Access control using Fail2Ban and geoip: Difference between revisions
No edit summary |
No edit summary |
||
Line 17: | Line 17: | ||
Create an action script: | Create an action script: | ||
<code>sudo vi /etc/fail2ban/action.d/geohostsdeny.conf</code> | <code>sudo vi /etc/fail2ban/action.d/geohostsdeny.conf</code> | ||
<blockquote> | |||
[Definition] | <div class="toccolours mw-collapsible mw-collapsed"> | ||
Dette er synligt hele tiden ############ | |||
<div class="mw-collapsible-content"> | |||
<syntaxhighlight lang="xml" line>[Definition] | |||
# Option: actionstart | # Option: actionstart | ||
Line 76: | Line 79: | ||
# Values: STR Default: ALL | # Values: STR Default: ALL | ||
daemon_list = ALL | daemon_list = ALL | ||
</syntaxhighlight> | |||
</div> | |||
</div> | |||
</blockquote> | |||
Line 81: | Line 92: | ||
* http://kbeezie.com/geoiplookup-command-line/ | * http://kbeezie.com/geoiplookup-command-line/ | ||
* https://www.webfoobar.com/node/54 | * https://www.webfoobar.com/node/54 | ||
=== OVERSKRIFT === | |||
* Bullet. | |||
- Note. | |||
- Note. | |||
<blockquote> | |||
<div class="toccolours mw-collapsible mw-collapsed"> | |||
Dette er synligt hele tiden ############ | |||
<div class="mw-collapsible-content"> | |||
<syntaxhighlight lang="xml" line>START TEKST HER ########### | |||
SLUT TEKST HER########## | |||
</syntaxhighlight> | |||
</div> | |||
</div> | |||
</blockquote> |
Revision as of 12:22, 26 May 2017
Geolookup
In order to do a geolookup from the command line, we have to get the GeoIP binary and database installed.
apt-get install geoip-bin geoip-database
Test it:
geoiplookup 8.8.8.8
should give you
GeoIP Country Edition: US, United States
Fail2Ban
I assume Fail2ban is already installed and configured.
Create an action script:
sudo vi /etc/fail2ban/action.d/geohostsdeny.conf
Dette er synligt hele tiden ############
[Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Excludes PH|Philippines from banning. # Tags: See jail.conf(5) man page # Values: CMD # actionban = IP=<ip> && COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] || (printf %%b "<daemon_list>: $IP\n" >> <file>) # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file> [Init] # Option: country_list # Notes.: List of exempted countries separated by pipe "|" # Values: STR Default: # country_list = PH|Philippines # Option: file # Notes.: hosts.deny file path. # Values: STR Default: /etc/hosts.deny # file = /etc/hosts.deny # Option: daemon_list # Notes: The list of services that this action will deny. See the man page # for hosts.deny/hosts_access. Default is all services. # Values: STR Default: ALL daemon_list = ALL
Reference
OVERSKRIFT
- Bullet.
- Note.
- Note.
Dette er synligt hele tiden ############
START TEKST HER ########### SLUT TEKST HER##########