Access control using Fail2Ban and geoip: Difference between revisions
No edit summary |
No edit summary |
||
Line 10: | Line 10: | ||
should give you | should give you | ||
<code>GeoIP Country Edition: US, United States</code> | <code>GeoIP Country Edition: US, United States</code> | ||
=== Fail2Ban === | |||
I assume Fail2ban is already installed and configured. | |||
Create an action script: | |||
<code>sudo vi /etc/fail2ban/action.d/geohostsdeny.conf</code> | |||
[Definition] | |||
# Option: actionstart | |||
# Notes.: command executed once at the start of Fail2Ban. | |||
# Values: CMD | |||
# | |||
actionstart = | |||
# Option: actionstop | |||
# Notes.: command executed once at the end of Fail2Ban | |||
# Values: CMD | |||
# | |||
actionstop = | |||
# Option: actioncheck | |||
# Notes.: command executed once before each actionban command | |||
# Values: CMD | |||
# | |||
actioncheck = | |||
# Option: actionban | |||
# Notes.: command executed when banning an IP. Take care that the | |||
# command is executed with Fail2Ban user rights. | |||
# Excludes PH|Philippines from banning. | |||
# Tags: See jail.conf(5) man page | |||
# Values: CMD | |||
# | |||
actionban = IP=<ip> && | |||
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] || | |||
(printf %%b "<daemon_list>: $IP\n" >> <file>) | |||
# Option: actionunban | |||
# Notes.: command executed when unbanning an IP. Take care that the | |||
# command is executed with Fail2Ban user rights. | |||
# Tags: See jail.conf(5) man page | |||
# Values: CMD | |||
# | |||
actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file> | |||
[Init] | |||
# Option: country_list | |||
# Notes.: List of exempted countries separated by pipe "|" | |||
# Values: STR Default: | |||
# | |||
country_list = PH|Philippines | |||
# Option: file | |||
# Notes.: hosts.deny file path. | |||
# Values: STR Default: /etc/hosts.deny | |||
# | |||
file = /etc/hosts.deny | |||
# Option: daemon_list | |||
# Notes: The list of services that this action will deny. See the man page | |||
# for hosts.deny/hosts_access. Default is all services. | |||
# Values: STR Default: ALL | |||
daemon_list = ALL | |||
== Reference == | |||
* http://kbeezie.com/geoiplookup-command-line/ | |||
* https://www.webfoobar.com/node/54 |
Revision as of 12:19, 26 May 2017
Geolookup
In order to do a geolookup from the command line, we have to get the GeoIP binary and database installed.
apt-get install geoip-bin geoip-database
Test it:
geoiplookup 8.8.8.8
should give you
GeoIP Country Edition: US, United States
Fail2Ban
I assume Fail2ban is already installed and configured.
Create an action script:
sudo vi /etc/fail2ban/action.d/geohostsdeny.conf
[Definition]
- Option: actionstart
- Notes.: command executed once at the start of Fail2Ban.
- Values: CMD
actionstart =
- Option: actionstop
- Notes.: command executed once at the end of Fail2Ban
- Values: CMD
actionstop =
- Option: actioncheck
- Notes.: command executed once before each actionban command
- Values: CMD
actioncheck =
- Option: actionban
- Notes.: command executed when banning an IP. Take care that the
- command is executed with Fail2Ban user rights.
- Excludes PH|Philippines from banning.
- Tags: See jail.conf(5) man page
- Values: CMD
actionban = IP=<ip> &&
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] || (printf %%b "<daemon_list>: $IP\n" >> <file>)
- Option: actionunban
- Notes.: command executed when unbanning an IP. Take care that the
- command is executed with Fail2Ban user rights.
- Tags: See jail.conf(5) man page
- Values: CMD
actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
[Init]
- Option: country_list
- Notes.: List of exempted countries separated by pipe "|"
- Values: STR Default:
country_list = PH|Philippines
- Option: file
- Notes.: hosts.deny file path.
- Values: STR Default: /etc/hosts.deny
file = /etc/hosts.deny
- Option: daemon_list
- Notes: The list of services that this action will deny. See the man page
- for hosts.deny/hosts_access. Default is all services.
- Values: STR Default: ALL
daemon_list = ALL