Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add <num_banned_ips> tag for actionban/actionunban #10

Closed
selivan opened this issue Nov 23, 2011 · 11 comments
Closed

Add <num_banned_ips> tag for actionban/actionunban #10

selivan opened this issue Nov 23, 2011 · 11 comments
Assignees
Milestone

Comments

@selivan
Copy link

@selivan selivan commented Nov 23, 2011

I'v succesfuly integrated fail2ban with Zabbix monitoring system. Each time actionban/actionunban happens, external script is called to pass parameters to Zabbix server. Different jails have different triggers in Zabbix, because I want to know not only from which ip attack happend, but also what service was attacked. actionban/actionunban doesn't know, for which jail it was called, so I need to write separate action scripts for each service. If <jail> tag will be added, single script for all actions may be used. If <num_banned_ips> tag will be added(I mean number of banned ips in current jail), external script with call to fail2ban-client will not necessary.

If this changes will be made, integrating with different monitoring services will be as easy as configuring mail warnings and may become out-of-the-box fail2ban ability. I can provide actions configuration, Zabbix template and how-to insruction for wiki.

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Nov 23, 2011

there is already where you can pass jail name (which is the case
on debian systems).

as for num_banned_ips -- worthy wishlist I guess, so will keep this bugreport
open for it ;)

If this changes will be made, integrating with different monitoring
services will be as easy as configuring mail warnings and may become
out-of-the-box fail2ban ability. I can provide actions configuration, Zabbix
template and how-to insruction for wiki.

taking you on the word ;)

Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

@selivan
Copy link
Author

@selivan selivan commented Nov 23, 2011

You are right, I'm using Debian :)

<name> may be set only in action configuration, right? Setting it in [jail_name] section of jail.local does not work for me: this definition is ignored. On ban/unban script updates on Zabbix server item <name>_num_of_banned_ips for current host. Each jail have to update it's specific item: ssh_num_of_banned_ips, openvpn_num_of_banned_ips, etc. So I need to keep 2 similar action files, differencing only in one string:

name=%jail_name%

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Nov 23, 2011

you need need to pass it in the action definition. On Debian systems I made default action to pass jail name as the name option:

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

so if you want to tune up -- just create verbose definition of action for that jail as in the stock fail2ban's jail.conf, e.g.:

action   = iptables[name=SSH, port=ssh, protocol=tcp]

so you can pass any desired for any jail... by default it should be the jail name on Debian systems... isn't it?

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Nov 27, 2011

Re <num_banned_ips>: I have added it (yet to test/commit/push) but then got "deeper" understanding of the situation ;-) Because at that point ban for a new IP only started (thus not yet really 'banned' technically since it can fail to execute) current abuser/IP would not be a part of the num_banned_ips (or banned_ips for that sake).

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Nov 27, 2011

ok -- check it out in my clone http://github.com/yarikoptic/fail2ban -- added <num_banned_ips> and <banned_ips> with consideration stated in the previous comment. Is that something worth having?

@selivan
Copy link
Author

@selivan selivan commented Dec 5, 2011

I didn't forget my promise, but I'm very-very busy now. When I will have some free time - I will write clean solution, learn how to use git and commit it.

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Dec 5, 2011

no problem -- take your time... but also feedback on the changes I have introduced would be helpful as well
Cheers!

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Nov 6, 2012

knock know -- still interested in this functionality? it is getting too stale

@ghost ghost assigned grooverdan Aug 19, 2013
@kwirk kwirk added this to the 0.9.2 milestone May 7, 2014
@kwirk kwirk removed this from the 0.9.1 milestone May 7, 2014
@yarikoptic yarikoptic removed this from the 0.9.2 milestone Feb 14, 2015
@yarikoptic yarikoptic added this to the 0.9.3 milestone Feb 14, 2015
@yarikoptic yarikoptic added this to the 0.9.3 milestone Feb 14, 2015
@yarikoptic yarikoptic removed this from the 0.9.2 milestone Feb 14, 2015
@leeclemens
Copy link
Contributor

@leeclemens leeclemens commented Jun 5, 2015

Following the reference from #540, this issue is still sadly present. iptables-ipset needs bantime , but it is not defined as a parameter for action_ (and still isn't effective when passed in as bantime="%(bantime)s").

@grooverdan grooverdan removed their assignment Jul 9, 2015
@yarikoptic yarikoptic removed this from the 0.9.3 milestone Jul 11, 2015
@yarikoptic yarikoptic added this to the 0.9.4 milestone Jul 11, 2015
@yarikoptic yarikoptic added this to the 0.9.4 milestone Jul 11, 2015
@yarikoptic yarikoptic removed this from the 0.9.3 milestone Jul 11, 2015
@yarikoptic yarikoptic removed this from the 0.9.4 milestone Jan 8, 2016
@yarikoptic yarikoptic added this to the 0.9.5 milestone Jan 8, 2016
@yarikoptic yarikoptic added this to the 0.9.5 milestone Jan 8, 2016
@yarikoptic yarikoptic removed this from the 0.9.4 milestone Jan 8, 2016
@yarikoptic yarikoptic removed this from the 0.9.5 milestone Jul 16, 2016
@yarikoptic yarikoptic added this to the 0.9.6 milestone Jul 16, 2016
@yarikoptic yarikoptic added this to the 0.9.6 milestone Jul 16, 2016
@yarikoptic yarikoptic removed this from the 0.9.5 milestone Jul 16, 2016
@yarikoptic yarikoptic removed this from the 0.9.6 milestone Dec 9, 2016
@yarikoptic yarikoptic added this to the 0.9.7 milestone Dec 9, 2016
@yarikoptic yarikoptic added this to the 0.9.7 milestone Dec 9, 2016
@yarikoptic yarikoptic removed this from the 0.9.6 milestone Dec 9, 2016
@nuno-silva
Copy link

@nuno-silva nuno-silva commented Jun 28, 2019

+1 for <num_banned_ips> :)

@sebres sebres changed the title Add <jail> and <num_banned_ips> tags for actionban/actionunban Add <num_banned_ips> tag for actionban/actionunban Jan 6, 2021
@sebres
Copy link
Contributor

@sebres sebres commented Jan 6, 2021

Revisited this...
Looks pretty simple now, just calling map ActionInfo.AI_DICT should be extended like here (can provide even more info):

			# raw ticket info:
			"raw-ticket":		lambda self: repr(self.__ticket)
+			# jail info:
+			"jail.banned":		lambda self: self.__jail.actions.__banManager.size(),
+			"jail.banned_total":	lambda self: self.__jail.actions.__banManager.getBanTotal(),
+			"jail.found":		lambda self: self.__jail.filter.failManager.size(),
+			"jail.found_total":	lambda self: self.__jail.filter.failManager.getFailTotal()
}

So the requested tag <num_banned_ips> would be either <jail.banned> (number of currently banned tickets) or <jail.banned_total> (totally banned since fail2ban start), don't known which of both exactly is needed.

That's it... ought to write still some tests in favor of coverage.

@sebres sebres added WiP and removed moreinfo labels Jan 6, 2021
@sebres sebres removed this from the 0.9.7 milestone Jan 6, 2021
@sebres sebres added this to the 1.0 milestone Jan 6, 2021
@sebres sebres self-assigned this Jan 6, 2021
@sebres sebres closed this in 725354c Mar 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants