to fail2ban/server/datetemplate.py RefactoringTool: Refactored fail2ban/server/failmanager.py RefactoringTool: Refactored fail2ban/server/failregex.py RefactoringTool: Refactored fail2ban/server/filter.py RefactoringTool: No changes to fail2ban/server/filtergamin.py RefactoringTool: Refactored fail2ban/server/filterpoll.py RefactoringTool: Refactored fail2ban/server/filterpyinotify.py RefactoringTool: Refactored fail2ban/server/filtersystemd.py RefactoringTool: Refactored fail2ban/server/ipdns.py RefactoringTool: Refactored fail2ban/server/jail.py RefactoringTool: No changes to fail2ban/server/jails.py RefactoringTool: No changes to fail2ban/server/jailthread.py RefactoringTool: Refactored fail2ban/server/mytime.py RefactoringTool: No changes to fail2ban/server/observer.py RefactoringTool: Refactored fail2ban/server/server.py RefactoringTool: Refactored fail2ban/server/strptime.py RefactoringTool: Refactored fail2ban/server/ticket.py RefactoringTool: Refactored fail2ban/server/transmitter.py RefactoringTool: Refactored fail2ban/server/utils.py RefactoringTool: No changes to fail2ban/tests/__init__.py RefactoringTool: No changes to fail2ban/tests/actionstestcase.py RefactoringTool: Refactored fail2ban/tests/actiontestcase.py RefactoringTool: Refactored fail2ban/tests/banmanagertestcase.py RefactoringTool: No changes to fail2ban/tests/clientbeautifiertestcase.py RefactoringTool: Refactored fail2ban/tests/clientreadertestcase.py RefactoringTool: Refactored fail2ban/tests/databasetestcase.py RefactoringTool: Refactored fail2ban/tests/datedetectortestcase.py RefactoringTool: No changes to fail2ban/tests/dummyjail.py RefactoringTool: Refactored fail2ban/tests/fail2banclienttestcase.py RefactoringTool: Refactored fail2ban/tests/fail2banregextestcase.py RefactoringTool: Refactored fail2ban/tests/failmanagertestcase.py RefactoringTool: Refactored fail2ban/tests/filtertestcase.py RefactoringTool: Refactored fail2ban/tests/misctestcase.py RefactoringTool: Refactored fail2ban/tests/observertestcase.py RefactoringTool: Refactored fail2ban/tests/samplestestcase.py RefactoringTool: Refactored fail2ban/tests/servertestcase.py RefactoringTool: Refactored fail2ban/tests/sockettestcase.py RefactoringTool: No changes to fail2ban/tests/tickettestcase.py RefactoringTool: Refactored fail2ban/tests/utils.py RefactoringTool: No changes to fail2ban/tests/action_d/__init__.py RefactoringTool: No changes to fail2ban/tests/action_d/test_smtp.py RefactoringTool: No changes to fail2ban/tests/files/ignorecommand.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_checkainfo.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_errors.py RefactoringTool: No changes to fail2ban/tests/files/action.d/action_modifyainfo.py RefactoringTool: Refactored fail2ban/tests/files/config/apache-auth/digest.py RefactoringTool: Files that were modified: RefactoringTool: bin/fail2ban-client RefactoringTool: bin/fail2ban-regex RefactoringTool: bin/fail2ban-server RefactoringTool: bin/fail2ban-testcases RefactoringTool: fail2ban/__init__.py RefactoringTool: fail2ban/exceptions.py RefactoringTool: fail2ban/helpers.py RefactoringTool: fail2ban/protocol.py RefactoringTool: fail2ban/setup.py RefactoringTool: fail2ban/version.py RefactoringTool: fail2ban/client/__init__.py RefactoringTool: fail2ban/client/actionreader.py RefactoringTool: fail2ban/client/beautifier.py RefactoringTool: fail2ban/client/configparserinc.py RefactoringTool: fail2ban/client/configreader.py RefactoringTool: fail2ban/client/configurator.py RefactoringTool: fail2ban/client/csocket.py RefactoringTool: fail2ban/client/fail2banclient.py RefactoringTool: fail2ban/client/fail2bancmdline.py RefactoringTool: fail2ban/client/fail2banreader.py RefactoringTool: fail2ban/client/fail2banregex.py RefactoringTool: fail2ban/client/fail2banserver.py RefactoringTool: fail2ban/client/filterreader.py RefactoringTool: fail2ban/client/jailreader.py RefactoringTool: fail2ban/client/jailsreader.py RefactoringTool: fail2ban/server/__init__.py RefactoringTool: fail2ban/server/action.py RefactoringTool: fail2ban/server/actions.py RefactoringTool: fail2ban/server/asyncserver.py RefactoringTool: fail2ban/server/banmanager.py RefactoringTool: fail2ban/server/database.py RefactoringTool: fail2ban/server/datedetector.py RefactoringTool: fail2ban/server/datetemplate.py RefactoringTool: fail2ban/server/failmanager.py RefactoringTool: fail2ban/server/failregex.py RefactoringTool: fail2ban/server/filter.py RefactoringTool: fail2ban/server/filtergamin.py RefactoringTool: fail2ban/server/filterpoll.py RefactoringTool: fail2ban/server/filterpyinotify.py RefactoringTool: fail2ban/server/filtersystemd.py RefactoringTool: fail2ban/server/ipdns.py RefactoringTool: fail2ban/server/jail.py RefactoringTool: fail2ban/server/jails.py RefactoringTool: fail2ban/server/jailthread.py RefactoringTool: fail2ban/server/mytime.py RefactoringTool: fail2ban/server/observer.py RefactoringTool: fail2ban/server/server.py RefactoringTool: fail2ban/server/strptime.py RefactoringTool: fail2ban/server/ticket.py RefactoringTool: fail2ban/server/transmitter.py RefactoringTool: fail2ban/server/utils.py RefactoringTool: fail2ban/tests/__init__.py RefactoringTool: fail2ban/tests/actionstestcase.py RefactoringTool: fail2ban/tests/actiontestcase.py RefactoringTool: fail2ban/tests/banmanagertestcase.py RefactoringTool: fail2ban/tests/clientbeautifiertestcase.py RefactoringTool: fail2ban/tests/clientreadertestcase.py RefactoringTool: fail2ban/tests/databasetestcase.py RefactoringTool: fail2ban/tests/datedetectortestcase.py RefactoringTool: fail2ban/tests/dummyjail.py RefactoringTool: fail2ban/tests/fail2banclienttestcase.py RefactoringTool: fail2ban/tests/fail2banregextestcase.py RefactoringTool: fail2ban/tests/failmanagertestcase.py RefactoringTool: fail2ban/tests/filtertestcase.py RefactoringTool: fail2ban/tests/misctestcase.py RefactoringTool: fail2ban/tests/observertestcase.py RefactoringTool: fail2ban/tests/samplestestcase.py RefactoringTool: fail2ban/tests/servertestcase.py RefactoringTool: fail2ban/tests/sockettestcase.py RefactoringTool: fail2ban/tests/tickettestcase.py RefactoringTool: fail2ban/tests/utils.py RefactoringTool: fail2ban/tests/action_d/__init__.py RefactoringTool: fail2ban/tests/action_d/test_smtp.py RefactoringTool: fail2ban/tests/files/ignorecommand.py RefactoringTool: fail2ban/tests/files/action.d/action.py RefactoringTool: fail2ban/tests/files/action.d/action_checkainfo.py RefactoringTool: fail2ban/tests/files/action.d/action_errors.py RefactoringTool: fail2ban/tests/files/action.d/action_modifyainfo.py RefactoringTool: fail2ban/tests/files/config/apache-auth/digest.py Success! running build running build_py creating build creating build/lib creating build/lib/fail2ban copying fail2ban/setup.py -> build/lib/fail2ban copying fail2ban/helpers.py -> build/lib/fail2ban copying fail2ban/protocol.py -> build/lib/fail2ban copying fail2ban/__init__.py -> build/lib/fail2ban copying fail2ban/exceptions.py -> build/lib/fail2ban copying fail2ban/version.py -> build/lib/fail2ban creating build/lib/fail2ban/client copying fail2ban/client/jailreader.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banclient.py -> build/lib/fail2ban/client copying fail2ban/client/jailsreader.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banregex.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banserver.py -> build/lib/fail2ban/client copying fail2ban/client/configurator.py -> build/lib/fail2ban/client copying fail2ban/client/actionreader.py -> build/lib/fail2ban/client copying fail2ban/client/configparserinc.py -> build/lib/fail2ban/client copying fail2ban/client/filterreader.py -> build/lib/fail2ban/client copying fail2ban/client/fail2banreader.py -> build/lib/fail2ban/client copying fail2ban/client/__init__.py -> build/lib/fail2ban/client copying fail2ban/client/csocket.py -> build/lib/fail2ban/client copying fail2ban/client/fail2bancmdline.py -> build/lib/fail2ban/client copying fail2ban/client/beautifier.py -> build/lib/fail2ban/client copying fail2ban/client/configreader.py -> build/lib/fail2ban/client creating build/lib/fail2ban/server copying fail2ban/server/mytime.py -> build/lib/fail2ban/server copying fail2ban/server/datetemplate.py -> build/lib/fail2ban/server copying fail2ban/server/banmanager.py -> build/lib/fail2ban/server copying fail2ban/server/strptime.py -> build/lib/fail2ban/server copying fail2ban/server/action.py -> build/lib/fail2ban/server copying fail2ban/server/failmanager.py -> build/lib/fail2ban/server copying fail2ban/server/filtersystemd.py -> build/lib/fail2ban/server copying fail2ban/server/utils.py -> build/lib/fail2ban/server copying fail2ban/server/asyncserver.py -> build/lib/fail2ban/server copying fail2ban/server/filterpyinotify.py -> build/lib/fail2ban/server copying fail2ban/server/filterpoll.py -> build/lib/fail2ban/server copying fail2ban/server/observer.py -> build/lib/fail2ban/server copying fail2ban/server/ticket.py -> build/lib/fail2ban/server copying fail2ban/server/filter.py -> build/lib/fail2ban/server copying fail2ban/server/failregex.py -> build/lib/fail2ban/server copying fail2ban/server/transmitter.py -> build/lib/fail2ban/server copying fail2ban/server/ipdns.py -> build/lib/fail2ban/server copying fail2ban/server/jail.py -> build/lib/fail2ban/server copying fail2ban/server/filtergamin.py -> build/lib/fail2ban/server copying fail2ban/server/__init__.py -> build/lib/fail2ban/server copying fail2ban/server/actions.py -> build/lib/fail2ban/server copying fail2ban/server/database.py -> build/lib/fail2ban/server copying fail2ban/server/server.py -> build/lib/fail2ban/server copying fail2ban/server/jailthread.py -> build/lib/fail2ban/server copying fail2ban/server/jails.py -> build/lib/fail2ban/server copying fail2ban/server/datedetector.py -> build/lib/fail2ban/server creating build/lib/fail2ban/tests copying fail2ban/tests/dummyjail.py -> build/lib/fail2ban/tests copying fail2ban/tests/banmanagertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/clientbeautifiertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/utils.py -> build/lib/fail2ban/tests copying fail2ban/tests/sockettestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/actiontestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/misctestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/databasetestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/servertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/observertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/__init__.py -> build/lib/fail2ban/tests copying fail2ban/tests/fail2banclienttestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/actionstestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/tickettestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/fail2banregextestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/failmanagertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/datedetectortestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/clientreadertestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/samplestestcase.py -> build/lib/fail2ban/tests copying fail2ban/tests/filtertestcase.py -> build/lib/fail2ban/tests creating build/lib/fail2ban/tests/action_d copying fail2ban/tests/action_d/test_smtp.py -> build/lib/fail2ban/tests/action_d copying fail2ban/tests/action_d/__init__.py -> build/lib/fail2ban/tests/action_d creating build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase03.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase02.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/database_v2.db -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/zzz-sshd-obsolete-multiline.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-journal.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-usedns.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-wrong-char.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/database_v1.db -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/ignorecommand.py -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase04.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase-multiline.