From b81e45174b03df2bf666a30c3a4fbe256d055dd8 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 3 May 2013 00:03:59 +0200 Subject: [PATCH] Use a custom sendmail conf to only send a mail on ban --- .../templates/etc/fail2ban/jail.conf/30Service10ssh | 2 +- .../etc/fail2ban/jail.conf/30Service15dovecot | 2 +- .../etc/fail2ban/jail.conf/30Service20qpsmtpd | 2 +- .../etc/fail2ban/jail.conf/30Service25httpd | 8 ++++---- .../templates/etc/fail2ban/jail.conf/30Service30pam | 5 ++++- .../etc/fail2ban/jail.conf/30Service35SOGo | 2 +- .../etc/fail2ban/jail.conf/30Service40LemonLDAPNG | 2 +- root/etc/fail2ban/action.d/smeserver-sendmail.conf | 21 +++++++++++++++++++++ 8 files changed, 34 insertions(+), 10 deletions(-) create mode 100644 root/etc/fail2ban/action.d/smeserver-sendmail.conf diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh index 67c5192..cdf8491 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh @@ -12,7 +12,7 @@ logpath = /var/log/sshd/current action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=SSH,dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=SSH,dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot index 499d478..a0f7b94 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot @@ -18,7 +18,7 @@ logpath = /var/log/dovecot/current action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=Dovecot,dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=Dovecot,dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd index b643f13..5959c91 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd @@ -20,7 +20,7 @@ action = smeserver[port="$port",protocol=tcp,bantime=$bantime] maxretry = $max EOF -$OUT .= " sendmail[name=\"Qpsmtpd\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"Qpsmtpd\",dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd index 877b524..6c832cd 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd @@ -16,7 +16,7 @@ logpath = /var/log/httpd/error_log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"Apache (overflows)\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"Apache (overflows)\",dest=$maildest]\n" if ($mail eq 'enabled'); $OUT .=<<"EOF"; @@ -28,7 +28,7 @@ logpath = /var/log/httpd/error_log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"Apache (noscript)\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"Apache (noscript)\",dest=$maildest]\n" if ($mail eq 'enabled'); $OUT .=<<"EOF"; @@ -40,7 +40,7 @@ logpath = /var/log/httpd/error_log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"Apache (scan)\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"Apache (scan)\",dest=$maildest]\n" if ($mail eq 'enabled'); $OUT .=<<"EOF"; @@ -52,6 +52,6 @@ logpath = /var/log/httpd/error_log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"Apache (auth)\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"Apache (auth)\",dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam index 4590791..faabc54 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service30pam @@ -4,4 +4,7 @@ enabled = true filter = pam-generic logpath = /var/log/secure action = smeserver[bantime={"$bantime"}] - +{ +$OUT .= " smeserver-sendmail[name=SSH,dest=$maildest]\n" + if ($mail eq 'enabled'); +} diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo index f361cc5..acb62f0 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo @@ -16,7 +16,7 @@ logpath = /var/log/sogo/sogo.log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"SOGo\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"SOGo\",dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG index 33c8292..d3e1c3a 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG @@ -16,7 +16,7 @@ logpath = /var/log/messages action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=\"LemonLDAP::NG\",dest=$maildest]\n" +$OUT .= " smeserver-sendmail[name=\"LemonLDAP::NG\",dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/fail2ban/action.d/smeserver-sendmail.conf b/root/etc/fail2ban/action.d/smeserver-sendmail.conf new file mode 100644 index 0000000..887069b --- /dev/null +++ b/root/etc/fail2ban/action.d/smeserver-sendmail.conf @@ -0,0 +1,21 @@ + +[Definition] + +actionstart = +actionstop = +actioncheck = +actionban = printf %%b "Subject: [Fail2Ban] : banned + From: Fail2Ban <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f +actionunban = + +[Init] +name = default +dest = root +sender = fail2ban +