tuklusan · October 21, 2016 15:16
diff --git a/jail.local b/jail.local
 # /etc/fail2ban/jail.local
 # solaris 11 openindiana
 # See http://supratim-sanyal.blogspot.com/2016/09/fail2ban-intrusion-prevention-on.html for details

 [DEFAULT]
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 # ban a host which matches an address in this list. Several addresses can be
 # defined using space separator.
 # Whitelist private IPs, blocklist.de IPs and Uptime Robot IPs
 # ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
 ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 138.69.160.1 64.137.248.161 89.149.254.157 89.149.237.105 89.149.242.40 80.67.29.225 80.67.16.214 78.46.95.41 89.149.201.23 85.181.13.140 178.63.159.40 78.46.91.247 78.46.91.239 69.162.124.226 69.162.124.227 69.162.124.228 69.162.124.229 69.162.124.230 69.162.124.231 69.162.124.232 69.162.124.233 69.162.124.234 69.162.124.235 69.162.124.236 69.162.124.237 69.162.124.238 46.137.190.132 122.248.234.23 188.226.183.141 178.62.52.237 54.79.28.129 54.94.142.218 104.131.107.63 54.67.10.127 54.64.67.106 159.203.30.41 46.101.250.135 108.31.82.24

 # Adjust the following, replacing the angle brackets, according to your fail2ban server setup at blocklist.de
 dest = <[email protected]> [email protected]
 sender = <[email protected]>
 sendername = Fail2Ban.Solaris
 blocklist_de_apikey = <THE 10-DIGIT HEX API-KEY FROM SERVER AT BLOCKLIST.DE ACCOUNT>

 # default ban for 2 days, same as blocklist.de. In seconds.
 bantime = 172800

 # A host is banned if it has generated "maxretry" during the last "findtime"
 # 30 mins, in seconds.
 findtime  = 1800

 # "maxretry" is the number of failures before a host get banned.
 maxretry = 3

 usedns = warn

 [ssh-tcpwrapper]
 enabled     = true
 logpath     = /var/adm/auth.log
 filter      = sshd
 action      = ipfilter[name=SSHD, port=22, protocol=tcp]
              mail-whois-lines[name=SSHD]
              blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
	# /etc/fail2ban/jail.local
	# solaris 11 openindiana
	# See http://supratim-sanyal.blogspot.com/2016/09/fail2ban-intrusion-prevention-on.html for details

	[DEFAULT]
	# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
	# ban a host which matches an address in this list. Several addresses can be
	# defined using space separator.
	# Whitelist private IPs, blocklist.de IPs and Uptime Robot IPs
	# ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
	ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 138.69.160.1 64.137.248.161 89.149.254.157 89.149.237.105 89.149.242.40 80.67.29.225 80.67.16.214 78.46.95.41 89.149.201.23 85.181.13.140 178.63.159.40 78.46.91.247 78.46.91.239 69.162.124.226 69.162.124.227 69.162.124.228 69.162.124.229 69.162.124.230 69.162.124.231 69.162.124.232 69.162.124.233 69.162.124.234 69.162.124.235 69.162.124.236 69.162.124.237 69.162.124.238 46.137.190.132 122.248.234.23 188.226.183.141 178.62.52.237 54.79.28.129 54.94.142.218 104.131.107.63 54.67.10.127 54.64.67.106 159.203.30.41 46.101.250.135 108.31.82.24

	# Adjust the following, replacing the angle brackets, according to your fail2ban server setup at blocklist.de
	dest = <[email protected]> [email protected]
	sender = <[email protected]>
	sendername = Fail2Ban.Solaris
	blocklist_de_apikey = <THE 10-DIGIT HEX API-KEY FROM SERVER AT BLOCKLIST.DE ACCOUNT>

	# default ban for 2 days, same as blocklist.de. In seconds.
	bantime = 172800

	# A host is banned if it has generated "maxretry" during the last "findtime"
	# 30 mins, in seconds.
	findtime = 1800

	# "maxretry" is the number of failures before a host get banned.
	maxretry = 3

	usedns = warn

	[ssh-tcpwrapper]
	enabled = true
	logpath = /var/adm/auth.log
	filter = sshd
	action = ipfilter[name=SSHD, port=22, protocol=tcp]
	mail-whois-lines[name=SSHD]
	blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]