Mr.X

# Fail2Ban configuration file
#
# Author: Russell Odom <russ@gloomytrousers.co.uk>
# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/)
#
# You MUST configure at least:
# <port> (the port that's being attacked - use number not name).
# <mnwlogin> (your mNW login).
# <mnwpass> (your mNW password).
#
# You SHOULD also provide:
# <myip> (your public IP address, if it's not the address of eth0)
# <protocol> (the protocol in use - defaults to tcp)
#
# Best practice is to provide <port> and <protocol> in jail.conf like this:
# action = mynetwatchman[port=1234,protocol=udp]
#
# ...and create "mynetwatchman.local" with contents something like this:
# [Init]
# mnwlogin = me@example.com
# mnwpass = SECRET
# myip = 10.0.0.1
#
# Another useful configuration value is <getcmd>, if you don't have wget
# installed (an example config for curl is given below)
#

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
#
# Note: We are currently using <time> for the timestamp because no tag is
# available to indicate the timestamp of the log message(s) which triggered the
# ban. Therefore the timestamps we are using in the report, whilst often only a
# few seconds out, are incorrect. See
# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
#
actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'`
            MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'`
	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
	    DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`
            <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

[Init]
# Option:  port
# Notes.:  The target port for the attack (numerical). MUST be provided in
#          the jail config, as it cannot be detected here.
# Values:  [ NUM ]  Default: ???
#
port = 0

# Option:  mnwlogin
# Notes.:  Your mNW login e-mail address. MUST be provided either in the jail
#          config or in a .local file.
#          Register at http://www.mynetwatchman.com/reg.asp
# Values:  [ STRING ]  Default: (empty)
#
mnwlogin =

# Option:  mnwpass
# Notes.:  The password corresponding to your mNW login e-mail address. MUST be
#          provided either in the jail config or in a .local file.
# Values:  [ STRING ]  Default: (empty)
#
mnwpass =

# Option:  myip
# Notes.:  The target IP for the attack (your public IP). Should be overridden
#          either in the jail config or in a .local file unless your PUBLIC IP
#          is the first IP assigned to eth0
# Values:  [ an IP address ]  Default: Tries to find the IP address of eth0,
#          which in most cases will be a private IP, and therefore incorrect
#
myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`

# Option:  protocol
# Notes.:  The protocol over which the attack is happening
# Values:  [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
#
protocol = tcp

# Option:  agent
# Default: Fail2ban
agent = Fail2ban

# Option:  getcmd
# Notes.:  A command to fetch a URL. Should output page to STDOUT
# Values:  CMD  Default: wget
#
getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=<agent>
# Alternative value:
# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent <agent>

# Option:  srcport
# Notes.:  The source port of the attack. You're unlikely to have this info, so
#          you can leave the default
# Values:  [ NUM ]  Default: 0
#
srcport = 0

# Option:  mnwurl
# Notes.:  The report service URL on the mNW site
# Values:  STRING  Default: http://mynetwatchman.com/insertwebreport.asp
#
mnwurl = http://mynetwatchman.com/insertwebreport.asp

# Option:  tmpfile
# Notes.:  Base name of temporary files
# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-mynetwatchman
#
tmpfile = /var/run/fail2ban/tmp-mynetwatchman

Name	Type	Size	Permission
abuseipdb.conf	File	3.66 KB	0644
apf.conf	File	587 B	0644
apprise.conf	File	1.38 KB	0644
blocklist_de.conf	File	2.65 KB	0644
bsd-ipfw.conf	File	3.15 KB	0644
cloudflare-token.conf	File	2.93 KB	0644
cloudflare.conf	File	2.97 KB	0644
complain.conf	File	4.66 KB	0644
dshield.conf	File	7.5 KB	0644
dummy.conf	File	1.68 KB	0644
firewallcmd-allports.conf	File	1.47 KB	0644
firewallcmd-common.conf	File	2.59 KB	0644
firewallcmd-ipset.conf	File	3.58 KB	0644
firewallcmd-multiport.conf	File	1.24 KB	0644
firewallcmd-new.conf	File	1.85 KB	0644
firewallcmd-rich-logging.conf	File	1021 B	0644
firewallcmd-rich-rules.conf	File	1.71 KB	0644
helpers-common.conf	File	592 B	0644
hostsdeny.conf	File	1.62 KB	0644
ipfilter.conf	File	1.54 KB	0644
ipfw.conf	File	1.47 KB	0644
iptables-allports.conf	File	291 B	0644
iptables-ipset-proto4.conf	File	1.93 KB	0644
iptables-ipset-proto6-allports.conf	File	814 B	0644
iptables-ipset-proto6.conf	File	773 B	0644
iptables-ipset.conf	File	2.52 KB	0644
iptables-multiport-log.conf	File	2.11 KB	0644
iptables-multiport.conf	File	232 B	0644
iptables-new.conf	File	332 B	0644
iptables-xt_recent-echo.conf	File	2.78 KB	0644
iptables.conf	File	4.68 KB	0644
ipthreat.conf	File	4.19 KB	0644
mail-buffered.conf	File	2.44 KB	0644
mail-whois-common.conf	File	1.03 KB	0644
mail-whois-lines.conf	File	2.4 KB	0644
mail-whois.conf	File	1.85 KB	0644
mail.conf	File	1.72 KB	0644
mynetwatchman.conf	File	5.2 KB	0644
netscaler.conf	File	1.46 KB	0644
nftables-allports.conf	File	383 B	0644
nftables-multiport.conf	File	384 B	0644
nftables.conf	File	6.17 KB	0644
nginx-block-map.conf	File	3.92 KB	0644
npf.conf	File	1.49 KB	0644
nsupdate.conf	File	3.16 KB	0644
osx-afctl.conf	File	497 B	0644
osx-ipfw.conf	File	2.25 KB	0644
pf.conf	File	3.66 KB	0644
route.conf	File	1023 B	0644
sendmail-buffered.conf	File	2.74 KB	0644
sendmail-common.conf	File	1.89 KB	0644
sendmail-geoip-lines.conf	File	1.72 KB	0644
sendmail-whois-ipjailmatches.conf	File	1.03 KB	0644
sendmail-whois-ipmatches.conf	File	1.01 KB	0644
sendmail-whois-lines.conf	File	1.27 KB	0644
sendmail-whois-matches.conf	File	1000 B	0644
sendmail-whois.conf	File	950 B	0644
sendmail.conf	File	829 B	0644
shorewall-ipset-proto6.conf	File	3.44 KB	0644
shorewall.conf	File	2.11 KB	0644
smtp.py	File	6.13 KB	0644
symbiosis-blacklist-allports.conf	File	1.47 KB	0644
ufw.conf	File	2.32 KB	0644
xarf-login-attack.conf	File	6.29 KB	0644

Upload:

Command:

Filemanager

Server Info

System Info

User Info