From 28c2d6685d2acd4cae4154d0e89856d70a32c527 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hasan=20=C3=87ALI=C5=9EIR?= <hasan.calisir@psauxit.com>
Date: Mon, 3 Mar 2025 21:21:44 +0300
Subject: [PATCH] fix script naming

- rename fail2ban_abuseipdb.sh --> fail2ban-abuseipdb.sh
- update descriptions
---
 files/abuseipdb.local | 45 +++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/files/abuseipdb.local b/files/abuseipdb.local
index 0c1b80c3..a5d9b653 100644
--- a/files/abuseipdb.local
+++ b/files/abuseipdb.local
@@ -4,19 +4,18 @@
 # GitHub: https://github.com/hsntgm
 #
 # Description:
-#   This configuration enhances Fail2Ban's integration with AbuseIPDB,
-#   providing users with improved control, flexibility, and security when reporting abusive IPs.
+#   Enhanced AbuseIPDB integration for Fail2Ban with improved control,
+#   tracking, and isolation for IP abuse reporting.
 #
-# Key Enhancements:
-#   - Implements a **AbuseIPDB SQLite DB** to ensure **complete isolation** from Fail2Ban, 
-#     enabling the script to manage and track IP bans without relying solely on Fail2Ban's internal DB and ban management.
-#   - Performs **two API calls**: 
-#     1. `/v2/check`: Verifies if the IP is already reported to AbuseIPDB.
-#     2. `/v2/report`: Reports the IP to AbuseIPDB if necessary, ensuring efficient use of API calls.
-#   - Supports **Fail2Ban's `norestored=1` feature** to prevent redundant reports on Fail2Ban restart. 
-#     This feature ensures that once an IP is reported, it is not reported again upon Fail2Ban restart.
-#   - **Prevents redundant reporting** by checking the local list before making a report to AbuseIPDB.
-#   - Provides **custom comments** for IP reports, helping to avoid the leakage of sensitive information.
+# Key Features:
+#   - Isolated AbuseIPDB SQLite database to track reports independently.
+#   - Dual API calls: /v2/check and /v2/report for efficient reporting.
+#   - Optimizes AbuseIPDB daily API usage by reducing unnecessary report calls
+#   - Supports norestored=1 to avoid duplicate reports on restart.
+#   - Maintains a separate, long-term persistent database of banned IPs to ensure accurate tracking
+#     and avoid reliance on Fail2Ban’s bantimes or ban state, even if Fail2Ban’s
+#     internal ban management becomes inconsistent over time.
+#   - Customizable report comments to avoid leaking sensitive info.
 #
 # Example 'jail' configuration in 'jail.local' to prevent leaking sensitive information in AbuseIPDB reports:
 #   [nginx-botsearch]
@@ -31,6 +30,7 @@
 #   action     = %(action_mwl)s
 #                %(action_abuseipdb)s[matches="%(tp_comment)s", abuseipdb_apikey="YOUR_API_KEY", abuseipdb_category="21,15", bantime="%(bantime)s"]
 
+
 [Definition]
 # Option:  norestored
 ######################
@@ -43,33 +43,32 @@
 
 # Option:  User defined settings
 ######################
-# Notes.:  * Path to the main local banned IP list used by the action script. Not logrotate your main IP list log.
-#          * Path to the log file where actions and events are recorded by the action script
+# Notes.:  * Path to AbuseIPDB SQLite database used by the action script.
+#          * Path to the log file where actions and events are recorded by the action script.
 #          * Rely on Fail2Ban for restarts (0) or completely isolate it by bypassing Fail2Ban (1)
-#          ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts
-#          ! Use this option if you want to completely isolate from Fail2Ban and rely solely on the local banned IP list for reporting.
-
-# SQLITE_DB="/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
+#          ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts.
+#          ! SET 1 if you want to completely isolate from Fail2Ban and rely solely on the AbuseIPDB SQLite database for reporting on restart.
+# SQLITE_DB = "/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
 # LOG_FILE = "/var/log/abuseipdb/abuseipdb.log"
 # BYPASS_FAIL2BAN = 0
 
 
 # Option:  actionstart
 ######################
-# Notes.:  DO NOT MODIFY, JUST UNCOMMENT
-# actionstart = nohup /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
+# Notes.:  Uncomment and leave as-is
+# actionstart = nohup /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
 #     "--actionstart" "<SQLITE_DB>" "<LOG_FILE>" &
 
 
 # Option:  actionban
 ######################
-# Notes.:  DO NOT MODIFY, JUST UNCOMMENT
-# actionban = /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \
+# Notes.:  Uncomment and leave as-is
+# actionban = /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
 #     "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>" "<restored>" "<BYPASS_FAIL2BAN>" "<SQLITE_DB>" "<LOG_FILE>"
 
 
 [Init]
 # Option:  abuseipdb_apikey
 ######################
-# Notes    Set your API key and UNCOMMENT
+# Notes    Set your API key and uncomment
 # abuseipdb_apikey =