Last active
March 7, 2022 17:15
-
-
Save diegoparrilla/d1869ef58ce3bf551ddfd977283e0c9d to your computer and use it in GitHub Desktop.
Fail2Ban action to notify ThreatJammer.com about the banned and unbanned IP addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Definition] | |
| # Option: actionban | |
| # Notes.: command executed when banning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # | |
| # Tags: See jail.conf(5) man page | |
| # Values: CMD | |
| # | |
| actionban = curl -X 'POST' <threatjammer_url>/v1/ip -H 'accept: application/json' -H 'Authorization: Bearer <threatjammer_apikey>' -H 'Content-Type: application/json' -d '{ "addresses": [ "<ip>" ], "ttl": <threatjammer_ttl>, "type": "<threatjammer_type>", "tags": ["<threatjammer_tag>"] }' | |
| # Option: actionunban | |
| # Notes.: command executed when unbanning an IP. Take care that the | |
| # command is executed with Fail2Ban user rights. | |
| # Tags: See jail.conf(5) man page | |
| # Values: CMD | |
| # | |
| actionunban = curl -X 'POST' <threatjammer_url>/v1/unban/ip -H 'accept: application/json' -H 'Authorization: Bearer <threatjammer_apikey>' -H 'Content-Type: application/json' -d '{ "addresses": [ "<ip>" ] }' | |
| [Init] | |
| # Option: threatjammer_apikey | |
| # Notes Your API key from threatjammer.com | |
| # Values: STRING Default: None | |
| # Signup in [https://threatjammer.com], and get an api key and set below. | |
| threatjammer_apikey = | |
| threatjammer_url = https://dublin.report.threatjammer.com | |
| threatjammer_ttl = 86400 | |
| threatjammer_type = ABUSE | |
| threatjammer_tag = FAIL2BAN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment