Merge 0d6ce7c into 7f185a8

fail2ban · Feb 1, 2021 · 5f551af · 5f551af
2 parents 7f185a8 + 0d6ce7c
commit 5f551af
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/config/action.d/xarf-login-attack.conf b/config/action.d/xarf-login-attack.conf
@@ -49,18 +49,25 @@ actionban = oifs=${IFS};
             IFS=${oifs}
             IP=<ip>
             FROM=<sender>
+            BCC=<bcc>
+            DONTSEND=<dontsend>
             SERVICE=<service>
             FAILURES=<failures>
             REPORTID=<time>@<fq-hostname>
             TLP=<tlp>
             PORT=<port>
             DATE=`LC_ALL=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
             if [ ! -z "$ADDRESSES" ]; then
-                oifs=${IFS}; IFS=,; ADDRESSES=$(echo $ADDRESSES)
-                IFS=${oifs}
+                if [ ! -z "$DONTSEND" ]; then
+                    for ckaddr in "${DONTSEND[@]}"; do
+                        if [[ "$ADDRESSES" == *"$ckaddr"* ]]; then
+                           exit 0   
+                        fi
+                    done
+                 fi
                 (printf -- %%b "<header>\n<message>\n<report>\n\n";
                  date '+Note: Local timezone is %%z (%%Z)';
-                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES
+                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES $BCC
             fi
 
 actionunban =
@@ -141,3 +148,11 @@ sender = fail2ban@<fq-hostname>
 # Notes.:  This is the port number that received the login-attack
 port = 0
 
+# Option:  bcc
+# Notes:   Allows the user to specify a user to receive a copy of the email
+bcc =
+
+# Option:  dontsend
+# Notes:   Array of abuse emails to ignore.  Eg.
+# dontsend = ('email@one.com' 'email@two.com' 'email@three.com')
+dontsend =