Skip to content

yaleman/fail2ban-importer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

306 Commits

.github

.github

 
 

dist

dist

 
 

fail2ban_importer

fail2ban_importer

 
 

tests

tests

 
 

.dependabotbot.json

.dependabotbot.json

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CODEOWNERS

CODEOWNERS

 
 

README.md

README.md

 
 

SECURITY.MD

SECURITY.MD

 
 

example.json

example.json

 
 

fail2ban-importer.json.example

fail2ban-importer.json.example

 
 

mypi.ini

mypi.ini

 
 

pyproject.toml

pyproject.toml

 
 

requirements-dev.txt

requirements-dev.txt

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

fail2ban-from-s3

Grabs a JSON-encoded list of things to ban and bans them using fail2ban.

Installation

python -m pip install --upgrade fail2ban-importer

Usage

fail2ban-importer [--oneshot|--dryrun]

Configuration

The following paths will be tested (in order) and the first one loaded:

  • ./fail2ban-importer.json
  • /etc/fail2ban-importer.json
  • ~/.config/fail2ban-importer.json

Fields

Note the fail2ban_jail field. If you're going to pick up your logs from fail2ban, and use them for the source of automation, make sure to filter out the actions by this system - otherwise you'll end up in a loop!

Field Name Value Type Default Value Required Description
download_module str http No The download module to use (either http or s3)
fail2ban_jail str unset Yes The jail to use for banning - DO NOT REUSE AN EXISTING JAIL
source str blank Yes Where to pull the file from, can be a http(s):// or s3:// URL.
fail2ban_client str fail2ban_client No The path to the fail2ban-client executable, in case it's not in the user's $PATH
schedule_mins int 15 No How often to run the action.
ignore_list List[str] '["127.0.0.1",]` No A list of IPs which will never be added to the ban list.
s3_endpoint str No The endpoint URL if you need to force it for s3, eg if you're using minio or another S3-compatible store.
s3_v4 bool false No Whether to force s3_v4 requests (useful for minio)
s3_minio bool false No Enable minio mode, force s3_v4 requests

HTTP(S) Source

x
{
    "source": "https://example.com/fail2ban.json",
    "fail2ban_client": "/usr/bin/fail2ban-client",
    "fail2ban_jail" : "automated",
    "schedule_mins" : 15
}

S3-compatible Source

You can use the usual boto3 AWS configuration, or put the options in the config file.

{
    "source": "s3://my-magic-fail2ban-bucket/fail2ban.json",
    "AWS_ACCESS_KEY_ID" : "exampleuser",
    "AWS_SECRET_ACCESS_KEY" : "hunter2",
    "schedule_mins" : 1
}

If you're using minio as your backend, you should add the following additional options to the config file:

{
    "s3_v4" : true,
    "s3_endpoint" : "https://example.com",
}

Example source data file

[
  {
    "jail": "sshd",
    "ip": "196.30.15.254"
  },
  {
    "jail": "sshd",
    "ip": "119.13.89.28"
  }
]

Thanks

About

Pull from JSON lists and fail2ban things.

pypi.org/project/fail2ban_importer/

Topics

python security https s3 fail2ban

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages