exports.MAIN = { // This server UFW_LOG_FILE: '/var/log/ufw.log', CACHE_FILE: '/tmp/ufw-abuseipdb-reporter.cache', SERVER_ID: null, // The server name that will be visible in the reports (e.g., 'homeserver1'). If you don't want to define it, leave the value as null. IP_REFRESH_INTERVAL: 5 * 60 * 1000, // How often should (every 5 minutes) the script check the server's IP address to avoid accidental self-reports? // Reporting ABUSEIPDB_API_KEY: '', // Secret API key for AbuseIPDB. IP_REPORT_COOLDOWN: 12 * 60 * 60 * 1000, // The minimum time (12 hours) that must pass before reporting the same IP address again. // Automatic updates AUTO_UPDATE_SCHEDULE: '0 18 * * *', // Schedule for automatic script updates (CRON format). Default: every day at 18:00 AUTO_UPDATE_ENABLED: true, // Do you want the script to automatically update to the latest version using 'git pull'? (true = enabled, false = disabled) }; /** * Generates a report submission to AbuseIPDB. * @param {Object} logData * @param {string|null} logData.timestamp * @param {string|null} logData.In * @param {string|null} logData.Out * @param {string|null} logData.srcIp * @param {string|null} logData.dstIp * @param {string|null} logData.res * @param {string|null} logData.tos * @param {string|null} logData.prec * @param {string|null} logData.ttl * @param {string|null} logData.id * @param {string|null} logData.proto * @param {string|null} logData.spt * @param {string|null} logData.dpt * @param {string|null} logData.len * @param {string|null} logData.urgp * @param {string|null} logData.mac * @param {string|null} logData.window * @param {boolean} logData.syn * @param {string|null} fullLog * @param {string|null} serverName * @returns {string} A formatted string report. */ exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}] Source port: ${spt || 'N/A'} TTL: ${ttl || 'N/A'} Packet length: ${len || 'N/A'} TOS: ${tos || 'N/A'} This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙 // Alternative version: // exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => // `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // See: https://www.abuseipdb.com/categories const categories = { TCP: { 22: '14,22,18', // Port Scan | SSH | Brute-Force 80: '14,21', // Port Scan | Web App Attack 443: '14,21', // Port Scan | Web App Attack 8080: '14,21', // Port Scan | Web App Attack 25: '14,11', // Port Scan | Email Spam 21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force 53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning 23: '14,15,18', // Port Scan | Hacking | Brute-Force 3389: '14,15,18', // Port Scan | Hacking | Brute-Force 3306: '14,16', // Port Scan | SQL Injection 6666: '14,8', // Port Scan | Fraud VoIP 6667: '14,8', // Port Scan | Fraud VoIP 6668: '14,8', // Port Scan | Fraud VoIP 6669: '14,8', // Port Scan | Fraud VoIP 9999: '14,6', // Port Scan | Ping of Death }, UDP: { 53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning 123: '14,17', // Port Scan | Spoofing }, }; exports.DETERMINE_CATEGORIES = ({ proto, dpt }) => categories[proto]?.[dpt] || '14'; // Default: Port Scan