https://github.com/rubenhortas/fail2bangeolocation
Shows geolocation of failed attempts registered by fail2ban.
https://github.com/rubenhortas/fail2bangeolocation
ban fail fail2ban geolocation ip python python-3 python3
Last synced: 6 months ago
JSON representation
Shows geolocation of failed attempts registered by fail2ban.
- Host: GitHub
- URL: https://github.com/rubenhortas/fail2bangeolocation
- Owner: rubenhortas
- License: gpl-3.0
- Created: 2022-06-04T20:22:22.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-11-02T17:10:20.000Z (11 months ago)
- Last Synced: 2025-04-11T21:14:44.617Z (6 months ago)
- Topics: ban, fail, fail2ban, geolocation, ip, python, python-3, python3
- Language: Python
- Homepage:
- Size: 3.4 MB
- Stars: 4
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# fail2bangeolocation
Shows geolocation of failed attempts registered by *fail2ban*.
It's useful to know from which locations you are being attacked the most.
You can group locations by country or by country and by city.
## Screenshots
* Grouped by country
* Grouped by country and city
## reallyfreegeoip.org
IP geolocation is done through [reallyfreegeoip.org](https://reallyfreegeoip.org).
This means you will need an active internet connection in order to geolocate the IPs.
## Installation
You can install *fail2bangeolocation* via *pipx*:
### Installation as user
```shell
$ pipx install fail2bangeolocation
```
### Installation as root
```shell
$ sudo su
# pipx install fail2bangeolocation
```
## Usage
* You can run *fail2bangeolocation* directly from the command line interface:
```shell
fail2bangeolocation [-h] [-c] {fail2ban,log,server}
```
* *fail2bangeolocation* arguments
```shell
usage: fail2bangeolocation.py [-h] [-c] {fail2ban,log,server} ...
Shows geolocation of failed attempts registered by fail2ban
positional arguments:
{fail2ban,log,server}
These options are mutually exclusive
fail2ban analyze all banned IPs by fail2ban (from fail2ban output)
log analyze a fail2ban log file. Use "log -h" to see more options
server analyze all banned IPs by fail2ban (e.g. "server sshd")
optional arguments:
-h, --help show this help message and exit
-c, --show-city group IPs by country and city
```
* ### Analyze all IPs registered by fail2ban
:warning: Requires root privileges
Run *fail2bangeolocation* using the *fail2ban* argument:
```shell
$ sudo su
# fail2bangeolocation fail2ban
```
* ### Analyze all IPs registered by fail2ban for a given jailed server/service, e.g. sshd
:warning: Requires root privileges
Run *fail2bangeolocation* with the *server* argument and the jailed server name:
```shell
$sudo su
# fail2bangeolocation server sshd
```
* ### Analyze a log file
:warning: May require root privileges depending on the file to be analyzed
Run *fail2bangeolocation* with the *log* argument and the path to the log file:
```shell
fail2bangeolocation log /var/log/fai2ban.log
```
You can also geolocate the unbanned IPs contained in the log adding the **-u** argument:
```shell
fail2bangeolocation log -u /var/log/fai2ban.log
```
* ### Group the output by country and city
Run *fail2bangeolocation* with "**-c**" as first argument:
```shell
fail2bangeolocation -c {fail2ban,log,server}
```
## Troubleshooting
In case of any problem, you create an [issue](https://github.com/rubenhortas/fail2bangeolocation/issues/new).
## Discussions
If you want ask (or answer) a question, leave an opinion or have an open-ended conversation you can create (or join) a [discussion](https://github.com/rubenhortas/fail2bangeolocation/discussions/new).
## Support
If you find this application useful you can star this repo.