thelfensdrfer · August 28, 2016 16:55
diff --git a/jail.local b/jail.local
 #/etc/fail2ban/jail.local

 [DEFAULT]

 action_ban_sec = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                                 sec[name=%(__name__)s]

 action = %(action_ban_sec)s
diff --git a/sec.conf b/sec.conf
 #/etc/fail2ban/action.d/sec.conf

 [Definition]

 actioncheck=
 actionstart =
 actionstop =
 actionban = /bin/bash /etc/fail2ban/sec.sh 1 <ip> <name> <failures> > /dev/null 2>&1
 actionunban = /bin/bash /etc/fail2ban/sec.sh 0 <ip> <name> 0 > /dev/null 2>&1
diff --git a/sec.sh b/sec.sh
 #/etc/fail2ban/sec.sh (chmod a+x sec.sh)

 #!/bin/bash

 set -e

 URL=https://sec.thelfensdrfer.de/api/fail2ban

 BAN=$1
 IP=$2
 JAIL=$3
 ATTEMPTS=$4
 HOST=$(hostname)

 COMMAND="curl -s -X POST -H \"Content-Type: application/json\" -d '{\"ban\": ${BAN}, \"ip\": \"${IP}\", \"jail\": \"${JAIL}\", \"attempts\": ${ATTEMPTS}, \"host\": \"${HOST}\"}' ${URL} > /dev/null"

 eval $COMMAND || exit 1

 exit 0
diff --git a/sec2.sh b/sec2.sh
 #/etc/ssh/sec.sh (chmod a+x sec.sh)


 #!/bin/bash

 set -e

 URL=https://sec.thelfensdrfer.de/api/pamauth

 HOST=$(hostname)

 COMMAND="curl -s -X POST -H \"Content-Type: application/json\" -d '{\"pam_ruser\": \"${PAM_RUSER}\", \"pam_rhost\": \"${PAM_RHOST}\", \"pam_service\": \"${PAM_SERVICE}\", \"pam_tty\": \"${PAM_TTY}\", \"pam_user\": \"${PAM_USER}\", \"pam_type\": \"${PAM_TYPE}\", \"host\": \"${HOST}\"}' ${URL} > /dev/null"

 eval $COMMAND || exit 1

 exit 0
diff --git a/sshd b/sshd
 #/etc/pam.d/sshd

 [...]

 session optional pam_exec.so seteuid /etc/ssh/sec.sh
	#/etc/fail2ban/jail.local

	[DEFAULT]

	action_ban_sec = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
	sec[name=%(__name__)s]

	action = %(action_ban_sec)s
	#/etc/fail2ban/action.d/sec.conf

	[Definition]

	actioncheck=
	actionstart =
	actionstop =
	actionban = /bin/bash /etc/fail2ban/sec.sh 1 <ip> <name> <failures> > /dev/null 2>&1
	actionunban = /bin/bash /etc/fail2ban/sec.sh 0 <ip> <name> 0 > /dev/null 2>&1
	#/etc/fail2ban/sec.sh (chmod a+x sec.sh)

	#!/bin/bash

	set -e

	URL=https://sec.thelfensdrfer.de/api/fail2ban

	BAN=$1
	IP=$2
	JAIL=$3
	ATTEMPTS=$4
	HOST=$(hostname)

	COMMAND="curl -s -X POST -H \"Content-Type: application/json\" -d '{\"ban\": ${BAN}, \"ip\": \"${IP}\", \"jail\": \"${JAIL}\", \"attempts\": ${ATTEMPTS}, \"host\": \"${HOST}\"}' ${URL} > /dev/null"

	eval $COMMAND \|\| exit 1

	exit 0
	#/etc/ssh/sec.sh (chmod a+x sec.sh)


	#!/bin/bash

	set -e

	URL=https://sec.thelfensdrfer.de/api/pamauth

	HOST=$(hostname)

	COMMAND="curl -s -X POST -H \"Content-Type: application/json\" -d '{\"pam_ruser\": \"${PAM_RUSER}\", \"pam_rhost\": \"${PAM_RHOST}\", \"pam_service\": \"${PAM_SERVICE}\", \"pam_tty\": \"${PAM_TTY}\", \"pam_user\": \"${PAM_USER}\", \"pam_type\": \"${PAM_TYPE}\", \"host\": \"${HOST}\"}' ${URL} > /dev/null"

	eval $COMMAND \|\| exit 1

	exit 0
	#/etc/pam.d/sshd

	[...]

	session optional pam_exec.so seteuid /etc/ssh/sec.sh