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase01.log -> build/lib/fail2ban/tests/files copying fail2ban/tests/files/testcase01a.log -> build/lib/fail2ban/tests/files creating build/lib/fail2ban/tests/files/config creating build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/digest.py.bak -> build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/digest.py -> build/lib/fail2ban/tests/files/config/apache-auth copying fail2ban/tests/files/config/apache-auth/README -> build/lib/fail2ban/tests/files/config/apache-auth creating build/lib/fail2ban/tests/files/config/apache-auth/noentry copying fail2ban/tests/files/config/apache-auth/noentry/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/noentry creating build/lib/fail2ban/tests/files/config/apache-auth/digest_time copying fail2ban/tests/files/config/apache-auth/digest_time/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_time copying fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_time creating build/lib/fail2ban/tests/files/config/apache-auth/digest copying fail2ban/tests/files/config/apache-auth/digest/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest copying fail2ban/tests/files/config/apache-auth/digest/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest creating build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm copying fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm copying fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_wrongrelm creating build/lib/fail2ban/tests/files/config/apache-auth/digest_anon copying fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/digest_anon copying fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/digest_anon creating build/lib/fail2ban/tests/files/config/apache-auth/basic creating build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner copying fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/basic/authz_owner creating build/lib/fail2ban/tests/files/config/apache-auth/basic/file copying fail2ban/tests/files/config/apache-auth/basic/file/.htaccess -> build/lib/fail2ban/tests/files/config/apache-auth/basic/file copying fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd -> build/lib/fail2ban/tests/files/config/apache-auth/basic/file creating build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/scanlogd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nagios -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/grafana -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sogo-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-shellshock -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-pass -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/squid -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/wuftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/portsentry -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/haproxy-http-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/screensharingd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/suhosin -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zoneminder -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/assp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/traefik-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/cyrus-imap -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/perdition -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-limit-req -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-modsecurity -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-noscript -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mongodb-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mysqld-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-http-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/solid-pop3d -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/tine20 -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-overflows -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/guacamole -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/froxlor-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/webmin-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-fakegooglebot -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sieve -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/asterisk -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/monitorix -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/stunnel -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sendmail-reject -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/lighttpd-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/monit -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/xinetd-fail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/ejabberd-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/openwebmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/vsftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/kerio -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/postfix -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/dovecot -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/bitwarden -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/recidive -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/gitlab -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-nohome -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/counter-strike -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sshd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/softethervpn -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/oracleims -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/selinux-ssh -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/named-refused -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/freeswitch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/drupal-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-badbots -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/directadmin -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-bad-request -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/slapd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sendmail-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/pam-generic -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/murmur -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/mssql-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/uwimap-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/sshd-journal -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/exim-spam -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/znc-adminlog -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/horde -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/php-url-fopen -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zzz-sshd-obsolete-multiline -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/pure-ftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/dropbear -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/3proxy -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/qmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/gssftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/exim -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/squirrelmail -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/zzz-generic-example -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/domino-smtp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/centreon -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/courier-smtp -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/roundcube-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/groupoffice -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/phpmyadmin-syslog -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/apache-botsearch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/openhab -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nginx-botsearch -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/proftpd -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/courier-auth -> build/lib/fail2ban/tests/files/logs copying fail2ban/tests/files/logs/nsd -> build/lib/fail2ban/tests/files/logs creating build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-plain.txt -> build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-v.txt -> build/lib/fail2ban/tests/files/logs/bsd copying fail2ban/tests/files/logs/bsd/syslog-vv.txt -> build/lib/fail2ban/tests/files/logs/bsd creating build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_checkainfo.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_errors.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_noAction.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_nomethod.py -> build/lib/fail2ban/tests/files/action.d copying fail2ban/tests/files/action.d/action_modifyainfo.py -> build/lib/fail2ban/tests/files/action.d creating build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase02.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase-common.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase02.local -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/substition.conf -> build/lib/fail2ban/tests/files/filter.d copying fail2ban/tests/files/filter.d/testcase01.conf -> build/lib/fail2ban/tests/files/filter.d creating build/lib/fail2ban/tests/config copying fail2ban/tests/config/fail2ban.conf -> build/lib/fail2ban/tests/config copying fail2ban/tests/config/jail.conf -> build/lib/fail2ban/tests/config creating build/lib/fail2ban/tests/config/action.d copying fail2ban/tests/config/action.d/brokenaction.conf -> build/lib/fail2ban/tests/config/action.d copying fail2ban/tests/config/action.d/action.conf -> build/lib/fail2ban/tests/config/action.d creating build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/test.local -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/zzz-generic-example.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/simple.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/checklogtype_test.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/test.conf -> build/lib/fail2ban/tests/config/filter.d copying fail2ban/tests/config/filter.d/checklogtype.conf -> build/lib/fail2ban/tests/config/filter.d running build_scripts creating build/scripts-3.10 copying and adjusting bin/fail2ban-client -> build/scripts-3.10 copying and adjusting bin/fail2ban-server -> build/scripts-3.10 copying and adjusting bin/fail2ban-regex -> build/scripts-3.10 copying and adjusting bin/fail2ban-testcases -> build/scripts-3.10 changing mode of build/scripts-3.10/fail2ban-client from 644 to 755 changing mode of build/scripts-3.10/fail2ban-server from 644 to 755 changing mode of build/scripts-3.10/fail2ban-regex from 644 to 755 changing mode of build/scripts-3.10/fail2ban-testcases from 644 to 755 running test WARNING: Testing via this command is deprecated and will be removed in a future version. Users looking for a generic test entry point independent of test runner are encouraged to use tox. running egg_info creating fail2ban.egg-info writing fail2ban.egg-info/PKG-INFO writing dependency_links to fail2ban.egg-info/dependency_links.txt writing top-level names to fail2ban.egg-info/top_level.txt writing manifest file 'fail2ban.egg-info/SOURCES.txt' /usr/lib/python3.10/site-packages/setuptools/command/egg_info.py:643: SetuptoolsDeprecationWarning: Custom 'build_py' does not implement 'get_data_files_without_manifest'. Please extend command classes from setuptools instead of distutils. warnings.warn( reading manifest file 'fail2ban.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' adding license file 'COPYING' writing manifest file 'fail2ban.egg-info/SOURCES.txt' running build_ext testAction (fail2ban.tests.servertestcase.Transmitter) ... Fail2ban 1.0.2 test suite. Python 3.10.8 (main, Oct 26 2022, 16:58:21) [GCC 12.2.1 20220924]. Please wait... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'Action Start' Set actionstop = 'Action Stop' Set actioncheck = 'Action Check' Set actionban = 'Action Ban' Set actionunban = 'Action Unban' Set KEY = 'VALUE' Command ['get', 'TestJail1', 'action', 'TestCaseAction', 'InvalidKey'] has failed. Received AttributeError("'CommandAction' object has no attribute 'InvalidKey'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 144, in __commandHandler return self.__commandGet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 496, in __commandGet return getattr(action, actionvalue) AttributeError: 'CommandAction' object has no attribute 'InvalidKey' Set timeout = 10 Command ['set', 'TestJail1', 'delaction', "Doesn't exist"] has failed. Received KeyError("Invalid Action name: Doesn't exist") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/actions.py", line 180, in __delitem__ del self._actions[name] KeyError: "Doesn't exist" During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 382, in __commandSet self.__server.delAction(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 522, in delAction del self.__jails[name].actions[value] File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/actions.py", line 182, in __delitem__ raise KeyError("Invalid Action name: %s" % name) KeyError: "Invalid Action name: Doesn't exist" Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testAddJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail3' Backend 'pyinotify' failed to initialize due to No module named 'pyinotify' Backend 'gamin' failed to initialize due to No module named 'gamin' Jail 'TestJail3' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail3')) Created FilterPoll(Jail('TestJail3')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail4' Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto' Command ['add', 'TestJail4', 'invalid backend'] has failed. Received ValueError("Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 84, in __commandHandler self.__server.addJail(name, backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 258, in addJail self.__jails.add(name, backend, self.