mirror of https://github.com/fail2ban/fail2ban
fix script naming
- rename fail2ban_abuseipdb.sh --> fail2ban-abuseipdb.sh - update descriptionspull/3948/head
parent
fa4ce4acba
commit
28c2d6685d
|
@ -4,19 +4,18 @@
|
|||
# GitHub: https://github.com/hsntgm
|
||||
#
|
||||
# Description:
|
||||
# This configuration enhances Fail2Ban's integration with AbuseIPDB,
|
||||
# providing users with improved control, flexibility, and security when reporting abusive IPs.
|
||||
# Enhanced AbuseIPDB integration for Fail2Ban with improved control,
|
||||
# tracking, and isolation for IP abuse reporting.
|
||||
#
|
||||
# Key Enhancements:
|
||||
# - Implements a **AbuseIPDB SQLite DB** to ensure **complete isolation** from Fail2Ban,
|
||||
# enabling the script to manage and track IP bans without relying solely on Fail2Ban's internal DB and ban management.
|
||||
# - Performs **two API calls**:
|
||||
# 1. `/v2/check`: Verifies if the IP is already reported to AbuseIPDB.
|
||||
# 2. `/v2/report`: Reports the IP to AbuseIPDB if necessary, ensuring efficient use of API calls.
|
||||
# - Supports **Fail2Ban's `norestored=1` feature** to prevent redundant reports on Fail2Ban restart.
|
||||
# This feature ensures that once an IP is reported, it is not reported again upon Fail2Ban restart.
|
||||
# - **Prevents redundant reporting** by checking the local list before making a report to AbuseIPDB.
|
||||
# - Provides **custom comments** for IP reports, helping to avoid the leakage of sensitive information.
|
||||
# Key Features:
|
||||
# - Isolated AbuseIPDB SQLite database to track reports independently.
|
||||
# - Dual API calls: /v2/check and /v2/report for efficient reporting.
|
||||
# - Optimizes AbuseIPDB daily API usage by reducing unnecessary report calls
|
||||
# - Supports norestored=1 to avoid duplicate reports on restart.
|
||||
# - Maintains a separate, long-term persistent database of banned IPs to ensure accurate tracking
|
||||
# and avoid reliance on Fail2Ban’s bantimes or ban state, even if Fail2Ban’s
|
||||
# internal ban management becomes inconsistent over time.
|
||||
# - Customizable report comments to avoid leaking sensitive info.
|
||||
#
|
||||
# Example 'jail' configuration in 'jail.local' to prevent leaking sensitive information in AbuseIPDB reports:
|
||||
# [nginx-botsearch]
|
||||
|
@ -31,6 +30,7 @@
|
|||
# action = %(action_mwl)s
|
||||
# %(action_abuseipdb)s[matches="%(tp_comment)s", abuseipdb_apikey="YOUR_API_KEY", abuseipdb_category="21,15", bantime="%(bantime)s"]
|
||||
|
||||
|
||||
[Definition]
|
||||
# Option: norestored
|
||||
######################
|
||||
|
@ -43,33 +43,32 @@
|
|||
|
||||
# Option: User defined settings
|
||||
######################
|
||||
# Notes.: * Path to the main local banned IP list used by the action script. Not logrotate your main IP list log.
|
||||
# * Path to the log file where actions and events are recorded by the action script
|
||||
# Notes.: * Path to AbuseIPDB SQLite database used by the action script.
|
||||
# * Path to the log file where actions and events are recorded by the action script.
|
||||
# * Rely on Fail2Ban for restarts (0) or completely isolate it by bypassing Fail2Ban (1)
|
||||
# ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts
|
||||
# ! Use this option if you want to completely isolate from Fail2Ban and rely solely on the local banned IP list for reporting.
|
||||
|
||||
# SQLITE_DB="/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
|
||||
# ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts.
|
||||
# ! SET 1 if you want to completely isolate from Fail2Ban and rely solely on the AbuseIPDB SQLite database for reporting on restart.
|
||||
# SQLITE_DB = "/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
|
||||
# LOG_FILE = "/var/log/abuseipdb/abuseipdb.log"
|
||||
# BYPASS_FAIL2BAN = 0
|
||||
|
||||
|
||||
# Option: actionstart
|
||||
######################
|
||||
# Notes.: DO NOT MODIFY, JUST UNCOMMENT
|
||||
# actionstart = nohup /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
|
||||
# Notes.: Uncomment and leave as-is
|
||||
# actionstart = nohup /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
|
||||
# "--actionstart" "<SQLITE_DB>" "<LOG_FILE>" &
|
||||
|
||||
|
||||
# Option: actionban
|
||||
######################
|
||||
# Notes.: DO NOT MODIFY, JUST UNCOMMENT
|
||||
# actionban = /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
|
||||
# Notes.: Uncomment and leave as-is
|
||||
# actionban = /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
|
||||
# "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>" "<restored>" "<BYPASS_FAIL2BAN>" "<SQLITE_DB>" "<LOG_FILE>"
|
||||
|
||||
|
||||
[Init]
|
||||
# Option: abuseipdb_apikey
|
||||
######################
|
||||
# Notes Set your API key and UNCOMMENT
|
||||
# Notes Set your API key and uncomment
|
||||
# abuseipdb_apikey =
|
||||
|
|
Loading…
Reference in New Issue