我想在 fail2ban(Debian Jessie)中创建自动报告给 abuseipdb.com。
这是我的/etc/fail2ban/action.d/abuseipdb.conf
:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = curl --data 'key=<apikey>' --data 'category=<category>' --data 'ip=<ip>' --data-urlencode 'comment=<matches>' --user-agent 'fail2ban v0.8.12' 'https://www.abuseipdb.com/report/json'
actionunban =
[Init]
apikey = xxxx
我编辑了我的/etc/fail2ban/jail.conf
:
...
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
[ssh-iptables-ipset4]
enabled = true
port = ssh
filter = sshd
banaction = iptables-ipset-proto4
abuseipdb[category=18]
logpath = /var/log/auth.log
maxretry = 3
...
但它没有正确报告。有人能帮我修复配置吗?
答案1
此配置适用于 fail2ban 0.9.5。我从 SID 安装它。步骤如下:安装所有依赖包:
# apt-get install gamin systemd python-pyinotify python-dnspython python3-pyinotify
直接从主池中的 SID 下载 fail2ban 0.9.5-1 安装程序http://ftp.us.debian.org/debian/pool/main/f/fail2ban/fail2ban_0.9.5-1_all.deb
# wget http://ftp.us.debian.org/debian/pool/main/f/fail2ban/fail2ban_0.9.5-1_all.deb
删除现有的 fail2ban 0.8.13
# apt-get --purge remove fail2ban
您现在可以开始安装fail2ban 0.9.5-1
# dpkg -i fail2ban_0.9.5-1_all.deb
我创建了一个笔记来分享上述所有步骤Debian Jessie:从 SID 安装 fail2ban 0.9.5-1