__db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jails.py", line 73, in add self._jails[name] = Jail(name, backend, db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 85, in __init__ self._setBackend(backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 101, in _setBackend raise ValueError("Unknown backend %s. Must be among %s or 'auto'" ValueError: Unknown backend invalid backend. Must be among ['pyinotify', 'gamin', 'polling', 'systemd'] or 'auto' Creating new jail 'TestJail4' Backend 'pyinotify' failed to initialize due to No module named 'pyinotify' Backend 'gamin' failed to initialize due to No module named 'gamin' Jail 'TestJail4' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail4')) Created FilterPoll(Jail('TestJail4')) Created FilterPoll Initiated 'polling' backend Command ['add', 'TestJail1', 'polling'] has failed. Received NameError("name 'noduplicates' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 84, in __commandHandler self.__server.addJail(name, backend) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 258, in addJail self.__jails.add(name, backend, self.__db) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jails.py", line 70, in add if noduplicates: NameError: name 'noduplicates' is not defined Command ['add', '--all', 'polling'] has failed. Received Exception("Reserved name '--all'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 79, in __commandHandler raise Exception("Reserved name %r" % (name,)) Exception: Reserved name '--all' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Jail 'TestJail2' stopped Jail 'TestJail3' stopped Jail 'TestJail4' stopped Exiting Fail2ban ok testDatabase (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'dbfile', '/tmp/fail2ban_ul0w1es9.db'] has failed. Received RuntimeError('Cannot change database when there are jails present') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 187, in __commandSet self.__server.setDatabase(command[1]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 837, in setDatabase raise RuntimeError( RuntimeError: Cannot change database when there are jails present Stopping jail 'TestJail1' Stop FilterPoll(Jail('TestJail1')) of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Stop of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Jail 'TestJail1' stopped Connected to fail2ban persistent database '/tmp/fail2ban_ul0w1es9.db' New database created. Version '4' Command ['set', 'dbmaxmatches', 'LIZARD'] has failed. Received ValueError("invalid literal for int() with base 10: 'LIZARD'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 200, in __commandSet db.maxMatches = int(command[1]) ValueError: invalid literal for int() with base 10: 'LIZARD' Command ['set', 'dbpurgeage', 'LIZARD'] has failed. Received NameError("name 'LIZARD' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 209, in __commandSet db.purgeage = command[1] File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/database.py", line 348, in purgeage self._purgeAge = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'LIZARD' is not defined Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Stopping jail 'TestJail1' Stop FilterPoll(Jail('TestJail1')) of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Stop of jail 'TestJail1' failed: cannot join thread before it is started Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jail.py", line 341, in stop obj.join() File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jailthread.py", line 126, in join super(JailThread, self).join() File "/usr/lib/python3.10/threading.py", line 1091, in join raise RuntimeError("cannot join thread before it is started") RuntimeError: cannot join thread before it is started Jail 'TestJail1' stopped dbmaxmatches setting was not in effect since no db yet dbpurgeage setting was not in effect since no db yet Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testDatePattern (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend date pattern `'%%%Y%m%d%H%M%S'`: `%YearMonthDay24hourMinuteSecond` date pattern regex for '%%%Y%m%d%H%M%S': (?=^|\b|\W)(%(?P\d{4})(?P0?[1-9]|1[0-2])(?P[1-2]\d|[0 ]?[1-9]|3[0-1])(?P[0-1]?\d|2[0-3])(?P[0-5]?\d)(?P[0-5]?\d|6[0-1]))(?=\b|\W|$) date pattern `''`: `Epoch` date pattern regex for '': ((?:^|(?P(?<=^\[))|(?P(?<=\baudit\()))\d{10,11}\b(?:\.\d{3,6})?)(?:(?(selinux)(?=:\d+\)))|(?(square)(?=\])))(?=\b|\W|$) date pattern `''`: `{^LN-BEG}Epoch` date pattern regex for '': ^(?:\W{0,2})?((?P(?<=^\[))?\d{10,11}\b(?:\.\d{3,6})?)(?(square)(?=\]))(?=\b|\W|$) date pattern `''`: `TAI64N` date pattern regex for '': (@[0-9a-f]{24})(?=\b|\W|$) Command ['set', 'TestJail1', 'datepattern', '%Cat%a%%%g'] has failed. Received TypeError("Failed to set datepattern '%Cat%a%%%g' (may be an invalid format or unescaped percent char): unsupported format character 'C' (0x43) at index 1") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/datetemplate.py", line 323, in setRegex self.name = fmt % self._patternName ValueError: unsupported format character 'C' (0x43) at index 1 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 323, in __commandSet self.__server.setDatePattern(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 430, in setDatePattern self.__jails[name].filter.setDatePattern(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 312, in setDatePattern dd.appendTemplate(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/datedetector.py", line 288, in appendTemplate template = _getPatternTemplate(pattern, key) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/datedetector.py", line 63, in _getPatternTemplate template = DatePatternRegex(pattern) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/datetemplate.py", line 291, in __init__ self.setRegex(pattern, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/datetemplate.py", line 330, in setRegex raise TypeError("Failed to set datepattern '%s' (may be an invalid format or unescaped percent char): %s" % (pattern, e)) TypeError: Failed to set datepattern '%Cat%a%%%g' (may be an invalid format or unescaped percent char): unsupported format character 'C' (0x43) at index 1 Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testGetNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['get', 'INVALID', 'COMMAND'] has failed. Received Exception('Invalid command (no get action or not yet implemented)') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 144, in __commandHandler return self.__commandGet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 510, in __commandGet raise Exception("Invalid command (no get action or not yet implemented)") Exception: Invalid command (no get action or not yet implemented) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailAttemptIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started maxRetry: 5 [TestJail1] Attempt 192.0.2.1 - 2022-11-10 11:49:24 Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 192.0.2.1:1 [TestJail1] Attempt 192.0.2.2 - 2022-11-10 11:49:24 Total # of detected failures: 2. Current failures from 2 IPs (IP:count): 192.0.2.1:1, 192.0.2.2:1 [TestJail1] Attempt 192.0.2.1 - 2022-11-10 11:49:24 Total # of detected failures: 3. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:1 [TestJail1] Attempt 192.0.2.2 - 2022-11-10 11:49:24 Total # of detected failures: 4. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:2 [TestJail1] Attempt 192.0.2.2 - 2022-11-10 11:49:24 Total # of detected failures: 5. Current failures from 2 IPs (IP:count): 192.0.2.1:2, 192.0.2.2:5 [TestJail1] Ban 192.0.2.2 Banned 1 / 1, 1 ticket(s) in 'TestJail1' Shutdown in progress... Stopping all jails Stopping jail 'TestJail1' Flush ban list [TestJail1] Unban 192.0.2.2 Unbanned 1, 0 ticket(s) in 'TestJail1' [TestJail1] filter terminated Jail 'TestJail1' stopped Exiting Fail2ban ok testJailBanIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started [TestJail1] Ban 192.0.2.1 [TestJail1] 192.0.2.1 already banned [TestJail1] Ban 192.0.2.2 Banned 2 / 2, 2 ticket(s) in 'TestJail1' [TestJail1] Ban Badger Banned 1 / 3, 3 ticket(s) in 'TestJail1' 192.0.2.255 is not banned [TestJail1] Unban 192.0.2.1 [TestJail1] Unban 192.0.2.2 192.0.2.254 is not banned 192.0.2.255 is not banned Command ['set', 'TestJail1', 'unbanip', '--report-absent', '192.0.2.255'] has failed. Received ValueError("not banned: ['192.0.2.255']") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 372, in __commandSet return self.__server.setUnbanIP(name, value, ifexists=ifexists) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 547, in setUnbanIP cnt += jail.actions.removeBannedIP(value, ifexists=ifexists) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/actions.py", line 275, in removeBannedIP raise ValueError("not banned: %r" % missed) ValueError: not banned: ['192.0.2.255'] 192.0.2.255 is not banned 192.0.2.254 is not banned Shutdown in progress... Stopping all jails Stopping jail 'TestJail1' [TestJail1] filter terminated Flush ban list [TestJail1] Unban Badger Unbanned 1, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped Exiting Fail2ban ok testJailBanList (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJailBanList' Jail 'TestJailBanList' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJailBanList')) Created FilterPoll(Jail('TestJailBanList')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJailBanList' Jail 'TestJailBanList' started [TestJailBanList] Ban 127.0.0.1 Banned 1 / 1, 1 ticket(s) in 'TestJailBanList' [TestJailBanList] Ban 192.168.0.1 Banned 1 / 2, 2 ticket(s) in 'TestJailBanList' [TestJailBanList] Ban 192.168.1.10 Banned 1 / 3, 3 ticket(s) in 'TestJailBanList' [TestJailBanList] Unban 127.0.0.1 [TestJailBanList] Unban 192.168.1.10 [TestJailBanList] Unban 192.168.0.1 Shutdown in progress... Stopping all jails Stopping jail 'TestJailBanList' Jail 'TestJail1' stopped [TestJailBanList] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJailBanList' Jail 'TestJailBanList' stopped Exiting Fail2ban ok testJailBanTime (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend banTime: 600 banTime: 50 banTime: -50 banTime: 1315800 Command ['set', 'TestJail1', 'bantime', 'Cat'] has failed. Received NameError("name 'Cat' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 349, in __commandSet self.__server.setBanTime(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 528, in setBanTime self.__jails[name].actions.setBanTime(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/actions.py", line 202, in setBanTime value = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'Cat' is not defined Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailFindTime (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend findtime: 120 findtime: 60 findtime: 1800 findtime: -60 Command ['set', 'TestJail1', 'findtime', 'Dog'] has failed. Received NameError("name 'Dog' is not defined") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 318, in __commandSet self.__server.setFindTime(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 424, in setFindTime self.__jails[name].filter.setFindTime(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 284, in setFindTime value = MyTime.str2seconds(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/mytime.py", line 176, in str2seconds return eval(val) File "", line 1, in NameError: name 'Dog' is not defined Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIdle (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'idle', 'CAT'] has failed. Received Exception("Invalid idle option, must be 'on' or 'off'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 219, in __commandSet raise Exception("Invalid idle option, must be 'on' or 'off'") Exception: Invalid idle option, must be 'on' or 'off' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreCache (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreCommand (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreIP (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Add '127.0.0.1' to ignore list ('127.0.0.1') Add '192.168.1.1' to ignore list ('192.168.1.1') Add '8.8.8.8' to ignore list ('8.8.8.8') Remove '127.0.0.1' from ignore list Remove '192.168.1.1' from ignore list Remove '8.8.8.8' from ignore list Add '127.0.0.1' to ignore list ('127.0.0.1') Ignore duplicate '127.0.0.1' ('127.0.0.1'), already in ignore list Remove '127.0.0.1' from ignore list Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailIgnoreRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend ignoreregex: 'user john' ignoreregex: 'Admin user login from ' ignoreregex: 'Dont match me!' ignoreregex: 'Invalid [regex' Unable to compile regular expression 'Invalid [regex': unterminated character set at position 8 Command ['set', 'TestJail1', 'addignoreregex', 'Invalid [regex'] has failed. Received RegexException("Unable to compile regular expression 'Invalid [regex':\nunterminated character set at position 8") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 142, in __init__ self._regexObj = re.compile(regex, re.MULTILINE if multiline else 0) File "/usr/lib/python3.10/re.py", line 251, in compile return _compile(pattern, flags) File "/usr/lib/python3.10/re.py", line 303, in _compile p = sre_compile.compile(pattern, flags) File "/usr/lib/python3.10/sre_compile.py", line 788, in compile p = sre_parse.parse(p, flags) File "/usr/lib/python3.10/sre_parse.py", line 955, in parse p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0) File "/usr/lib/python3.10/sre_parse.py", line 444, in _parse_sub itemsappend(_parse(source, state, verbose, nested + 1, File "/usr/lib/python3.10/sre_parse.py", line 550, in _parse raise source.error("unterminated character set", re.error: unterminated character set at position 8 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 301, in __commandSet self.