diff options
author | Juliano Jeziorny <djkadu@gmail.com> | 2017-01-19 14:30:25 +0100 |
---|---|---|
committer | Juliano Jeziorny <djkadu@gmail.com> | 2017-01-19 14:30:25 +0100 |
commit | 1fe554dd2508db99c59763753de4df369b0c54b5 (patch) | |
tree | fa3003afde0e6964a0961dbdb43faa86431697d4 /config/action.d/netscaler.conf | |
parent | f8d35a7c9c8b783b6cc40ef13c0462a5ad8dcaf0 (diff) | |
download | fail2ban-1fe554dd2508db99c59763753de4df369b0c54b5.tar.gz |
Introduced Citrix Netscaler action
Diffstat (limited to 'config/action.d/netscaler.conf')
-rw-r--r-- | config/action.d/netscaler.conf | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/config/action.d/netscaler.conf b/config/action.d/netscaler.conf new file mode 100644 index 00000000..87f7e7bf --- /dev/null +++ b/config/action.d/netscaler.conf @@ -0,0 +1,33 @@ +# Fail2ban Citrix Netscaler Action +# by Juliano Jeziorny +# juliano@jeziorny.eu +# +# The script will add offender IPs to a dataset on netscaler, the dataset can then be used to block the IPs at a cs/vserver or global level +# This dataset is then used to block IPs using responder policies on the netscaler. +# +# The script assumes using HTTPS with unsecure certificate to access the netscaler, +# if you have a valid certificate installed remove the -k from the curl lines, or if you want http change it accordingly (and remove the -k) +# +# This action depends on curl +# +# You need to populate the 3 options inside Init +# +# ns_host: IP or hostname of netslcaer appliance +# ns_auth: username:password, suggest base64 encoded for a little added security (echo -n "username:password" | base64) +# ns_dataset: Name of the netscaler dataset holding the IPs to be blocked. +# +# For further details on how to use it please check http://blog.ckzone.eu/2017/01/fail2ban-action-for-citrix-netscaler.html + +[Init] +ns_host = +ns_auth = +ns_dataset = + +[Definition] +actionstart = curl -kH 'Authorization: Basic <ns_auth>' https://<ns_host>/nitro/v1/config + +actioncheck = + +actionban = curl -k -H 'Authorization: Basic <ns_auth>' -X PUT -d '{"policydataset_value_binding":{"name":"<ns_dataset>","value":"<ip>"}}' https://<ns_host>/nitro/v1/config/ + +actionunban = curl -H 'Authorization: Basic <ns_auth>' -X DELETE -k "https://<ns_host>/nitro/v1/config/policydataset_value_binding/<ns_dataset>?args=value:<ip>" |