fix script naming

- rename fail2ban_abuseipdb.sh --> fail2ban-abuseipdb.sh
- update descriptions
pull/3948/head
Hasan ÇALIŞIR 2025-03-03 21:21:44 +03:00 committed by GitHub
parent fa4ce4acba
commit 28c2d6685d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 23 deletions

View File

@ -4,19 +4,18 @@
# GitHub: https://github.com/hsntgm
#
# Description:
# This configuration enhances Fail2Ban's integration with AbuseIPDB,
# providing users with improved control, flexibility, and security when reporting abusive IPs.
# Enhanced AbuseIPDB integration for Fail2Ban with improved control,
# tracking, and isolation for IP abuse reporting.
#
# Key Enhancements:
# - Implements a **AbuseIPDB SQLite DB** to ensure **complete isolation** from Fail2Ban,
# enabling the script to manage and track IP bans without relying solely on Fail2Ban's internal DB and ban management.
# - Performs **two API calls**:
# 1. `/v2/check`: Verifies if the IP is already reported to AbuseIPDB.
# 2. `/v2/report`: Reports the IP to AbuseIPDB if necessary, ensuring efficient use of API calls.
# - Supports **Fail2Ban's `norestored=1` feature** to prevent redundant reports on Fail2Ban restart.
# This feature ensures that once an IP is reported, it is not reported again upon Fail2Ban restart.
# - **Prevents redundant reporting** by checking the local list before making a report to AbuseIPDB.
# - Provides **custom comments** for IP reports, helping to avoid the leakage of sensitive information.
# Key Features:
# - Isolated AbuseIPDB SQLite database to track reports independently.
# - Dual API calls: /v2/check and /v2/report for efficient reporting.
# - Optimizes AbuseIPDB daily API usage by reducing unnecessary report calls
# - Supports norestored=1 to avoid duplicate reports on restart.
# - Maintains a separate, long-term persistent database of banned IPs to ensure accurate tracking
# and avoid reliance on Fail2Bans bantimes or ban state, even if Fail2Bans
# internal ban management becomes inconsistent over time.
# - Customizable report comments to avoid leaking sensitive info.
#
# Example 'jail' configuration in 'jail.local' to prevent leaking sensitive information in AbuseIPDB reports:
# [nginx-botsearch]
@ -31,6 +30,7 @@
# action = %(action_mwl)s
# %(action_abuseipdb)s[matches="%(tp_comment)s", abuseipdb_apikey="YOUR_API_KEY", abuseipdb_category="21,15", bantime="%(bantime)s"]
[Definition]
# Option: norestored
######################
@ -43,33 +43,32 @@
# Option: User defined settings
######################
# Notes.: * Path to the main local banned IP list used by the action script. Not logrotate your main IP list log.
# * Path to the log file where actions and events are recorded by the action script
# Notes.: * Path to AbuseIPDB SQLite database used by the action script.
# * Path to the log file where actions and events are recorded by the action script.
# * Rely on Fail2Ban for restarts (0) or completely isolate it by bypassing Fail2Ban (1)
# ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts
# ! Use this option if you want to completely isolate from Fail2Ban and rely solely on the local banned IP list for reporting.
# SQLITE_DB="/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
# ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts.
# ! SET 1 if you want to completely isolate from Fail2Ban and rely solely on the AbuseIPDB SQLite database for reporting on restart.
# SQLITE_DB = "/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
# LOG_FILE = "/var/log/abuseipdb/abuseipdb.log"
# BYPASS_FAIL2BAN = 0
# Option: actionstart
######################
# Notes.: DO NOT MODIFY, JUST UNCOMMENT
# actionstart = nohup /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
# Notes.: Uncomment and leave as-is
# actionstart = nohup /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
# "--actionstart" "<SQLITE_DB>" "<LOG_FILE>" &
# Option: actionban
######################
# Notes.: DO NOT MODIFY, JUST UNCOMMENT
# actionban = /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
# Notes.: Uncomment and leave as-is
# actionban = /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
# "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>" "<restored>" "<BYPASS_FAIL2BAN>" "<SQLITE_DB>" "<LOG_FILE>"
[Init]
# Option: abuseipdb_apikey
######################
# Notes Set your API key and UNCOMMENT
# Notes Set your API key and uncomment
# abuseipdb_apikey =