__server.addIgnoreRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 480, in addIgnoreRegex flt.addIgnoreRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 229, in addIgnoreRegex raise e File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 225, in addIgnoreRegex regex = Regex(value, useDns=self.__useDns) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 159, in __init__ raise RegexException("Unable to compile regular expression '%s':\n%s" % fail2ban.server.failregex.RegexException: Unable to compile regular expression 'Invalid [regex': unterminated character set at position 8 ignoreregex: 50 Command ['set', 'TestJail1', 'addignoreregex', 50] has failed. Received TypeError('expected string or bytes-like object') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 301, in __commandSet self.__server.addIgnoreRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 480, in addIgnoreRegex flt.addIgnoreRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 225, in addIgnoreRegex regex = Regex(value, useDns=self.__useDns) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 134, in __init__ regex = Regex._resolveHostTag(regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 220, in _resolveHostTag return FTAG_CRE.sub(substTag, regex) TypeError: expected string or bytes-like object Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogEncoding (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend encoding: UTF-8 encoding: ascii encoding: UTF-8 Command ['set', 'TestJail1', 'logencoding', 'Monkey'] has failed. Received LookupError('unknown encoding: Monkey') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 268, in __commandSet self.__server.setLogEncoding(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 417, in setLogEncoding filter_.setLogEncoding(encoding) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 1081, in setLogEncoding encoding = super(FileFilter, self).setLogEncoding(encoding) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 396, in setLogEncoding codecs.lookup(encoding) # Raise LookupError if invalid codec LookupError: unknown encoding: Monkey Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPath (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase01.log' (pos = 0, hash = 78326ba6fc2a389f12526f28b3cca2df2ce791f9) Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase02.log' (pos = 0, hash = 3d6a949c741e6c757c4de4158db995098d8bc62b) Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase03.log' (pos = 0, hash = 421b4a8d7575f35da4a636619cde917ecb759155) Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase01.log' Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase02.log' Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase03.log' Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log' (pos = 0, hash = f36501e23dfff6fbf4fe08282455aed0ecad8b3d) /home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log already exists Removed logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log' Added logfile: '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log' (pos = 880, hash = f36501e23dfff6fbf4fe08282455aed0ecad8b3d) /home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log already exists Command ['set', 'TestJail1', 'addlogpath', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log', 'badger'] has failed. Received ValueError("File option must be 'head' or 'tail'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 255, in __commandSet raise ValueError("File option must be 'head' or 'tail'") ValueError: File option must be 'head' or 'tail' Command ['set', 'TestJail1', 'addlogpath', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log', '/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/files/testcase04.log'] has failed. Received ValueError('Only one file can be added at a time') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 257, in __commandSet raise ValueError("Only one file can be added at a time") ValueError: Only one file can be added at a time Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPathBrokenSymlink (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'addlogpath', '/tmp/tmp_fail2ban_broken_symlinkpit2b0qq.slink'] has failed. Received FileNotFoundError(2, 'No such file or directory') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 258, in __commandSet self.__server.addLogPath(name, value, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 382, in addLogPath filter_.addLogPath(fileName, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 1006, in addLogPath log = FileContainer(path, self.getLogEncoding(), tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 1327, in __init__ handler = open(filename, 'rb') FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmp_fail2ban_broken_symlinkpit2b0qq.slink' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailLogPathInvalidFile (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'addlogpath', "this_file_shouldn't_exist"] has failed. Received FileNotFoundError(2, 'No such file or directory') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 258, in __commandSet self.__server.addLogPath(name, value, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 382, in addLogPath filter_.addLogPath(fileName, tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 1006, in addLogPath log = FileContainer(path, self.getLogEncoding(), tail) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 1327, in __init__ handler = open(filename, 'rb') FileNotFoundError: [Errno 2] No such file or directory: "this_file_shouldn't_exist" Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxLines (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend maxLines: 5 maxLines: 2 Command ['set', 'TestJail1', 'maxlines', '-2'] has failed. Received ValueError('maxlines must be integer greater than zero') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 343, in __commandSet self.__server.setMaxLines(name, int(value)) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 507, in setMaxLines self.__jails[name].filter.setMaxLines(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 376, in setMaxLines raise ValueError("maxlines must be integer greater than zero") ValueError: maxlines must be integer greater than zero Command ['set', 'TestJail1', 'maxlines', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 343, in __commandSet self.__server.setMaxLines(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxMatches (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'maxmatches', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 333, in __commandSet self.__server.setMaxMatches(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailMaxRetry (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend maxRetry: 5 maxRetry: 2 maxRetry: -2 Command ['set', 'TestJail1', 'maxretry', 'Duck'] has failed. Received ValueError("invalid literal for int() with base 10: 'Duck'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 338, in __commandSet self.__server.setMaxRetry(name, int(value)) ValueError: invalid literal for int() with base 10: 'Duck' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailPrefRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend prefregex: '^Test' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailRegex (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend failregex: 'user john at ' failregex: 'Admin user login from ' failregex: 'failed attempt from again' failregex: 'No host regex' No failure-id group in 'No host regex' Command ['set', 'TestJail1', 'addfailregex', 'No host regex'] has failed. Received RegexException("No failure-id group in 'No host regex'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 289, in __commandSet self.__server.addFailRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 467, in addFailRegex flt.addFailRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 194, in addFailRegex raise e File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 189, in addFailRegex regex = FailRegex(value, prefRegex=self.__prefRegex, multiline=multiLine, File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 432, in __init__ raise RegexException("No failure-id group in '%s'" % self._regex) fail2ban.server.failregex.RegexException: No failure-id group in 'No host regex' failregex: 654 Command ['set', 'TestJail1', 'addfailregex', 654] has failed. Received TypeError('expected string or bytes-like object') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 289, in __commandSet self.__server.addFailRegex(name, value, multiple=multiple) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 467, in addFailRegex flt.addFailRegex(value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 189, in addFailRegex regex = FailRegex(value, prefRegex=self.__prefRegex, multiline=multiLine, File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 426, in __init__ Regex.__init__(self, regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 134, in __init__ regex = Regex._resolveHostTag(regex, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/failregex.py", line 220, in _resolveHostTag return FTAG_CRE.sub(substTag, regex) TypeError: expected string or bytes-like object Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatus (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusBasic (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusBasicKwarg (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Unsupported extended jail status flavor 'INVALID'. Supported: ['short', 'basic', 'cymru'] Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailStatusCymru (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend dnspython package is required but could not be imported Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJailUseDNS (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Setting usedns = yes for FilterPoll(Jail('TestJail1')) Setting usedns = warn for FilterPoll(Jail('TestJail1')) Setting usedns = no for FilterPoll(Jail('TestJail1')) Incorrect value 'fish' specified for usedns. Using safe 'no' Setting usedns = no for FilterPoll(Jail('TestJail1')) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testJournalFlagsMatch (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban skipped 'systemd python interface not available' testJournalMatch (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban skipped 'systemd python interface not available' testLogTimeZone (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'TestJail1', 'logtimezone', 'not-a-time-zone'] has failed. Received ValueError("Unknown or unsupported time zone: 'not-a-time-zone'") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 328, in __commandSet self.__server.setLogTimeZone(name, value) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 436, in setLogTimeZone self.__jails[name].filter.setLogTimeZone(tz) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/filter.py", line 340, in setLogTimeZone validateTimeZone(tz); # avoid setting of wrong value, but hold original File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/strptime.py", line 156, in validateTimeZone raise ValueError("Unknown or unsupported time zone: %r" % tz) ValueError: Unknown or unsupported time zone: 'not-a-time-zone' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['INVALID', 'COMMAND'] has failed. Received Exception('Invalid command') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 152, in __commandHandler raise Exception("Invalid command") Exception: Invalid command Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testPing (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testPythonActionMethodsAndProperties (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend :283: DeprecationWarning: the load_module() method is deprecated and slated for removal in Python 3.12; use exec_module() instead TestAction initialised Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testServerIsNotStarted (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSetIPv6 (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend IPv6 is on IPv6 is off IPv6 is auto Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSetNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['set', 'INVALID', 'COMMAND'] has failed. Received Exception("Invalid command 'COMMAND' (no set action or not yet implemented)") Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 89, in __commandHandler return self.