Takes banlists and uses fail2ban to block them

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for James.Hodgkinson from gravatar.com James.Hodgkinson

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: James Hodgkinson

Requires: Python >=3.8, <4.0

Classifiers

Project description

fail2ban-from-s3

Grabs a JSON-encoded list of things to ban and bans them using fail2ban.

Installation

python -m pip install --upgrade fail2ban-importer

Usage

fail2ban-importer [--oneshot|--dryrun]

Configuration

The following paths will be tested (in order) and the first one loaded:

  • ./fail2ban-importer.json
  • /etc/fail2ban-importer.json
  • ~/.config/fail2ban-importer.json

Fields

Note the fail2ban_jail field. If you're going to pick up your logs from fail2ban, and use them for the source of automation, make sure to filter out the actions by this system - otherwise you'll end up in a loop!

Field Name Value Type Default Value Required Description
download_module str http No The download module to use (either http or s3)
fail2ban_jail str unset Yes The jail to use for banning - DO NOT REUSE AN EXISTING JAIL
source str blank Yes Where to pull the file from, can be a http(s):// or s3:// URL.
fail2ban_client str fail2ban_client No The path to the fail2ban-client executable, in case it's not in the user's $PATH
schedule_mins int 15 No How often to run the action.
s3_endpoint str No The endpoint URL if you need to force it for s3, eg if you're using minio or another S3-compatible store.
s3_v4 bool false No Whether to force s3_v4 requests (useful for minio)
s3_minio bool false No Enable minio mode, force s3_v4 requests

HTTP(S) Source

x
{
    "source": "https://example.com/fail2ban.json",
    "fail2ban_client": "/usr/bin/fail2ban-client",
    "fail2ban_jail" : "automated",
    "schedule_mins" : 15
}

S3-compatible Source

You can use the usual boto3 AWS configuration, or put the options in the config file.

{
    "source": "s3://my-magic-fail2ban-bucket/fail2ban.json",
    "AWS_ACCESS_KEY_ID" : "exampleuser",
    "AWS_SECRET_ACCESS_KEY" : "hunter2",
    "schedule_mins" : 1
}

If you're using minio as your backend, you should add the following additional options to the config file:

{
    "s3_v4" : true,
    "s3_endpoint" : "https://example.com",
}

Example source data file

[
  {
    "jail": "sshd",
    "ip": "196.30.15.254"
  },
  {
    "jail": "sshd",
    "ip": "119.13.89.28"
  }
]

Thanks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for James.Hodgkinson from gravatar.com James.Hodgkinson

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: James Hodgkinson

Requires: Python >=3.8, <4.0

Classifiers

Release history Release notifications | RSS feed

This version

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fail2ban-importer-0.0.9.tar.gz (6.6 kB view hashes)

Uploaded Source

Built Distribution

fail2ban_importer-0.0.9-py3-none-any.whl (8.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page