Merge branch '0.10' into 0.11

author: sebres <serg.brester@sebres.de> 2019-03-27 13:46:56 +0100
committer: sebres <serg.brester@sebres.de> 2019-03-27 13:46:56 +0100
commit: 17a4f81e238083d48d0be3bbd589b18b7b2d7f3b (patch)
tree: 034e9086c25e0ebd0465c92e88eb76ecbd6f8052 /config/action.d
parent: 7f0bba94ba895561c98ed32692494da9fba565ac (diff)
parent: 320e55b8d5c907225f3ed12bc7113614cc5f0b23 (diff)
download: fail2ban-17a4f81e238083d48d0be3bbd589b18b7b2d7f3b.tar.gz
1 files changed, 22 insertions, 6 deletions
diff --git a/config/action.d/xarf-login-attack.conf b/config/action.d/xarf-login-attack.conf
index 2b135c43..f348b2c4 100644
--- a/config/action.d/xarf-login-attack.conf
+++ b/config/action.d/xarf-login-attack.conf
@@ -41,7 +41,12 @@ actionstop =
 
 actioncheck =
 
-actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
+actionban = oifs=${IFS};
+            RESOLVER_ADDR="%(addr_resolver)s"
+            if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi
+            ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
+            IFS=,; ADDRESSES=$(echo $ADDRESSES)
+            IFS=${oifs}
             IP=<ip>
             FROM=<sender>
             SERVICE=<service>
@@ -51,26 +56,37 @@ actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(di
             PORT=<port>
             DATE=`LC_ALL=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
             if [ ! -z "$ADDRESSES" ]; then
+                oifs=${IFS}; IFS=,; ADDRESSES=$(echo $ADDRESSES)
+                IFS=${oifs}
                 (printf -- %%b "<header>\n<message>\n<report>\n\n";
                  date '+Note: Local timezone is %%z (%%Z)';
-                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> ${ADDRESSES//,/\" \"}
+                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES
             fi
 
 actionunban =
 
-[Init]
+# Server as resolver used in dig command
+#
+addr_resolver = <ip-rev>abuse-contacts.abusix.org
+
+# Option: boundary
+# Notes:  This can be overwritten to be safe for possible predictions
+boundary = bfbb0f920793ac03cb8634bde14d8a1e
+
+_boundary = Abuse<time>-<boundary>
+
 # Option: header
 # Notes:  This is really a fixed value
-header  = Subject: abuse report about $IP - $DATE\nAuto-Submitted: auto-generated\nX-XARF: PLAIN\nContent-Transfer-Encoding: 7bit\nContent-Type: multipart/mixed; charset=utf8;\n  boundary=Abuse-bfbb0f920793ac03cb8634bde14d8a1e;\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8;\n
+header  = Subject: abuse report about $IP - $DATE\nAuto-Submitted: auto-generated\nX-XARF: PLAIN\nContent-Transfer-Encoding: 7bit\nContent-Type: multipart/mixed; charset=utf8;\n  boundary=%(_boundary)s;\n\n--%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8;\n
 
 # Option: footer
 # Notes:  This is really a fixed value and needs to match the report and header
 #         mime delimiters
-footer = \n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e--
+footer = \n\n--%(_boundary)s--
 
 # Option: report
 # Notes:  Intended to be fixed
-report =  --Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8; name=\"report.txt\";\n\n---\nReported-From: $FROM\nCategory: abuse\nReport-ID: $REPORTID\nReport-Type: login-attack\nService: $SERVICE\nVersion: 0.2\nUser-Agent: Fail2ban v0.9\nDate: $DATE\nSource-Type: ip-address\nSource: $IP\nPort: $PORT\nSchema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json\nAttachment: text/plain\nOccurances: $FAILURES\nTLP: $TLP\n\n\n--Abuse-bfbb0f920793ac03cb8634bde14d8a1e\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf8; name=\"logfile.log\";
+report =  --%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8; name=\"report.txt\";\n\n---\nReported-From: $FROM\nCategory: abuse\nReport-ID: $REPORTID\nReport-Type: login-attack\nService: $SERVICE\nVersion: 0.2\nUser-Agent: Fail2ban v0.9\nDate: $DATE\nSource-Type: ip-address\nSource: $IP\nPort: $PORT\nSchema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json\nAttachment: text/plain\nOccurances: $FAILURES\nTLP: $TLP\n\n\n--%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf8; name=\"logfile.log\";
 
 # Option: Message
 # Notes:  This can be modified by the users
author	sebres <serg.brester@sebres.de>	2019-03-27 13:46:56 +0100
committer	sebres <serg.brester@sebres.de>	2019-03-27 13:46:56 +0100
commit	17a4f81e238083d48d0be3bbd589b18b7b2d7f3b (patch)
tree	034e9086c25e0ebd0465c92e88eb76ecbd6f8052 /config/action.d
parent	7f0bba94ba895561c98ed32692494da9fba565ac (diff)
parent	320e55b8d5c907225f3ed12bc7113614cc5f0b23 (diff)
download	fail2ban-17a4f81e238083d48d0be3bbd589b18b7b2d7f3b.tar.gz