Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add <jail> and <num_banned_ips> tags for actionban/actionunban #10

Open
selivan opened this issue Nov 23, 2011 · 10 comments

Comments

Projects
None yet
7 participants
@selivan
Copy link

commented Nov 23, 2011

I'v succesfuly integrated fail2ban with Zabbix monitoring system. Each time actionban/actionunban happens, external script is called to pass parameters to Zabbix server. Different jails have different triggers in Zabbix, because I want to know not only from which ip attack happend, but also what service was attacked. actionban/actionunban doesn't know, for which jail it was called, so I need to write separate action scripts for each service. If <jail> tag will be added, single script for all actions may be used. If <num_banned_ips> tag will be added(I mean number of banned ips in current jail), external script with call to fail2ban-client will not necessary.

If this changes will be made, integrating with different monitoring services will be as easy as configuring mail warnings and may become out-of-the-box fail2ban ability. I can provide actions configuration, Zabbix template and how-to insruction for wiki.

@yarikoptic

This comment has been minimized.

Copy link
Member

commented Nov 23, 2011

there is already where you can pass jail name (which is the case
on debian systems).

as for num_banned_ips -- worthy wishlist I guess, so will keep this bugreport
open for it ;)

If this changes will be made, integrating with different monitoring
services will be as easy as configuring mail warnings and may become
out-of-the-box fail2ban ability. I can provide actions configuration, Zabbix
template and how-to insruction for wiki.

taking you on the word ;)

Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

@selivan

This comment has been minimized.

Copy link
Author

commented Nov 23, 2011

You are right, I'm using Debian :)

<name> may be set only in action configuration, right? Setting it in [jail_name] section of jail.local does not work for me: this definition is ignored. On ban/unban script updates on Zabbix server item <name>_num_of_banned_ips for current host. Each jail have to update it's specific item: ssh_num_of_banned_ips, openvpn_num_of_banned_ips, etc. So I need to keep 2 similar action files, differencing only in one string:

name=%jail_name%
@yarikoptic

This comment has been minimized.

Copy link
Member

commented Nov 23, 2011

you need need to pass it in the action definition. On Debian systems I made default action to pass jail name as the name option:

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

so if you want to tune up -- just create verbose definition of action for that jail as in the stock fail2ban's jail.conf, e.g.:

action   = iptables[name=SSH, port=ssh, protocol=tcp]

so you can pass any desired for any jail... by default it should be the jail name on Debian systems... isn't it?

@yarikoptic

This comment has been minimized.

Copy link
Member

commented Nov 27, 2011

Re <num_banned_ips>: I have added it (yet to test/commit/push) but then got "deeper" understanding of the situation ;-) Because at that point ban for a new IP only started (thus not yet really 'banned' technically since it can fail to execute) current abuser/IP would not be a part of the num_banned_ips (or banned_ips for that sake).

@yarikoptic

This comment has been minimized.

Copy link
Member

commented Nov 27, 2011

ok -- check it out in my clone http://github.com/yarikoptic/fail2ban -- added <num_banned_ips> and <banned_ips> with consideration stated in the previous comment. Is that something worth having?

@selivan

This comment has been minimized.

Copy link
Author

commented Dec 5, 2011

I didn't forget my promise, but I'm very-very busy now. When I will have some free time - I will write clean solution, learn how to use git and commit it.

@yarikoptic

This comment has been minimized.

Copy link
Member

commented Dec 5, 2011

no problem -- take your time... but also feedback on the changes I have introduced would be helpful as well
Cheers!

@yarikoptic

This comment has been minimized.

Copy link
Member

commented Nov 6, 2012

knock know -- still interested in this functionality? it is getting too stale

@leeclemens

This comment has been minimized.

Copy link
Contributor

commented Jun 5, 2015

Following the reference from #540, this issue is still sadly present. iptables-ipset needs bantime , but it is not defined as a parameter for action_ (and still isn't effective when passed in as bantime="%(bantime)s").

@grooverdan grooverdan removed their assignment Jul 9, 2015

@yarikoptic yarikoptic modified the milestones: 0.9.3, 0.9.4 Jul 11, 2015

@yarikoptic yarikoptic modified the milestones: 0.9.4, 0.9.5 Jan 8, 2016

@yarikoptic yarikoptic modified the milestones: 0.9.5, 0.9.6 Jul 16, 2016

@yarikoptic yarikoptic removed this from the 0.9.5 milestone Jul 16, 2016

@yarikoptic yarikoptic modified the milestones: 0.9.6, 0.9.7 Dec 9, 2016

@sebres sebres added the enhancement label Apr 20, 2017

@nuno-silva

This comment has been minimized.

Copy link

commented Jun 28, 2019

+1 for <num_banned_ips> :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.