__commandSet(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 409, in __commandSet raise Exception("Invalid command %r (no set action or not yet implemented)" % (command[1],)) Exception: Invalid command 'COMMAND' (no set action or not yet implemented) Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testSleep (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testStartStopAllJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started Starting jail 'TestJail2' Jail 'TestJail2' started Stopping all jails Stopping jail 'TestJail1' Stopping jail 'TestJail2' [TestJail1] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped [TestJail2] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail2' Jail 'TestJail2' stopped Shutdown in progress... Stopping all jails Exiting Fail2ban ok testStartStopJail (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Starting jail 'TestJail1' Jail 'TestJail1' started Stopping jail 'TestJail1' [TestJail1] filter terminated Flush ban list Unbanned 0, 0 ticket(s) in 'TestJail1' Jail 'TestJail1' stopped Shutdown in progress... Stopping all jails Exiting Fail2ban ok testStatus (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Creating new jail 'TestJail2' Jail 'TestJail2' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail2')) Created FilterPoll(Jail('TestJail2')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Jail 'TestJail2' stopped Exiting Fail2ban ok testStatusNOK (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Command ['status', 'INVALID', 'COMMAND'] has failed. Received UnknownJailException('INVALID') Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jails.py", line 81, in __getitem__ return self._jails[name] KeyError: 'INVALID' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 58, in proceed ret = self.__commandHandler(command) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 146, in __commandHandler return self.status(command[1:]) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/transmitter.py", line 521, in status return self.__server.statusJail(name, flavor=flavor) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/server.py", line 625, in statusJail return self.__jails[name].status(flavor=flavor) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jails.py", line 83, in __getitem__ raise UnknownJailException(name) fail2ban.exceptions.UnknownJailException: 'INVALID' Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testStopServer (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testVersion (fail2ban.tests.servertestcase.Transmitter) ... Creating new jail 'TestJail1' Jail 'TestJail1' uses poller {} Setting usedns = warn for FilterPoll(Jail('TestJail1')) Created FilterPoll(Jail('TestJail1')) Created FilterPoll Initiated 'polling' backend Shutdown in progress... Stopping all jails Jail 'TestJail1' stopped Exiting Fail2ban ok testLongName (fail2ban.tests.servertestcase.JailTests) ... ok testHost (fail2ban.tests.servertestcase.RegexTests) ... ok testInit (fail2ban.tests.servertestcase.RegexTests) ... ok testStr (fail2ban.tests.servertestcase.RegexTests) ... ok testFail2BanExceptHook (fail2ban.tests.servertestcase.LoggingTests) ... Unhandled exception in Fail2Ban: Traceback (most recent call last): File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/server/jailthread.py", line 69, in run_with_except_hook run(*args, **kwargs) File "/home/buildozer/aports/main/fail2ban/src/fail2ban-1.0.2/fail2ban/tests/servertestcase.py", line 1143, in run raise RuntimeError('run bad thread exception') RuntimeError: run bad thread exception ok testGetF2BLogger (fail2ban.tests.servertestcase.LoggingTests) ... ok testStartFailedSockExists (fail2ban.tests.servertestcase.LoggingTests) ... -------------------------------------------------- Starting Fail2ban v1.0.2 Creating PID file /tmp/f2b-testytqa8ad1fail2ban.pid Observer start... Starting communication Fail2ban seems to be already running Could not start server: Server already running Shutdown in progress... Stop communication, shutdown Observer stop ... try to end queue 5 seconds Observer stopped, 0 events remaining. Stopping all jails Exiting Fail2ban Remove PID file /tmp/f2b-testytqa8ad1fail2ban.pid ok testCheckStockAllActions (fail2ban.tests.servertestcase.ServerConfigReaderTests) ... Loading configs for action.d/osx-afctl under config Reading configs for action.d/osx-afctl under config Reading config files: config/action.d/osx-afctl.conf Loading files: ['config/action.d/osx-afctl.conf'] Loading files: ['config/action.d/osx-afctl.conf'] Creating new jail 'j-osx-afctl' Jail 'j-osx-afctl' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-osx-afctl')) Created FilterPoll(Jail('j-osx-afctl')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = '/usr/libexec/afctl -a -t ' Set actionprolong = '/usr/libexec/afctl -r && /usr/libexec/afctl -a -t ' Set actionunban = '/usr/libexec/afctl -r ' Set name = 'j-osx-afctl' Set actname = 'osx-afctl' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === Loading configs for action.d/sendmail-common under config Reading configs for action.d/sendmail-common under config Reading config files: config/action.d/sendmail-common.conf Loading files: ['config/action.d/sendmail-common.conf'] Loading files: ['config/action.d/sendmail-common.local'] Loading files: ['config/action.d/sendmail-common.conf'] Creating new jail 'j-sendmail-common' Jail 'j-sendmail-common' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-common')) Created FilterPoll(Jail('j-sendmail-common')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-common: started on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-common has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-common has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = '' Set actionunban = '' Set name = 'j-sendmail-common' Set actname = 'sendmail-common' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/nsupdate under config Reading configs for action.d/nsupdate under config Reading config files: config/action.d/nsupdate.conf Loading files: ['config/action.d/nsupdate.conf'] Loading files: ['config/action.d/nsupdate.conf'] Creating new jail 'j-nsupdate' Jail 'j-nsupdate' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-nsupdate')) Created FilterPoll(Jail('j-nsupdate')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'echo | awk -F. \'{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \\"Your IP has been banned\\""; print "send"}\' | /usr/bin/nsupdate -k ' Set actionunban = 'echo | awk -F. \'{print "update delete "$4"."$3"."$2"."$1"."; print "send"}\' | /usr/bin/nsupdate -k ' Set name = 'j-nsupdate' Set actname = 'nsupdate' Set domain = '' Set ttl = '60' Set rdata = 'Your IP has been banned' Set nsupdatecmd = '/usr/bin/nsupdate' Set keyfile = '' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === Loading configs for action.d/symbiosis-blacklist-allports under config Reading configs for action.d/symbiosis-blacklist-allports under config Reading config files: config/action.d/symbiosis-blacklist-allports.conf Loading files: ['config/action.d/symbiosis-blacklist-allports.conf'] Loading files: ['config/action.d/iptables.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/symbiosis-blacklist-allports.conf'] Jail name 'j-symbiosis-blacklist-allports' might be too long and some commands might not function correctly. Please shorten Creating new jail 'j-symbiosis-blacklist-allports' Jail 'j-symbiosis-blacklist-allports' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-symbiosis-blacklist-allports')) Created FilterPoll(Jail('j-symbiosis-blacklist-allports')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actionflush = '' Set actioncheck = ' -n -L blacklist' Set actionban = "echo 'all' >| /etc/symbiosis/firewall/blacklist.d/.auto\n -I blacklist 1 -s -j " Set actionunban = 'rm -f /etc/symbiosis/firewall/blacklist.d/.auto\n -D blacklist -s -j || :' Set name = 'j-symbiosis-blacklist-allports' Set actname = 'symbiosis-blacklist-allports' Set chain = 'blacklist' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'DROP' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === Loading configs for action.d/iptables under config Reading configs for action.d/iptables under config Reading config files: config/action.d/iptables.conf Loading files: ['config/action.d/iptables.conf'] Creating new jail 'j-iptables' Jail 'j-iptables' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables')) Created FilterPoll(Jail('j-iptables')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "{ -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { -N f2b-j-iptables || true; -A f2b-j-iptables -j RETURN; }\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -p $proto --dport ssh -j f2b-j-iptables\ndone\n -F f2b-j-iptables\n -X f2b-j-iptables" Set actionflush = ' -F f2b-j-iptables' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -p $proto --dport ssh -j f2b-j-iptables\ndone" Set actionban = ' -I f2b-j-iptables 1 -s -j ' Set actionunban = ' -D f2b-j-iptables -s -j ' Set name = 'j-iptables' Set actname = 'iptables' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` Loading configs for action.d/cloudflare-token under config Reading configs for action.d/cloudflare-token under config Reading config files: config/action.d/cloudflare-token.conf Loading files: ['config/action.d/cloudflare-token.conf'] Loading files: ['config/action.d/cloudflare-token.conf'] Creating new jail 'j-cloudflare-token' Jail 'j-cloudflare-token' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-cloudflare-token')) Created FilterPoll(Jail('j-cloudflare-token')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n--data \'{"mode":"block","configuration":{"target":"","value":""},"notes":"Fail2Ban j-cloudflare-token"}\'' Set actionunban = 'id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=&configuration.value=" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n| awk -F"[,:}]" \'{for(i=1;i<=NF;i++){if($i~/\'id\'\\042/){print $(i+1)}}}\' \\\n| tr -d \' "\' \\\n| head -n 1)\nif [ -z "$id" ]; then echo "j-cloudflare-token: id for cannot be found using target "; exit 0; fi; \\\ncurl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \\\n-H "Authorization: Bearer " -H "Content-Type: application/json" \\\n--data \'{"cascade": "none"}\'' Set name = 'j-cloudflare-token' Set actname = 'cloudflare-token' Set cftarget = 'ip' Set cfmode = 'block' Set notes = 'Fail2Ban ' Set cftarget?family=inet6 = 'ip6' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === Loading configs for action.d/apprise under config Reading configs for action.d/apprise under config Reading config files: config/action.d/apprise.conf Loading files: ['config/action.d/apprise.conf'] Loading files: ['config/action.d/apprise.conf'] Creating new jail 'j-apprise' Jail 'j-apprise' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-apprise')) Created FilterPoll(Jail('j-apprise')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"' Set actionstop = 'printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"' Set actioncheck = '' Set actionban = 'printf %b "The IP has just been banned by Fail2Ban after attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned from `uname -n`"' Set actionunban = '' Set name = 'j-apprise' Set actname = 'apprise' Set config = '/etc/fail2ban/apprise.conf' Set apprise = 'apprise -c ""' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` Loading configs for action.d/sendmail-geoip-lines under config Reading configs for action.d/sendmail-geoip-lines under config Reading config files: config/action.d/sendmail-geoip-lines.conf Loading files: ['config/action.d/sendmail-geoip-lines.conf'] Loading files: ['config/action.d/helpers-common.conf'] Loading files: ['config/action.d/sendmail-common.conf', 'config/action.d/helpers-common.conf', 'config/action.d/sendmail-geoip-lines.conf'] Creating new jail 'j-sendmail-geoip-lines' Jail 'j-sendmail-geoip-lines' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-geoip-lines')) Created FilterPoll(Jail('j-sendmail-geoip-lines')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-geoip-lines has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-geoip-lines has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = '( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned from \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe IP has just been banned by Fail2Ban after\n attempts against j-sendmail-geoip-lines.