Takes banlists and uses fail2ban to block them
Project description
fail2ban-from-s3
Grabs a JSON-encoded list of things to ban and bans them using fail2ban.
Installation
python -m pip install --upgrade fail2ban-importer
Usage
fail2ban-importer [--oneshot|--dryrun]
Configuration
The following paths will be tested (in order) and the first one loaded:
./fail2ban-importer.json
/etc/fail2ban-importer.json
~/.config/fail2ban-importer.json
Fields
Note the fail2ban_jail
field. If you're going to pick up your logs from fail2ban, and use them for the source of automation, make sure to filter out the actions by this system - otherwise you'll end up in a loop!
Field Name | Value Type | Default Value | Required | Description |
---|---|---|---|---|
download_module |
str |
http |
No | The download module to use (either http or s3 ) |
fail2ban_jail |
str |
unset | Yes | The jail to use for banning - DO NOT REUSE AN EXISTING JAIL |
source |
str |
blank |
Yes | Where to pull the file from, can be a http(s):// or s3:// URL. |
fail2ban_client |
str |
fail2ban_client |
No | The path to the fail2ban-client executable, in case it's not in the user's $PATH |
schedule_mins |
int |
15 | No | How often to run the action. |
s3_endpoint |
str |
No | The endpoint URL if you need to force it for s3, eg if you're using minio or another S3-compatible store. | |
s3_v4 |
bool |
false |
No | Whether to force s3_v4 requests (useful for minio) |
s3_minio |
bool |
false |
No | Enable minio mode, force s3_v4 requests |
HTTP(S) Source
x
{
"source": "https://example.com/fail2ban.json",
"fail2ban_client": "/usr/bin/fail2ban-client",
"fail2ban_jail" : "automated",
"schedule_mins" : 15
}
S3-compatible Source
You can use the usual boto3 AWS configuration, or put the options in the config file.
{
"source": "s3://my-magic-fail2ban-bucket/fail2ban.json",
"AWS_ACCESS_KEY_ID" : "exampleuser",
"AWS_SECRET_ACCESS_KEY" : "hunter2",
"schedule_mins" : 1
}
If you're using minio as your backend, you should add the following additional options to the config file:
{
"s3_v4" : true,
"s3_endpoint" : "https://example.com",
}
Example source data file
[
{
"jail": "sshd",
"ip": "196.30.15.254"
},
{
"jail": "sshd",
"ip": "119.13.89.28"
}
]
Thanks
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for fail2ban_importer-0.0.9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 37d0dcee35eb3658db700021c59cc4a4f3de6a2854c5c8f843b5633cb87059f8 |
|
MD5 | cebeb0fdb95a43eec009238f31a17fe4 |
|
BLAKE2b-256 | e5bbfa8b613cd7c1a29ff41f898c6366e85e25d81d875c55f2600c9556a5cbdd |