Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xaf/fail2ban-subnets

fail2ban-subnets aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses.
https://github.com/xaf/fail2ban-subnets

Last synced: 2 months ago
JSON representation

fail2ban-subnets aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses.

Awesome Lists containing this project

README 

        
fail2ban-subnets

================



## Presentation



```fail2ban-subnets``` aims to provide a way to ban subnets of IPs repeatingly banned by [```fail2ban```][fail2ban] for multiple offenses. It thus uses the ```fail2ban``` logfiles and calculates the most restricted subnet to be banned for these IPs. Using the log file generated by ```fail2ban-subnets```, and a new ```action.d``` script, we can thus create a specific jail in ```fail2ban``` for banning those subnets.



```fail2ban-subnets``` is here to provide what's currently impossible in ```fail2ban```, even if there are issues that are progressing on that side.



## Licence



Copyright (C) 2015       Raphaël Beamonte <>



This program is free software; you can redistribute it and/or

modify it under the terms of the GNU General Public License

as published by the Free Software Foundation; either version 2

of the License, or (at your option) any later version.



This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  [See the

GNU General Public License for more details] [GPLv2].



## Installation



### Get the code



You can get the code by cloning this repository or downloading the [last version of the zip package][zip]



### Configuration of ```fail2ban-subnets```



You should edit the first part of the ```fail2ban-subnets.py``` file to adjust to your system. All comments on this configuration are provided in the file.



### Configuration of ```fail2ban```



Here's the way I recommand setting ```fail2ban``` to avoid problems in future developments.

These settings are based on a Debian system and consider you got the ```fail2ban-subnets``` files in ```/home/usr/f2b-sn/```, you should adapt them to your needs.



Go to the ```fail2ban``` settings directory of your system **as root**:

```sh

cd /etc/fail2ban

```



Create the directories ```action.d.local``` and ```filter.d.local```:

```sh

mkdir action.d.local filter.d.local

```



Copy the ```fail2ban-subnets``` action and filter files in these new directories:

```sh

cp /home/usr/f2b-sn/action.d.local/* action.d.local/

cp /home/usr/f2b-sn/filter.d.local/* filter.d.local/

```



Add the configuration for the ```fail2ban-subnets``` jail at the end of your local jail:

```sh

cat /home/usr/f2b-sn/jail.local >> jail.local

```



### Run `fail2ban-subnets`



Install the ```fail2ban-subnets``` script to be executed once an hour:

```sh

cp /home/usr/f2b-sn/fail2ban-subnets.py /etc/cron.hourly/fail2ban-subnets

chown root:adm /etc/cron.hourly/fail2ban-subnets

```



**Note:** you could also set a crontab to go more regularly, still *as root*, by running ```crontab -e``` then setting your crontab.



## Issues

Please use the [GitHub integrated issue tracker] [issues] for every problem you can

encounter. Please **DO NOT** use my email for issues or walkthrough.



[fail2ban]: https://github.com/fail2ban/fail2ban

[GPLv2]: https://www.gnu.org/licenses/gpl-2.0.html

[zip]: https://github.com/XaF/fail2ban-subnets/archive/master.zip

[issues]: https://github.com/XaF/fail2ban-subnets/issues