\\n\\n\nHere is more information about :\\n\nhttp://bgp.he.net/ip/\nhttp://www.projecthoneypot.org/ip_\nhttp://whois.domaintools.com/\\n\\n\nCountry:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "" | cut -d\':\' -f2-`\nAS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d\':\' -f2-`\nhostname: \\n\\n\nLines containing failures of (max 1000)\\n";\nlogpath="/dev/null"; grep -m 1000 -wF "" $logpath | tail -n 1000;\nprintf %b "\\n\nRegards,\\n\nFail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionunban = '' Set norestored = True Set name = 'j-sendmail-geoip-lines' Set actname = 'sendmail-geoip-lines' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Set greplimit = 'tail -n ' Set grepmax = '1000' Set grepopts = '-m ' Set logpath = '/dev/null' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/cloudflare under config Reading configs for action.d/cloudflare under config Reading config files: config/action.d/cloudflare.conf Loading files: ['config/action.d/cloudflare.conf'] Loading files: ['config/action.d/cloudflare.conf'] Creating new jail 'j-cloudflare' Jail 'j-cloudflare' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-cloudflare')) Created FilterPoll(Jail('j-cloudflare')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'curl -s -o /dev/null -X POST -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' \\\n-d \'{"mode":"block","configuration":{"target":"","value":""},"notes":"Fail2Ban j-cloudflare"}\' \\\nhttps://api.cloudflare.com/client/v4/user/firewall/access_rules/rules' Set actionunban = 'id=$(curl -s -X GET -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' \\\n"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=&configuration_value=&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \\\n| { jq -r \'.result[0].id\' 2>/dev/null || tr -d \'\\n\' | sed -nE \'s/^.*"result"\\s*:\\s*\\[\\s*\\{\\s*"id"\\s*:\\s*"([^"]+)".*$/\\1/p\'; })\nif [ -z "$id" ]; then echo "j-cloudflare: id for cannot be found"; exit 0; fi;\ncurl -s -o /dev/null -X DELETE -H \'X-Auth-Email: \' -H \'X-Auth-Key: \' -H \'Content-Type: application/json\' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"' Set name = 'j-cloudflare' Set actname = 'cloudflare' Set cftoken = '' Set cfuser = '' Set cftarget = 'ip' Set cftarget?family=inet6 = 'ip6' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === Loading configs for action.d/firewallcmd-rich-rules under config Reading configs for action.d/firewallcmd-rich-rules under config Reading config files: config/action.d/firewallcmd-rich-rules.conf Loading files: ['config/action.d/firewallcmd-rich-rules.conf'] Loading files: ['config/action.d/firewallcmd-common.conf'] Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-rich-rules.conf'] Creating new jail 'j-firewallcmd-rich-rules' Jail 'j-firewallcmd-rich-rules' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-rich-rules')) Created FilterPoll(Jail('j-firewallcmd-rich-rules')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' reject type=\'\'"; done' Set actionunban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' reject type=\'\'"; done' Set name = 'j-firewallcmd-rich-rules' Set actname = 'firewallcmd-rich-rules' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === Loading configs for action.d/npf under config Reading configs for action.d/npf under config Reading config files: config/action.d/npf.conf Loading files: ['config/action.d/npf.conf'] Loading files: ['config/action.d/npf.conf'] Creating new jail 'j-npf' Jail 'j-npf' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-npf')) Created FilterPoll(Jail('j-npf')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = '/sbin/npfctl table fail2ban add ' Set actionunban = '/sbin/npfctl table fail2ban rem ' Set name = 'j-npf' Set actname = 'npf' Set tablename = 'fail2ban' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === Loading configs for action.d/dummy under config Reading configs for action.d/dummy under config Reading config files: config/action.d/dummy.conf Loading files: ['config/action.d/dummy.conf'] Loading files: ['config/action.d/dummy.conf'] Creating new jail 'j-dummy' Jail 'j-dummy' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-dummy')) Created FilterPoll(Jail('j-dummy')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'if [ ! -z \'/var/run/fail2ban/fail2ban.dummy\' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;\nprintf %b "123\\n" >> /var/run/fail2ban/fail2ban.dummy\necho "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"' Set actionstop = 'if [ ! -z \'/var/run/fail2ban/fail2ban.dummy\' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;\necho "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"' Set actionflush = 'printf %b "-*\\n" >> /var/run/fail2ban/fail2ban.dummy\necho "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- clear all"' Set actioncheck = '' Set actionban = 'printf %b "+\\n" >> /var/run/fail2ban/fail2ban.dummy\necho "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned (family: )"' Set actionunban = 'printf %b "-\\n" >> /var/run/fail2ban/fail2ban.dummy\necho "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned (family: )"' Set name = 'j-dummy' Set actname = 'dummy' Set init = '123' Set target = '/var/run/fail2ban/fail2ban.dummy' Set to_target = '>> ' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` Loading configs for action.d/iptables-new under config Reading configs for action.d/iptables-new under config Reading config files: config/action.d/iptables-new.conf Loading files: ['config/action.d/iptables-new.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-new.conf'] Creating new jail 'j-iptables-new' Jail 'j-iptables-new' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-new')) Created FilterPoll(Jail('j-iptables-new')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "{ -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { -N f2b-j-iptables-new || true; -A f2b-j-iptables-new -j RETURN; }\nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { -I INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new\ndone\n -F f2b-j-iptables-new\n -X f2b-j-iptables-new" Set actionflush = ' -F f2b-j-iptables-new' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -m state --state NEW-p $proto --dport ssh -j f2b-j-iptables-new\ndone" Set actionban = ' -I f2b-j-iptables-new 1 -s -j ' Set actionunban = ' -D f2b-j-iptables-new -s -j ' Set name = 'j-iptables-new' Set actname = 'iptables-new' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` Loading configs for action.d/helpers-common under config Reading configs for action.d/helpers-common under config Reading config files: config/action.d/helpers-common.conf Loading files: ['config/action.d/helpers-common.conf'] No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' No section: 'Definition' Creating new jail 'j-helpers-common' Jail 'j-helpers-common' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-helpers-common')) Created FilterPoll(Jail('j-helpers-common')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = None Set actionstart_on_demand = None Set actionstop = None Set actionflush = None Set actionreload = None Set actioncheck = None Set actionrepair = None Set actionrepair_on_unban = None Set actionban = None Set actionprolong = None Set actionreban = None Set actionunban = None Set norestored = None Set name = 'j-helpers-common' Set actname = 'helpers-common' Set greplimit = 'tail -n ' Set grepmax = '1000' Set grepopts = '-m ' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` Loading configs for action.d/firewallcmd-allports under config Reading configs for action.d/firewallcmd-allports under config Reading config files: config/action.d/firewallcmd-allports.conf Loading files: ['config/action.d/firewallcmd-allports.conf'] Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-allports.conf'] Creating new jail 'j-firewallcmd-allports' Jail 'j-firewallcmd-allports' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-allports')) Created FilterPoll(Jail('j-firewallcmd-allports')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'firewall-cmd --direct --add-chain filter f2b-j-firewallcmd-allports\nfirewall-cmd --direct --add-rule filter f2b-j-firewallcmd-allports 1000 -j RETURN\nfirewall-cmd --direct --add-rule filter INPUT_direct 0 -j f2b-j-firewallcmd-allports' Set actionstop = 'firewall-cmd --direct --remove-rule filter INPUT_direct 0 -j f2b-j-firewallcmd-allports\nfirewall-cmd --direct --remove-rules filter f2b-j-firewallcmd-allports\nfirewall-cmd --direct --remove-chain filter f2b-j-firewallcmd-allports' Set actioncheck = "firewall-cmd --direct --get-chains filter | sed -e 's, ,\\n,g' | grep -q '^f2b-j-firewallcmd-allports$'" Set actionban = 'firewall-cmd --direct --add-rule filter f2b-j-firewallcmd-allports 0 -s -j REJECT --reject-with ' Set actionunban = 'firewall-cmd --direct --remove-rule filter f2b-j-firewallcmd-allports 0 -s -j REJECT --reject-with ' Set name = 'j-firewallcmd-allports' Set actname = 'firewallcmd-allports' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` Loading configs for action.d/iptables-xt_recent-echo under config Reading configs for action.d/iptables-xt_recent-echo under config Reading config files: config/action.d/iptables-xt_recent-echo.conf Loading files: ['config/action.d/iptables-xt_recent-echo.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-xt_recent-echo.conf'] Creating new jail 'j-iptables-xt_recent-echo' Jail 'j-iptables-xt_recent-echo' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-xt_recent-echo')) Created FilterPoll(Jail('j-iptables-xt_recent-echo')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'if [ `id -u` -eq 0 ];then\n{ -C INPUT -m recent --update --seconds 3600 --name -j >/dev/null 2>&1; } || { -I INPUT -m recent --update --seconds 3600 --name -j ; }\nfi' Set actionstop = 'echo / > /proc/net/xt_recent/\nif [ `id -u` -eq 0 ];then\n -D INPUT -m recent --update --seconds 3600 --name -j ;\nfi' Set actionflush = '' Set actioncheck = '{ -C INPUT -m recent --update --seconds 3600 --name -j ; } && test -e /proc/net/xt_recent/' Set actionban = 'echo + > /proc/net/xt_recent/' Set actionunban = 'echo - > /proc/net/xt_recent/' Set name = 'j-iptables-xt_recent-echo' Set actname = 'iptables-xt_recent-echo' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Set iptname = 'f2b-' Set iptname?family=inet6 = 'f2b-6' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` Loading configs for action.d/sendmail-whois-lines under config Reading configs for action.d/sendmail-whois-lines under config Reading config files: config/action.d/sendmail-whois-lines.conf Loading files: ['config/action.d/sendmail-whois-lines.conf'] Loading files: ['config/action.d/mail-whois-common.conf'] Loading files: ['config/action.d/mail-whois-common.local'] Loading files: ['config/action.d/sendmail-common.conf', 'config/action.d/mail-whois-common.conf', 'config/action.d/helpers-common.conf', 'config/action.d/sendmail-whois-lines.conf'] Creating new jail 'j-sendmail-whois-lines' Jail 'j-sendmail-whois-lines' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-whois-lines')) Created FilterPoll(Jail('j-sendmail-whois-lines')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-whois-lines has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-whois-lines has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = '( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned from \nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe IP has just been banned by Fail2Ban after\n attempts against j-sendmail-whois-lines.\\n\\n\nHere is more information about :\\n"\nwhois || echo "missing whois program";\nprintf %b "\\nLines containing failures of (max 1000)\\n";\nlogpath="/dev/null"; grep -m 1000 -wF "" $logpath | tail -n 1000;\nprintf %b "\\n\nRegards,\\n\nFail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionunban = '' Set norestored = True Set name = 'j-sendmail-whois-lines' Set actname = 'sendmail-whois-lines' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Set greplimit = 'tail -n ' Set grepmax = '1000' Set grepopts = '-m ' Set logpath = '/dev/null' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/firewallcmd-rich-logging under config Reading configs for action.d/firewallcmd-rich-logging under config Reading config files: config/action.d/firewallcmd-rich-logging.conf Loading files: ['config/action.d/firewallcmd-rich-logging.conf'] Loading files: ['config/action.d/firewallcmd-common.conf', 'config/action.d/firewallcmd-rich-rules.conf', 'config/action.d/firewallcmd-rich-logging.conf'] Jail name 'j-firewallcmd-rich-logging' might be too long and some commands might not function correctly. Please shorten Creating new jail 'j-firewallcmd-rich-logging' Jail 'j-firewallcmd-rich-logging' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-firewallcmd-rich-logging')) Created FilterPoll(Jail('j-firewallcmd-rich-logging')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' log prefix=\'f2b-j-firewallcmd-rich-logging\' level=\'info\' limit value=\'1/m\' reject type=\'\'"; done' Set actionunban = 'ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family=\'\' source address=\'\' port port=\'$p\' protocol=\'tcp\' log prefix=\'f2b-j-firewallcmd-rich-logging\' level=\'info\' limit value=\'1/m\' reject type=\'\'"; done' Set name = 'j-firewallcmd-rich-logging' Set actname = 'firewallcmd-rich-logging' Set port = '1:65535' Set protocol = 'tcp' Set family = 'ipv4' Set chain = 'INPUT_direct' Set zone = 'public' Set service = 'ssh' Set rejecttype = 'icmp-port-unreachable' Set blocktype = 'REJECT --reject-with ' Set rich-blocktype = "reject type=''" Set family?family=inet6 = 'ipv6' Set rejecttype?family=inet6 = 