diff options
author | Duncan Bellamy <dunk@denkimushi.com> | 2020-10-25 13:46:26 +0000 |
---|---|---|
committer | Duncan Bellamy <dunk@denkimushi.com> | 2023-03-08 09:17:13 +0000 |
commit | 9997807fb329b6c850e9c5ecb5564a234050763d (patch) | |
tree | 5062f3d974e1e6aec5555c45a19f928ec2742588 | |
parent | 234660e94d0b887aef8ae11d7826420de30a9bef (diff) | |
download | fail2ban-9997807fb329b6c850e9c5ecb5564a234050763d.tar.gz |
Add action for mikrotik routerOS
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | config/action.d/mikrotik.conf | 79 |
2 files changed, 86 insertions, 0 deletions
@@ -293,7 +293,14 @@ ver. 0.11.2 (2020/11/23) - heal-the-world-with-security-tools * fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh-2791; * extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag prefix `<F-TUPLE_`, that would combine value of `<F-V>` with all value of `<F-TUPLE_V?_n?>` tags (gh-2755) +<<<<<<< HEAD +======= +* `actioncheck` behavior is changed now (gh-488), so invariant check as well as restore or repair + of sane environment (in case of recognized unsane state) would only occur on action errors (e. g. + if ban or unban operations are exiting with other code as 0) +* new action for mikrotik routerOS, adds and removes entries from address lists on the router +>>>>>>> Add action for mikrotik routerOS ver. 0.11.1 (2020/01/11) - this-is-the-way ----------- diff --git a/config/action.d/mikrotik.conf b/config/action.d/mikrotik.conf new file mode 100644 index 00000000..91e587aa --- /dev/null +++ b/config/action.d/mikrotik.conf @@ -0,0 +1,79 @@ +# Fail2Ban configuration file +# +# Mikrotik routerOS action to add/remove address-list entries +# +# Author: Duncan Bellamy <dunk@denkimushi.com> +# based on forum.mikrotik.com post by pakjebakmeel +# +# in the instructions: +# (10.0.0.1 is ip of mikrotik router) +# (10.0.0.2 is ip of fail2ban machine) +# +# on fail2ban machine: +# sudo mkdir /var/lib/fail2ban/ssh +# sudo chmod 700 /var/lib/fail2ban/ssh +# sudo ssh-keygen -N "" -f /var/lib/fail2ban/ssh/fail2ban_id_rsa +# sudo scp /var/lib/fail2ban/ssh/fail2ban_id_rsa.pub admin@10.0.0.1:/ +# ssh admin@10.0.0.1 +# +# on mikrotik router: +# /user add name=miki-f2b group=write address=10.0.0.2 password="" +# /user ssh-keys import public-key-file=fail2ban_id_rsa.pub user=miki-f2b +# /quit +# +# on fail2ban machine: +# (check password login fails) +# ssh miki-f2b@10.0.0.1 +# (check private key works) +# sudo ssh -i /var/lib/fail2ban/ssh/fail2ban_id_rsa miki-f2b@10.0.0.1 +# +# Then create rules on mikrorik router that use address +# list(s) maintained by fail2ban eg in the forward chain +# drop from address list, or in the forward chain drop +# from address list to server +# +# example extract from jail.local overriding some defaults +# action = mikrotik[mtikkeyfile="%(mkeyfile)s", mtikuser="%(muser)s", mtikhost="%(mhost)s", mtiklistname="%(mlistname)s"] +# +# ignoreip = 127.0.0.1/8 192.168.0.0/24 + +# mkeyfile = /etc/fail2ban/ssh/mykey_id_rsa +# muser = myuser +# mhost = 192.168.0.1 +# mlistname = BAD LIST + +[Definition] + +actionstart = + +actionstop = + +actioncheck = + +actionban = %(mtikcommand)s "/ip firewall address-list add list=\"%(mtiklistname)s\" address=<ip> comment=%(mtikcomment)s" + +actionunban = %(mtikcommand)s "/ip firewall address-list remove [find list=\"%(mtiklistname)s\" comment=%(mtikcomment)s]" + +mtikcommand = ssh -l %(mtikuser)s -p%(mtikport)s -i %(mtikkeyfile)s %(mtikhost)s + +# Option: mktikuser +# Notes.: username to use when connecting to routerOS +mtikuser = +# Option: mtikport +# Notes.: port to use when connecting to routerOS +mtikport = 22 +# Option: mtikkeyfile +# Notes.: ssh private key to use for connecting to routerOS +mtikkeyfile = +# Option: mtikhost +# Notes.: hostname or ip of router +mtikhost = +# Option: mtiklistname +# Notes.: name of "address-list" to use on router +mtiklistname = Auto Fail2Ban +# Option: mtikcomment +# Notes.: comment to use on routerOS (must be unique as used for ip address removal) +mtikcomment = AutoF2B-<name>-<ip> + +[Init] +name="%(__name__)s" |