82 lines
No EOL
3.4 KiB
JavaScript
82 lines
No EOL
3.4 KiB
JavaScript
exports.MAIN = {
|
|
// This server
|
|
UFW_LOG_FILE: '/var/log/ufw.log',
|
|
CACHE_FILE: '/tmp/ufw-abuseipdb-reporter.cache',
|
|
SERVER_ID: null, // The server name that will be visible in the reports (e.g., 'homeserver01'). If you don't want to define it, leave the value as null.
|
|
REFRESHING_IP_ADDRESS: 5 * 60 * 1000, // How often should (every 5 minutes) the script check the server's IP address to avoid accidental self-reports?
|
|
|
|
// Reporting
|
|
ABUSEIPDB_API_KEY: '', // Secret API key for AbuseIPDB.
|
|
IP_REPORT_COOLDOWN: 12 * 60 * 60 * 1000, // The minimum time (12 hours) that must pass before reporting the same IP address again.
|
|
|
|
// Project
|
|
GITHUB_REPO: 'https://github.com/sefinek/UFW-AbuseIPDB-Reporter', // If you are using a fork, provide the link to the forked repository here.
|
|
};
|
|
|
|
|
|
/**
|
|
* Generates a report submission to AbuseIPDB.
|
|
* @param {Object} logData
|
|
* @param {string|null} logData.timestamp
|
|
* @param {string|null} logData.In
|
|
* @param {string|null} logData.Out
|
|
* @param {string|null} logData.srcIp
|
|
* @param {string|null} logData.dstIp
|
|
* @param {string|null} logData.res
|
|
* @param {string|null} logData.tos
|
|
* @param {string|null} logData.prec
|
|
* @param {string|null} logData.ttl
|
|
* @param {string|null} logData.id
|
|
* @param {string|null} logData.proto
|
|
* @param {string|null} logData.spt
|
|
* @param {string|null} logData.dpt
|
|
* @param {string|null} logData.len
|
|
* @param {string|null} logData.urgp
|
|
* @param {string|null} logData.mac
|
|
* @param {string|null} logData.window
|
|
* @param {boolean} logData.syn
|
|
* @param {string|null} fullLog
|
|
* @param {string|null} serverName
|
|
* @returns {string} A formatted string report.
|
|
*/
|
|
exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
|
|
`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]
|
|
Source port: ${spt || 'N/A'}
|
|
TTL: ${ttl || 'N/A'}
|
|
Packet length: ${len || 'N/A'}
|
|
TOS: ${tos || 'N/A'}
|
|
|
|
This report was generated by:
|
|
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
|
|
|
|
// Alternative version:
|
|
// exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
|
|
// `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`;
|
|
|
|
|
|
// See: https://www.abuseipdb.com/categories
|
|
const categories = {
|
|
TCP: {
|
|
22: '14,22,18', // Port Scan | SSH | Brute-Force
|
|
80: '14,21', // Port Scan | Web App Attack
|
|
443: '14,21', // Port Scan | Web App Attack
|
|
8080: '14,21', // Port Scan | Web App Attack
|
|
25: '14,11', // Port Scan | Email Spam
|
|
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
|
|
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
|
23: '14,15,18', // Port Scan | Hacking | Brute-Force
|
|
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
|
|
3306: '14,16', // Port Scan | SQL Injection
|
|
6666: '14,8', // Port Scan | Fraud VoIP
|
|
6667: '14,8', // Port Scan | Fraud VoIP
|
|
6668: '14,8', // Port Scan | Fraud VoIP
|
|
6669: '14,8', // Port Scan | Fraud VoIP
|
|
9999: '14,6', // Port Scan | Ping of Death
|
|
},
|
|
UDP: {
|
|
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
|
|
123: '14,17', // Port Scan | Spoofing
|
|
},
|
|
};
|
|
|
|
exports.DETERMINE_CATEGORIES = ({ proto, dpt }) => categories[proto]?.[dpt] || '14'; // Default: Port Scan
|