- Added an override configuration to enhance Fail2Ban’s AbuseIPDB integration.
- Introduced a local banned IP list for better isolation from Fail2Ban.
- Optimized API calls (`/v2/check` → `/v2/report`) to reduce redundant reports.
- Ensured `norestored=1` handling to prevent re-reporting after restarts.
- Improved logging and added custom comments to avoid sensitive data exposure.
This override provides more control, efficiency, and security while maintaining compatibility with the main configuration.
- Clarified integration steps for placing the script in 'action.d'
- Updated example configuration with correct script name 'fail2ban-abuseipdb.sh'
- Emphasized the need to set 'abuseipdb_apikey' in the config file
- Improved formatting and readability for better user understanding
No functional changes, just documentation updates.
Dropbear uses `strftime` `"%b %d %H:%M:%S` to print its timestamps, hence we know the day and time format, but the month could be localized. We hence allow any 3 word characters for it, and additionally simplify the day and time pattern into a single group.
Signed-off-by: MichaIng <micha@dietpi.com>
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly uses the `-F` and `-E` flags, to run it in foreground and have it logging to STDOUT instead of syslog.
As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.
The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without `-E` flag.
Additionally, for performance reasons, this commit adds a `journalmatch` entry, matching Debian's and Fedora's `dropbear.service` with `dropbear` executable/identifier, the most likely match for a Dropbear systemd service.
Signed-off-by: MichaIng <micha@dietpi.com>
also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex);
closes gh-3895
The "after iptables" clause in the OpenRC service script's depend()
function causes fail2ban to start after iptables, if iptables is
scheduled to start. Here we add "after nftables" as well: nftables is
the successor to iptables, and fail2ban supports it out-of-the-box.
If nftables is scheduled to start, we want to wait until it's done
before starting fail2ban.
Hasan ÇALIŞIR