github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

fix script naming 

- rename fail2ban_abuseipdb.sh --> fail2ban-abuseipdb.sh
- update descriptions
pull/3948/head
Hasan ÇALIŞIR 2025-03-03 21:21:44 +03:00 committed by GitHub
parent fa4ce4acba
commit 28c2d6685d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
files/abuseipdb.local
View File

@ -4,19 +4,18 @@
# GitHub: https://github.com/hsntgm # GitHub: https://github.com/hsntgm
# #
# Description: # Description:
# This configuration enhances Fail2Ban's integration with AbuseIPDB, # Enhanced AbuseIPDB integration for Fail2Ban with improved control,
# providing users with improved control, flexibility, and security when reporting abusive IPs. # tracking, and isolation for IP abuse reporting.
# #
# Key Enhancements: # Key Features:
# - Implements a **AbuseIPDB SQLite DB** to ensure **complete isolation** from Fail2Ban, # - Isolated AbuseIPDB SQLite database to track reports independently.
# enabling the script to manage and track IP bans without relying solely on Fail2Ban's internal DB and ban management. # - Dual API calls: /v2/check and /v2/report for efficient reporting.
# - Performs **two API calls**: # - Optimizes AbuseIPDB daily API usage by reducing unnecessary report calls
# 1. `/v2/check`: Verifies if the IP is already reported to AbuseIPDB. # - Supports norestored=1 to avoid duplicate reports on restart.
# 2. `/v2/report`: Reports the IP to AbuseIPDB if necessary, ensuring efficient use of API calls. # - Maintains a separate, long-term persistent database of banned IPs to ensure accurate tracking
# - Supports **Fail2Ban's `norestored=1` feature** to prevent redundant reports on Fail2Ban restart. # and avoid reliance on Fail2Bans bantimes or ban state, even if Fail2Bans
# This feature ensures that once an IP is reported, it is not reported again upon Fail2Ban restart. # internal ban management becomes inconsistent over time.
# - **Prevents redundant reporting** by checking the local list before making a report to AbuseIPDB. # - Customizable report comments to avoid leaking sensitive info.
# - Provides **custom comments** for IP reports, helping to avoid the leakage of sensitive information.
# #
# Example 'jail' configuration in 'jail.local' to prevent leaking sensitive information in AbuseIPDB reports: # Example 'jail' configuration in 'jail.local' to prevent leaking sensitive information in AbuseIPDB reports:
# [nginx-botsearch] # [nginx-botsearch]
@ -31,6 +30,7 @@
# action = %(action_mwl)s # action = %(action_mwl)s
# %(action_abuseipdb)s[matches="%(tp_comment)s", abuseipdb_apikey="YOUR_API_KEY", abuseipdb_category="21,15", bantime="%(bantime)s"] # %(action_abuseipdb)s[matches="%(tp_comment)s", abuseipdb_apikey="YOUR_API_KEY", abuseipdb_category="21,15", bantime="%(bantime)s"]
[Definition] [Definition]
# Option: norestored # Option: norestored
###################### ######################
@ -43,12 +43,11 @@
# Option: User defined settings # Option: User defined settings
###################### ######################
# Notes.: * Path to the main local banned IP list used by the action script. Not logrotate your main IP list log. # Notes.: * Path to AbuseIPDB SQLite database used by the action script.
# * Path to the log file where actions and events are recorded by the action script # * Path to the log file where actions and events are recorded by the action script.
# * Rely on Fail2Ban for restarts (0) or completely isolate it by bypassing Fail2Ban (1) # * Rely on Fail2Ban for restarts (0) or completely isolate it by bypassing Fail2Ban (1)
# ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts # ! Bypassing Fail2Ban on restarts (BYPASS_FAIL2BAN = 1) can overhelm your server and AbuseIPDB API on restarts.
# ! Use this option if you want to completely isolate from Fail2Ban and rely solely on the local banned IP list for reporting. # ! SET 1 if you want to completely isolate from Fail2Ban and rely solely on the AbuseIPDB SQLite database for reporting on restart.
# SQLITE_DB = "/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb" # SQLITE_DB = "/var/lib/fail2ban/abuseipdb/fail2ban_abuseipdb"
# LOG_FILE = "/var/log/abuseipdb/abuseipdb.log" # LOG_FILE = "/var/log/abuseipdb/abuseipdb.log"
# BYPASS_FAIL2BAN = 0 # BYPASS_FAIL2BAN = 0
@ -56,20 +55,20 @@
# Option: actionstart # Option: actionstart
###################### ######################
# Notes.: DO NOT MODIFY, JUST UNCOMMENT # Notes.: Uncomment and leave as-is
# actionstart = nohup /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \ # actionstart = nohup /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
# "--actionstart" "<SQLITE_DB>" "<LOG_FILE>" & # "--actionstart" "<SQLITE_DB>" "<LOG_FILE>" &
# Option: actionban # Option: actionban
###################### ######################
# Notes.: DO NOT MODIFY, JUST UNCOMMENT # Notes.: Uncomment and leave as-is
# actionban = /etc/fail2ban/action.d/fail2ban_abuseipdb.sh \ # actionban = /etc/fail2ban/action.d/fail2ban-abuseipdb.sh \
# "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>" "<restored>" "<BYPASS_FAIL2BAN>" "<SQLITE_DB>" "<LOG_FILE>" # "<abuseipdb_apikey>" "<matches>" "<ip>" "<abuseipdb_category>" "<bantime>" "<restored>" "<BYPASS_FAIL2BAN>" "<SQLITE_DB>" "<LOG_FILE>"
[Init] [Init]
# Option: abuseipdb_apikey # Option: abuseipdb_apikey
###################### ######################
# Notes Set your API key and UNCOMMENT # Notes Set your API key and uncomment
# abuseipdb_apikey = # abuseipdb_apikey =