Docker
This commit is contained in:
ale
parent
f61c423ba9
commit
b71876a299
25
docker-compose.yml
Normal file
25
docker-compose.yml
Normal file
@ -0,0 +1,25 @@
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
fail2ban:
|
||||
build: ./fail2ban
|
||||
hostname: fail2ban
|
||||
container_name: fail2ban
|
||||
restart: always
|
||||
entrypoint:
|
||||
- /bin/bash
|
||||
- /etc/fail2ban/entrypoint.sh
|
||||
volumes:
|
||||
- ./fail2ban/entrypoint.sh:/etc/fail2ban/entrypoint.sh
|
||||
ports:
|
||||
- 22:22/tcp
|
||||
networks:
|
||||
mynet:
|
||||
ipv4_address: 172.24.0.101
|
||||
|
||||
networks:
|
||||
mynet:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.24.0.0/24
|
||||
3
fail2ban/Dockerfile
Normal file
3
fail2ban/Dockerfile
Normal file
@ -0,0 +1,3 @@
|
||||
FROM debian:sid-slim
|
||||
RUN apt update && apt -y upgrade && apt -y install fail2ban openssh-server rsyslog && apt clean
|
||||
WORKDIR /etc/fail2ban
|
||||
130
fail2ban/entrypoint.sh
Normal file
130
fail2ban/entrypoint.sh
Normal file
@ -0,0 +1,130 @@
|
||||
#!/bin/bash
|
||||
DOMAIN=hatthieves.es
|
||||
SMTP=smtp.hatthieves.es
|
||||
USER=fail2ban
|
||||
PASS=pass
|
||||
|
||||
echo "#!/bin/bash
|
||||
|
||||
PATH=\"\$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"
|
||||
LANG=\"C\"
|
||||
REMOTE_IP=\"\$1\"
|
||||
SENDER_MAIL=\"\$2\"
|
||||
DEST_MAIL=\"\$3\"
|
||||
LOGFILE=\"\$4\"
|
||||
DATE=\$\(date\)
|
||||
WHOIS_OUTPUT=\$\(whois \$REMOTE_IP\)
|
||||
REVERSE_IP=\$\(echo \$REMOTE_IP | awk 'BEGIN{FS=\".\";ORS=\".\"} {for \(i = NF; i > 0; i--\){print \$i}}'\)
|
||||
LOG_LINES=\$\(grep \$REMOTE_IP \$LOGFILE\)
|
||||
BANNED_IP_PATH=\"/var/tmp/fail2ban_banned_ips\"
|
||||
|
||||
# Skip sending email when an email was already sent out for that IP the last 24hours
|
||||
if ! [ -d \$BANNED_IP_PATH ]; then mkdir \$BANNED_IP_PATH; else find \${BANNED_IP_PATH}/ -mtime +30 -type f -delete; fi
|
||||
if [ -n \"\$\(find \${BANNED_IP_PATH}/\$REMOTE_IP -mtime -1 2>/dev/null\)\" ]; then exit 0; else touch \${BANNED_IP_PATH}/\$REMOTE_IP; fi
|
||||
|
||||
# Get the Abuse email address from Abusix
|
||||
if DNS_REPLY=\$\(host -t TXT \${REVERSE_IP}abuse-contacts.abusix.org\); then
|
||||
ABUSE_ADDR=\$\(echo \$DNS_REPLY | grep -Eio '\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b' | paste -sd \",\"\)
|
||||
fi
|
||||
|
||||
# Send email
|
||||
if [ \$ABUSE_ADDR ]; then
|
||||
#sendmail -t -i -f \$SENDER_MAIL \$ABUSE_ADDR << EOF
|
||||
swaks -f \$SENDER_MAIL -t \"\$ABUSE_ADDR\" --tlsc -au $USER -ap $PASS -s $SMTP -p 465
|
||||
--h-Subject \"[Urgent]: Automatic abuse report for IP address \$REMOTE_IP from $DOMAIN, please read\" --h-From \"Fail2Ban $DOMAIN <\$SENDER_MAIL>\"
|
||||
--h-Bcc \"webmail@$DOMAIN\" --h-To \$ABUSE_ADDR --body
|
||||
\"This is an automatic email abuse report about the IP address \$REMOTE_IP generated at \$DATE, please do not reply.
|
||||
You get this email because you are listed as the official and popular abuse email contact for this concrete IP address.
|
||||
|
||||
The following intrusion attempts were detected by our systems:
|
||||
\$LOG_LINES
|
||||
|
||||
WHOIS report FYI:
|
||||
\$WHOIS_OUTPUT
|
||||
|
||||
Thanks for your time and curiosity... take care with botnets...
|
||||
- ANTIBOTNET SYSTEM -
|
||||
together will do a better and free world :-\)
|
||||
from postmaster@$DOMAIN
|
||||
by www.$DOMAIN\"
|
||||
fi" > fail2ban_abuse_mail.sh
|
||||
|
||||
echo "[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed once at the start of Fail2Ban.
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart = printf %%b \"Subject: [Fail2Ban] <name>: started
|
||||
Date: \`date -u +\"%%a, %%d %%h %%Y %%T +0000\"\`
|
||||
From: Fail2Ban <<sender>>
|
||||
To: <dest>\\n
|
||||
Hi,\\n
|
||||
The jail <name> has been started successfully.\\n
|
||||
Regards,\\n
|
||||
Fail2Ban\" | /usr/sbin/sendmail -f <sender> <dest>
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop = printf %%b \"Subject: [Fail2Ban] <name>: stopped
|
||||
Date: \`date -u +\"%%a, %%d %%h %%Y %%T +0000\"\`
|
||||
From: Fail2Ban <<sender>>
|
||||
To: <dest>\\n
|
||||
Hi,\\n
|
||||
The jail <name> has been stopped.\\n
|
||||
Regards,\\n
|
||||
Fail2Ban\" | /usr/sbin/sendmail -f <sender> <dest>
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck =
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
actionban = /etc/fail2ban/fail2ban_abuse_mail.sh <ip> <sender> <dest> <logpath>
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: <ip> IP address
|
||||
# <failures> number of failures
|
||||
# <time> unix timestamp of the ban time
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban =
|
||||
|
||||
[Init]
|
||||
|
||||
# Defaut name of the chain
|
||||
#
|
||||
name = default
|
||||
|
||||
# Destination/Addressee of the mail
|
||||
#
|
||||
dest = webmaster@$DOMAIN
|
||||
|
||||
# Sender of the mail
|
||||
#
|
||||
sender = fail2ban@$DOMAIN
|
||||
|
||||
# Path to the log files which contain relevant lines for the abuser IP
|
||||
#
|
||||
logpath = /dev/null" > action.d/sendmail-abuse.conf
|
||||
|
||||
echo "[sshd]
|
||||
enabled = true
|
||||
bantime = 10800
|
||||
maxretry = 6
|
||||
ignoreip = $DOMAIN
|
||||
action = hostsdeny
|
||||
sendmail-abuse[name=%(__name__)s, dest=\"%(destemail)s\", logpath=%(logpath)s]" > jail.d/sshd.conf
|
||||
|
||||
/etc/init.d/rsyslog start
|
||||
/etc/init.d/ssh start
|
||||
mkdir -p /var/run/fail2ban
|
||||
/usr/bin/python3 /usr/bin/fail2ban-server -xf start
|
||||
Loading…
Reference in New Issue
Block a user