'icmp6-port-unreachable' Set level = 'info' Set rate = '1' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === Loading configs for action.d/iptables-ipset-proto6 under config Reading configs for action.d/iptables-ipset-proto6 under config Reading config files: config/action.d/iptables-ipset-proto6.conf Loading files: ['config/action.d/iptables-ipset-proto6.conf'] Loading files: ['config/action.d/iptables-ipset.conf'] Loading files: ['config/action.d/iptables.conf', 'config/action.d/iptables-ipset.conf', 'config/action.d/iptables-ipset-proto6.conf'] Creating new jail 'j-iptables-ipset-proto6' Jail 'j-iptables-ipset-proto6' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-iptables-ipset-proto6')) Created FilterPoll(Jail('j-iptables-ipset-proto6')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = "ipset -exist create hash:ip timeout 0 \nfor proto in $(echo 'tcp' | sed 's/,/ /g'); do\n{ -C INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j >/dev/null 2>&1; } || { -I INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j ; }\ndone" Set actionstop = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -D INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j \ndone\nipset flush \nipset destroy " Set actionflush = 'ipset flush ' Set actioncheck = "for proto in $(echo 'tcp' | sed 's/,/ /g'); do\n -C INPUT -p $proto -m multiport --dports ssh -m set --match-set src -j \ndone" Set actionban = 'ipset -exist add timeout 0' Set actionunban = 'ipset -exist del ' Set name = 'j-iptables-ipset-proto6' Set actname = 'iptables-ipset-proto6' Set chain = 'INPUT' Set port = 'ssh' Set protocol = 'tcp' Set blocktype = 'REJECT --reject-with icmp-port-unreachable' Set returntype = 'RETURN' Set lockingopt = '-w' Set iptables = 'iptables ' Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' Set iptables?family=inet6 = 'ip6tables ' Set default-ipsettime = '0' Set ipsettime = '0' Set timeout-bantime = '$([ "" -le 2147483 ] && echo "" || echo 0)' Set ipmset = 'f2b-' Set familyopt = '' Set ipmset?family=inet6 = 'f2b-6' Set familyopt?family=inet6 = 'family inet6' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` Loading configs for action.d/mail-buffered under config Reading configs for action.d/mail-buffered under config Reading config files: config/action.d/mail-buffered.conf Loading files: ['config/action.d/mail-buffered.conf'] Loading files: ['config/action.d/mail-buffered.conf'] Creating new jail 'j-mail-buffered' Jail 'j-mail-buffered' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-mail-buffered')) Created FilterPoll(Jail('j-mail-buffered')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Hi,\\n\nThe jail j-mail-buffered has been started successfully.\\n\nOutput will be buffered until 5 lines are available.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: started on " root' Set actionstop = 'if [ -f /var/run/fail2ban/tmp-mail.txt ]; then\nprintf %b "Hi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: Summary from " root\nrm /var/run/fail2ban/tmp-mail.txt\nfi\nprintf %b "Hi,\\n\nThe jail j-mail-buffered has been stopped.\\n\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: stopped on " root' Set actioncheck = '' Set actionban = 'printf %b "`date`: ( failures)\\n" >> /var/run/fail2ban/tmp-mail.txt\nLINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk \'{ print $1 }\' )\nif [ $LINE -ge 5 ]; then\nprintf %b "Hi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\n\\nRegards,\\n\nFail2Ban"|mail -E \'set escape\' -s "[Fail2Ban] j-mail-buffered: Summary" root\nrm /var/run/fail2ban/tmp-mail.txt\nfi' Set actionunban = '' Set norestored = True Set name = 'j-mail-buffered' Set actname = 'mail-buffered' Set lines = '5' Set tmpfile = '/var/run/fail2ban/tmp-mail.txt' Set dest = 'root' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-mail-buffered - mail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: started on build-3-17-aarch64.local" root` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary from build-3-17-aarch64.local" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: stopped on build-3-17-aarch64.local" root` Loading configs for action.d/ipfw under config Reading configs for action.d/ipfw under config Reading config files: config/action.d/ipfw.conf Loading files: ['config/action.d/ipfw.conf'] Loading files: ['config/action.d/ipfw.conf'] Creating new jail 'j-ipfw' Jail 'j-ipfw' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-ipfw')) Created FilterPoll(Jail('j-ipfw')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = '' Set actioncheck = '' Set actionban = 'ipfw add unreach port tcp from to 127.0.0.1 ssh' Set actionunban = 'ipfw delete `ipfw list | grep -i "[^0-9][^0-9]" | awk \'{print $1;}\'`' Set name = 'j-ipfw' Set actname = 'ipfw' Set port = 'ssh' Set localhost = '127.0.0.1' Set blocktype = 'unreach port' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-mail-buffered - mail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: started on build-3-17-aarch64.local" root` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary from build-3-17-aarch64.local" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: stopped on build-3-17-aarch64.local" root` # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === Loading configs for action.d/sendmail-buffered under config Reading configs for action.d/sendmail-buffered under config Reading config files: config/action.d/sendmail-buffered.conf Loading files: ['config/action.d/sendmail-buffered.conf'] Loading files: ['config/action.d/sendmail-common.conf', 'config/action.d/sendmail-buffered.conf'] Creating new jail 'j-sendmail-buffered' Jail 'j-sendmail-buffered' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-sendmail-buffered')) Created FilterPoll(Jail('j-sendmail-buffered')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = 'printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-buffered has been started successfully.\\n\nOutput will be buffered until 5 lines are available.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actionstop = 'if [ -f /var/run/fail2ban/tmp-mail.txt ]; then\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"\nrm /var/run/fail2ban/tmp-mail.txt\nfi\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThe jail j-sendmail-buffered has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"' Set actioncheck = '' Set actionban = 'printf %b "`date`: ( failures)\\n" >> /var/run/fail2ban/tmp-mail.txt\nLINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk \'{ print $1 }\' )\nif [ $LINE -ge 5 ]; then\nprintf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from \nFrom: Fail2Ban \nTo: root\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat /var/run/fail2ban/tmp-mail.txt`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"\nrm /var/run/fail2ban/tmp-mail.txt\nfi' Set actionunban = '' Set norestored = True Set name = 'j-sendmail-buffered' Set actname = 'sendmail-buffered' Set mailcmd = '/usr/sbin/sendmail -f "" ""' Set dest = 'root' Set sender = 'fail2ban' Set sendername = 'Fail2Ban' Set lines = '5' Set tmpfile = '/var/run/fail2ban/tmp-mail.txt' Creating new jail 'DummyJail' # ================================================== # == j-osx-afctl - osx-afctl == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/usr/libexec/afctl -a 192.0.2.1 -t 600` # === unban ipv4 === exec-cmd: `/usr/libexec/afctl -r 192.0.2.1` # === ban ipv6 === exec-cmd: `/usr/libexec/afctl -a 2001:db8:: -t 600` # === unban ipv6 === exec-cmd: `/usr/libexec/afctl -r 2001:db8::` # === stop === # ================================================== # == j-sendmail-common - sendmail-common == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-common: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-common has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-nsupdate - nsupdate == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv4 === exec-cmd: `echo 192.0.2.1 | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === ban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". 60 IN TXT \"Your IP has been banned\""; print "send"}' | /usr/bin/nsupdate -k ` # === unban ipv6 === exec-cmd: `echo 2001:db8:: | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | /usr/bin/nsupdate -k ` # === stop === # ================================================== # == j-symbiosis-blacklist-allports - symbiosis-blacklist-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -I blacklist 1 -s 192.0.2.1 -j DROP` # === unban ipv4 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/192.0.2.1.auto` exec-cmd: `iptables -w -D blacklist -s 192.0.2.1 -j DROP || :` # === ban ipv6 === exec-cmd: `echo 'all' >| /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -I blacklist 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `rm -f /etc/symbiosis/firewall/blacklist.d/2001:db8::.auto` exec-cmd: `ip6tables -w -D blacklist -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable || :` # === stop === # ================================================== # == j-iptables - iptables == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables || true; iptables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables || true; ip6tables -w -A f2b-j-iptables -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto --dport ssh -j f2b-j-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport ssh -j f2b-j-iptables; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables` exec-cmd: `iptables -w -X f2b-j-iptables` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto --dport ssh -j f2b-j-iptables` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables` exec-cmd: `ip6tables -w -X f2b-j-iptables` # ================================================== # == j-cloudflare-token - cloudflare-token == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip&configuration.value=192.0.2.1" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 192.0.2.1 cannot be found using target ip"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === ban ipv6 === exec-cmd: `curl -s -X POST "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare-token"}'` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules?mode=block¬es=Fail2Ban j-cloudflare-token&configuration.target=ip6&configuration.value=2001:db8::" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \` exec-cmd: `| tr -d ' "' \` exec-cmd: `| head -n 1)` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare-token: id for 2001:db8:: cannot be found using target ip6"; exit 0; fi; \` exec-cmd: `curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules/$id" \` exec-cmd: `-H "Authorization: Bearer " -H "Content-Type: application/json" \` exec-cmd: `--data '{"cascade": "none"}'` # === stop === # ================================================== # == j-apprise - apprise == # ================================================== # === start === exec-cmd: `printf %b "The jail j-apprise as been started successfully." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: started on `uname -n`"` # === ban-ipv4 === exec-cmd: `printf %b "The IP 192.0.2.1 has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 192.0.2.1 from `uname -n`"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "The IP 2001:db8:: has just been banned by Fail2Ban after 0 attempts against j-apprise" | apprise -c "/etc/fail2ban/apprise.conf" -n "warning" -t "[Fail2Ban] j-apprise: banned 2001:db8:: from `uname -n`"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "The jail j-apprise has been stopped." | apprise -c "/etc/fail2ban/apprise.conf" -t "[Fail2Ban] j-apprise: stopped on `uname -n`"` # ================================================== # == j-sendmail-geoip-lines - sendmail-geoip-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n` exec-cmd: `http://bgp.he.net/ip/192.0.2.1` exec-cmd: `http://www.projecthoneypot.org/ip_192.0.2.1` exec-cmd: `http://whois.domaintools.com/192.0.2.1\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "192.0.2.1" | cut -d':' -f2-`` exec-cmd: `hostname: None\n\n` exec-cmd: `Lines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-geoip-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n` exec-cmd: `http://bgp.he.net/ip/2001:db8::` exec-cmd: `http://www.projecthoneypot.org/ip_2001:db8::` exec-cmd: `http://whois.domaintools.com/2001:db8::\n\n` exec-cmd: `Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "2001:db8::" | cut -d':' -f2-`` exec-cmd: `hostname: 2001:db8::\n\n` exec-cmd: `Lines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-geoip-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-geoip-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-cloudflare - cloudflare == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip","value":"192.0.2.1"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv4 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=192.0.2.1&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 192.0.2.1 cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === ban ipv6 === exec-cmd: `curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `-d '{"mode":"block","configuration":{"target":"ip6","value":"2001:db8::"},"notes":"Fail2Ban