Skip to content

Latest commit

 

History

History
78 lines (54 loc) · 3.08 KB

README.md

File metadata and controls

78 lines (54 loc) · 3.08 KB

fail2ban-subnets

Presentation

fail2ban-subnets aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses. It thus uses the fail2ban logfiles and calculates the most restricted subnet to be banned for these IPs. Using the log file generated by fail2ban-subnets, and a new action.d script, we can thus create a specific jail in fail2ban for banning those subnets.

fail2ban-subnets is here to provide what's currently impossible in fail2ban, even if there are issues that are progressing on that side.

Licence

Copyright (C) 2015 Raphaël Beamonte <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [See the GNU General Public License for more details] GPLv2.

Installation

Get the code

You can get the code by cloning this repository or downloading the last version of the zip package

Configuration of fail2ban-subnets

You should edit the first part of the fail2ban-subnets.py file to adjust to your system. All comments on this configuration are provided in the file.

Configuration of fail2ban

Here's the way I recommand setting fail2ban to avoid problems in future developments. These settings are based on a Debian system and consider you got the fail2ban-subnets files in /home/usr/f2b-sn/, you should adapt them to your needs.

Go to the fail2ban settings directory of your system as root:

cd /etc/fail2ban

Create the directories action.d.local and filter.d.local:

mkdir action.d.local filter.d.local

Copy the fail2ban-subnets action and filter files in these new directories:

cp /home/usr/f2b-sn/action.d.local/* action.d.local/
cp /home/usr/f2b-sn/filter.d.local/* filter.d.local/

Add the configuration for the fail2ban-subnets jail at the end of your local jail:

cat /home/usr/f2b-sn/jail.local >> jail.local

Run fail2ban-subnets

Install the fail2ban-subnets script to be executed once an hour:

cp /home/usr/f2b-sn/fail2ban-subnets.py /etc/cron.hourly/fail2ban-subnets
chown root:adm /etc/cron.hourly/fail2ban-subnets

Note: you could also set a crontab to go more regularly, still as root, by running crontab -e then setting your crontab.

Issues

Please use the [GitHub integrated issue tracker] issues for every problem you can encounter. Please DO NOT use my email for issues or walkthrough.