Fixes
This commit is contained in:
parent
09d0a54db3
commit
25376cfb75
1 changed files with 28 additions and 29 deletions
|
|
@ -12,6 +12,7 @@ exports.MAIN = {
|
||||||
GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here.
|
GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here.
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates a report submission to AbuseIPDB.
|
* Generates a report submission to AbuseIPDB.
|
||||||
* @param {Object} logData
|
* @param {Object} logData
|
||||||
|
|
@ -37,8 +38,8 @@ exports.MAIN = {
|
||||||
* @param {string|null} serverName
|
* @param {string|null} serverName
|
||||||
* @returns {string} A formatted string report.
|
* @returns {string} A formatted string report.
|
||||||
*/
|
*/
|
||||||
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => {
|
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
|
||||||
return `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
|
`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
|
||||||
Source port: ${spt || 'N/A'}
|
Source port: ${spt || 'N/A'}
|
||||||
TTL: ${ttl || 'N/A'}
|
TTL: ${ttl || 'N/A'}
|
||||||
Packet length: ${len || 'N/A'}
|
Packet length: ${len || 'N/A'}
|
||||||
|
|
@ -46,33 +47,31 @@ TOS: ${tos || 'N/A'}
|
||||||
|
|
||||||
This report was generated by:
|
This report was generated by:
|
||||||
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
|
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
|
||||||
};
|
|
||||||
|
|
||||||
// See: https://www.abuseipdb.com/categories
|
// See: https://www.abuseipdb.com/categories
|
||||||
exports.DETERMINE_CATEGORIES = (proto, dpt) => {
|
const categories = {
|
||||||
const categories = {
|
TCP: {
|
||||||
TCP: {
|
22: '14,22,18', // Port Scan | SSH | Brute-Force
|
||||||
22: '14,22,18', // Port Scan | SSH | Brute-Force
|
80: '14,21', // Port Scan | Web App Attack
|
||||||
80: '14,21', // Port Scan | Web App Attack
|
443: '14,21', // Port Scan | Web App Attack
|
||||||
443: '14,21', // Port Scan | Web App Attack
|
8080: '14,21', // Port Scan | Web App Attack
|
||||||
8080: '14,21', // Port Scan | Web App Attack
|
25: '14,11', // Port Scan | Email Spam
|
||||||
25: '14,11', // Port Scan | Email Spam
|
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
|
||||||
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
|
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
||||||
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
23: '14,15,18', // Port Scan | Hacking | Brute-Force
|
||||||
23: '14,15,18', // Port Scan | Hacking | Brute-Force
|
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
|
||||||
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
|
3306: '14,16', // Port Scan | SQL Injection
|
||||||
3306: '14,16', // Port Scan | SQL Injection
|
6666: '14,8', // Port Scan | Fraud VoIP
|
||||||
6666: '14,8', // Port Scan | Fraud VoIP
|
6667: '14,8', // Port Scan | Fraud VoIP
|
||||||
6667: '14,8', // Port Scan | Fraud VoIP
|
6668: '14,8', // Port Scan | Fraud VoIP
|
||||||
6668: '14,8', // Port Scan | Fraud VoIP
|
6669: '14,8', // Port Scan | Fraud VoIP
|
||||||
6669: '14,8', // Port Scan | Fraud VoIP
|
9999: '14,6', // Port Scan | Ping of Death
|
||||||
9999: '14,6', // Port Scan | Ping of Death
|
},
|
||||||
},
|
UDP: {
|
||||||
UDP: {
|
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
||||||
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
123: '14,17', // Port Scan | Spoofing
|
||||||
123: '14,17', // Port Scan | Spoofing
|
},
|
||||||
},
|
};
|
||||||
};
|
|
||||||
|
|
||||||
return categories[proto]?.[dpt] || '14'; // Port Scan
|
exports.DETERMINE_CATEGORIES = (proto, dpt) => categories[proto]?.[dpt] || '14'; // Default: Port Scan
|
||||||
};
|
|
||||||
Loading…
Add table
Reference in a new issue