j-cloudflare"}' \` exec-cmd: `https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules` # === unban ipv6 === exec-cmd: `id=$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' \` exec-cmd: `"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip6&configuration_value=2001:db8::&page=1&per_page=1¬es=Fail2Ban%20j-cloudflare" \` exec-cmd: `| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })` exec-cmd: `if [ -z "$id" ]; then echo "j-cloudflare: id for 2001:db8:: cannot be found"; exit 0; fi;` exec-cmd: `curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' -H 'Content-Type: application/json' "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id"` # === stop === # ================================================== # == j-firewallcmd-rich-rules - firewallcmd-rich-rules == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-npf - npf == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `/sbin/npfctl table fail2ban add 192.0.2.1` # === unban ipv4 === exec-cmd: `/sbin/npfctl table fail2ban rem 192.0.2.1` # === ban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban add 2001:db8::` # === unban ipv6 === exec-cmd: `/sbin/npfctl table fail2ban rem 2001:db8::` # === stop === # ================================================== # == j-dummy - dummy == # ================================================== # === start === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then touch /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `printf %b "123\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- started"` # === ban-ipv4 === exec-cmd: `printf %b "+192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"` # === unban ipv4 === exec-cmd: `printf %b "-192.0.2.1\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"` # === ban ipv6 === exec-cmd: `printf %b "+2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"` # === unban ipv6 === exec-cmd: `printf %b "-2001:db8::\n" >> /var/run/fail2ban/fail2ban.dummy` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"` # === stop === exec-cmd: `if [ ! -z '/var/run/fail2ban/fail2ban.dummy' ]; then rm -f /var/run/fail2ban/fail2ban.dummy; fi;` exec-cmd: `echo "[j-dummy] dummy /var/run/fail2ban/fail2ban.dummy -- stopped"` # ================================================== # == j-iptables-new - iptables-new == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `{ iptables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-iptables-new || true; iptables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `iptables -w -I f2b-j-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `iptables -w -D f2b-j-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `{ ip6tables -w -C f2b-j-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-iptables-new || true; ip6tables -w -A f2b-j-iptables-new -j RETURN; }` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new; }` exec-cmd: `done` exec-cmd: `ip6tables -w -I f2b-j-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `ip6tables -w -D f2b-j-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `iptables -w -F f2b-j-iptables-new` exec-cmd: `iptables -w -X f2b-j-iptables-new` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -m state --state NEW -p $proto --dport ssh -j f2b-j-iptables-new` exec-cmd: `done` exec-cmd: `ip6tables -w -F f2b-j-iptables-new` exec-cmd: `ip6tables -w -X f2b-j-iptables-new` # ================================================== # == j-helpers-common - helpers-common == # ================================================== # === start === exec-cmd: `` # === ban-ipv4 === exec-cmd: `` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `` # ================================================== # == j-firewallcmd-allports - firewallcmd-allports == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `firewall-cmd --direct --add-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === unban ipv4 === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter f2b-j-firewallcmd-allports 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable` # === ban ipv6 === exec-cmd: `firewall-cmd --direct --add-chain ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 1000 -j RETURN` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --add-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === unban ipv6 === exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter f2b-j-firewallcmd-allports 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable` # === stop === exec-cmd: `firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv4 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-rules ipv6 filter f2b-j-firewallcmd-allports` exec-cmd: `firewall-cmd --direct --remove-chain ipv6 filter f2b-j-firewallcmd-allports` # ================================================== # == j-iptables-xt_recent-echo - iptables-xt_recent-echo == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === unban ipv4 === exec-cmd: `echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` # === ban ipv6 === exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `fi` exec-cmd: `echo +2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === unban ipv6 === exec-cmd: `echo -2001:db8:: > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` # === stop === exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo -j REJECT --reject-with icmp-port-unreachable;` exec-cmd: `fi` exec-cmd: `echo / > /proc/net/xt_recent/f2b-j-iptables-xt_recent-echo6` exec-cmd: `if [ `id -u` -eq 0 ];then` exec-cmd: `ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-iptables-xt_recent-echo6 -j REJECT --reject-with icmp6-port-unreachable;` exec-cmd: `fi` # ================================================== # == j-sendmail-whois-lines - sendmail-whois-lines == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: started on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been started successfully.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 192.0.2.1 from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 192.0.2.1 has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 192.0.2.1 :\n"` exec-cmd: `whois 192.0.2.1 || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 192.0.2.1 (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "192.0.2.1" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `( printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: banned 2001:db8:: from build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The IP 2001:db8:: has just been banned by Fail2Ban after` exec-cmd: `0 attempts against j-sendmail-whois-lines.\n\n` exec-cmd: `Here is more information about 2001:db8:: :\n"` exec-cmd: `whois 2001:db8:: || echo "missing whois program";` exec-cmd: `printf %b "\nLines containing failures of 2001:db8:: (max 1000)\n";` exec-cmd: `logpath="/dev/null"; grep -m 1000 -wF "2001:db8::" $logpath | tail -n 1000;` exec-cmd: `printf %b "\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" ) | /usr/sbin/sendmail -f "fail2ban" "root"` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-whois-lines: stopped on build-3-17-aarch64.local` exec-cmd: `Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-whois-lines has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # ================================================== # == j-firewallcmd-rich-logging - firewallcmd-rich-logging == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === unban ipv4 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done` # === ban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === unban ipv6 === exec-cmd: `ports="1:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-firewallcmd-rich-logging' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done` # === stop === # ================================================== # == j-iptables-ipset-proto6 - iptables-ipset-proto6 == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto6 hash:ip timeout 0 ` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ iptables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto6 192.0.2.1 timeout 0` # === unban ipv4 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto6 192.0.2.1` # === ban ipv6 === exec-cmd: `ipset -exist create f2b-j-iptables-ipset-proto66 hash:ip timeout 0 family inet6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `{ ip6tables -w -C INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable; }` exec-cmd: `done` exec-cmd: `ipset -exist add f2b-j-iptables-ipset-proto66 2001:db8:: timeout 0` # === unban ipv6 === exec-cmd: `ipset -exist del f2b-j-iptables-ipset-proto66 2001:db8::` # === stop === exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `iptables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto6 src -j REJECT --reject-with icmp-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto6` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto6` exec-cmd: `for proto in $(echo 'tcp' | sed 's/,/ /g'); do` exec-cmd: `ip6tables -w -D INPUT -p $proto -m multiport --dports ssh -m set --match-set f2b-j-iptables-ipset-proto66 src -j REJECT --reject-with icmp6-port-unreachable` exec-cmd: `done` exec-cmd: `ipset flush f2b-j-iptables-ipset-proto66` exec-cmd: `ipset destroy f2b-j-iptables-ipset-proto66` # ================================================== # == j-mail-buffered - mail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: started on build-3-17-aarch64.local" root` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `\nRegards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: Summary from build-3-17-aarch64.local" root` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Hi,\n` exec-cmd: `The jail j-mail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] j-mail-buffered: stopped on build-3-17-aarch64.local" root` # ================================================== # == j-ipfw - ipfw == # ================================================== # === start === # === ban-ipv4 === exec-cmd: `ipfw add unreach port tcp from 192.0.2.1 to 127.0.0.1 ssh` # === unban ipv4 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]192.0.2.1[^0-9]" | awk '{print $1;}'`` # === ban ipv6 === exec-cmd: `ipfw add unreach port tcp from 2001:db8:: to 127.0.0.1 ssh` # === unban ipv6 === exec-cmd: `ipfw delete `ipfw list | grep -i "[^0-9]2001:db8::[^0-9]" | awk '{print $1;}'`` # === stop === # ================================================== # == j-sendmail-buffered - sendmail-buffered == # ================================================== # === start === exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: started on build-3-17-aarch64.local` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been started successfully.\n` exec-cmd: `Output will be buffered until 5 lines are available.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` # === ban-ipv4 === exec-cmd: `printf %b "`date`: 192.0.2.1 (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-aarch64.local` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv4 === exec-cmd: `` # === ban ipv6 === exec-cmd: `printf %b "`date`: 2001:db8:: (0 failures)\n" >> /var/run/fail2ban/tmp-mail.txt` exec-cmd: `LINE=$( wc -l /var/run/fail2ban/tmp-mail.txt | awk '{ print $1 }' )` exec-cmd: `if [ $LINE -ge 5 ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-aarch64.local` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` # === unban ipv6 === exec-cmd: `` # === stop === exec-cmd: `if [ -f /var/run/fail2ban/tmp-mail.txt ]; then` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: summary from build-3-17-aarch64.local` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `These hosts have been banned by Fail2Ban.\n` exec-cmd: ``cat /var/run/fail2ban/tmp-mail.txt`` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` exec-cmd: `rm /var/run/fail2ban/tmp-mail.txt` exec-cmd: `fi` exec-cmd: `printf %b "Subject: [Fail2Ban] j-sendmail-buffered: stopped on build-3-17-aarch64.local` exec-cmd: `From: Fail2Ban ` exec-cmd: `To: root\n` exec-cmd: `Hi,\n` exec-cmd: `The jail j-sendmail-buffered has been stopped.\n` exec-cmd: `Regards,\n` exec-cmd: `Fail2Ban" | /usr/sbin/sendmail -f "fail2ban" "root"` Loading configs for action.d/dshield under config Reading configs for action.d/dshield under config Reading config files: config/action.d/dshield.conf Loading files: ['config/action.d/dshield.conf'] Loading files: ['config/action.d/dshield.conf'] Creating new jail 'j-dshield' Jail 'j-dshield' uses poller {} Setting usedns = warn for FilterPoll(Jail('j-dshield')) Created FilterPoll(Jail('j-dshield')) Created FilterPoll Initiated 'polling' backend Created Set actionstart = '' Set actionstop = 'if [ -f /var/run/fail2ban/tmp-dshield.buffer ]; then\ncat /var/run/fail2ban/tmp-dshield.buffer | mail -E \'set escape\' -s "FORMAT DSHIELD USERID 0 TZ `date +%z | sed \'s/\\([+-]..\\)\\(..\\)/\\1:\\2/\'` Fail2Ban" reports@dshield.org\ndate +%s > /var/run/fail2ban/tmp-dshield.lastsent\nfi\nrm -f /var/run/fail2ban/tmp-dshield.buffer /var/run/fail2ban/tmp-dshield.first' Set actioncheck = '' Set actionban = 'TZONE=`date +%z | sed \'s/\\([+-]..\\)\\(..\\)/\\1:\\2/\'`\nDATETIME="`perl -e \'@t=localtime(