- Replace local file storage with AbuseIPDB SQLite database.
- Offload heavy tasks to background to avoid latency during concurrent actionban calls.
- Add global lock to ensure actionstart runs only once across all jails.
fix syntax in example, because `dst` as command parameter doesn't have precedence over or-expression, so second `sport` would ignore `dst` and kill any connection for https regardless the IP
- Reorganized script to be used by both 'actionstart' and 'actionban' in 'abuseipdb.local'
- Isolated heavy 'actionstart' tasks using nohup to prevent latency
- Removed redundant API checks to improve performance and reduce overhead
- Implemented a lock mechanism to prevent 'actionban' execution if 'actionstart' fails
- Ensured 'actionban' does not run at runtime due to missing dependencies or permission issues
- Added an override configuration to enhance Fail2Ban’s AbuseIPDB integration.
- Introduced a local banned IP list for better isolation from Fail2Ban.
- Optimized API calls (`/v2/check` → `/v2/report`) to reduce redundant reports.
- Ensured `norestored=1` handling to prevent re-reporting after restarts.
- Improved logging and added custom comments to avoid sensitive data exposure.
This override provides more control, efficiency, and security while maintaining compatibility with the main configuration.
- Clarified integration steps for placing the script in 'action.d'
- Updated example configuration with correct script name 'fail2ban-abuseipdb.sh'
- Emphasized the need to set 'abuseipdb_apikey' in the config file
- Improved formatting and readability for better user understanding
No functional changes, just documentation updates.
Dropbear uses `strftime` `"%b %d %H:%M:%S` to print its timestamps, hence we know the day and time format, but the month could be localized. We hence allow any 3 word characters for it, and additionally simplify the day and time pattern into a single group.
Signed-off-by: MichaIng <micha@dietpi.com>
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly uses the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog.
As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.
The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag.
Additionally, for performance reasons, this commit adds a `journalmatch` entry, matching Debian's and Fedora's `dropbear.service` with `dropbear` executable/identifier, the most likely match for a Dropbear systemd service.
Signed-off-by: MichaIng <micha@dietpi.com>
also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex);
closes gh-3895
Hasan ÇALIŞIR