-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig.default.js
66 lines (55 loc) · 3.47 KB
/
config.default.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
exports.MAIN = {
// Server
UFW_LOG_FILE: '/var/log/ufw.log',
CACHE_FILE: '/var/cache/sefinek/ufw-abuseipdb-reporter.cache',
SERVER_ID: null, // The server name that will be visible in reports (e.g., homeserver1, de1). Leave as null if you don't want to define it.
EXTENDED_LOGS: false, // Specifies whether the script should display additional information in the logs.
// Network
IP_REFRESH_SCHEDULE: '0 */6 * * *', // CRON: How often the script should check the IP address assigned by the ISP to prevent accidental self-reporting. If you have a static IP, you can set it to '0 0 1 * *' (once a month). Default: every 6 hours
IPv6_SUPPORT: true, // Specifies whether the device has an assigned IPv6 address.
// Reporting
ABUSEIPDB_API_KEY: '', // Secret API key for AbuseIPDB.
IP_REPORT_COOLDOWN: 12 * 60 * 60 * 1000, // Minimum time (12 hours in this example) that must pass before the same IP address can be reported again. Do not set values like 1 hour, as it wouldn't make sense due to rate limits.
// Automatic Updates
AUTO_UPDATE_ENABLED: false, // Should the script automatically update to the latest version using 'git pull'? If enabled, monitor the script periodically — incompatibilities may occasionally occur with the config file.
AUTO_UPDATE_SCHEDULE: '0 18 * * *', // CRON: Schedule for automatic script updates. Default: every day at 18:00
// Discord Webhooks
DISCORD_WEBHOOKS_ENABLED: false, // Should the script send webhooks? These will include error reports, daily summaries, and other related information.
DISCORD_WEBHOOKS_URL: '',
DISCORD_WEBHOOK_USERNAME: 'SERVER_ID', // The name displayed as the message author on Discord. If you don't want to set it, leave the value as null. Providing SERVER_ID as a string will display this.MAIN.SERVER_ID.
};
// Generates a report submission.
const serverId = this.MAIN.SERVER_ID ? `on ${this.MAIN.SERVER_ID} ` : '';
exports.REPORT_COMMENT = ({ date, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog) =>
`Blocked by UFW ${serverId}[${dpt}/${proto?.toLowerCase()}]
Source port: ${spt}
TTL: ${ttl}
Packet length: ${len}
TOS: ${tos}
This report was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please, don't delete this URL. I would be very grateful! Thank you. 💙
// Alternative version:
// exports.REPORT_COMMENT = ({ date, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog) =>
// `Blocked by UFW ${serverId}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`;
// See: https://www.abuseipdb.com/categories
const categories = {
TCP: {
22: '14,22,18', // Port Scan | SSH | Brute-Force
80: '14,21', // Port Scan | Web App Attack
443: '14,21', // Port Scan | Web App Attack
8080: '14,21', // Port Scan | Web App Attack
25: '14,11', // Port Scan | Email Spam
21: '14,5,18', // Port Scan | FTP Brute-Force | Brute-Force
53: '14,1,2', // Port Scan | DNS Compromise | DNS Poisoning
23: '14,15,18', // Port Scan | Hacking | Brute-Force
3389: '14,15,18', // Port Scan | Hacking | Brute-Force
3306: '14,16', // Port Scan | SQL Injection
6666: '14,8', // Port Scan | Fraud VoIP
6667: '14,8', // Port Scan | Fraud VoIP
6668: '14,8', // Port Scan | Fraud VoIP
6669: '14,8', // Port Scan | Fraud VoIP
9999: '14,6', // Port Scan | Ping of Death
},
UDP: {},
};
exports.DETERMINE_CATEGORIES = ({ proto, dpt }) => categories[proto]?.[dpt] || '14'; // Default: Port Scan