Inicio Explorar Ayuda
Iniciar sesión
chiappa
/
irdb
espejo de https://git.snix.ch/chiappa/irdb.git
1
0
Fork 0
Archivos Incidencias 0
Árbol: f2dd3fddee
Ramas Etiquetas
irdb
/
examples
/
reporters
/
bash-fail2ban.sh

bash-fail2ban.sh 1.1 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435 
  1. #!/usr/bin/env bash
    2. 

  2. # fail2ban action shim: post the banned IP to IRDB.
    3. 

  3. #
    4. 

  4. # Wire it up by dropping a fail2ban action file in /etc/fail2ban/action.d/:
    5. 

  5. #
    6. 

  6. #     [Definition]
    7. 

  7. #     actionban = /usr/local/bin/irdb-fail2ban.sh <ip> brute_force '{"jail":"<name>"}'
    8. 

  8. #     actionunban = true
    9. 

  9. #
    10. 

  10. #     [Init]
    11. 

  11. #     name = default
    12. 

  12. #
    13. 

  13. # And set IRDB_URL + IRDB_TOKEN in fail2ban's environment (typically
    14. 

  14. # /etc/default/fail2ban or a systemd drop-in).
    15. 

  15. #
    16. 

  16. # This script is intentionally tiny — fail2ban actions execute often,
    17. 

  17. # in restricted environments, and any sleep/retry logic belongs in a
    18. 

  18. # higher layer.
    19. 

  19. set -euo pipefail
    20. 

  20. 

  21. IP="${1:?ip required}"
    22. 

  22. CATEGORY="${2:?category required}"
    23. 

  23. METADATA="${3:-{\}}"
    24. 

  24. 

  25. : "${IRDB_URL:?must be set}"
    26. 

  26. : "${IRDB_TOKEN:?must be set}"
    27. 

  27. 

  28. # Best-effort: 5 second timeout, no retries. fail2ban won't block on
    29. 

  29. # the action; if IRDB is briefly unreachable we lose this report
    30. 

  30. # rather than holding the ban.
    31. 

  31. exec curl -fsS --max-time 5 -X POST \
    32. 

  32.     -H "Authorization: Bearer $IRDB_TOKEN" \
    33. 

  33.     -H "Content-Type: application/json" \
    34. 

  34.     -d "{\"ip\":\"$IP\",\"category\":\"$CATEGORY\",\"metadata\":$METADATA}" \
    35. 

  35.     "$IRDB_URL/api/v1/report" >/dev/null
    36.