Downloads JSON-encoded lists from s3 or HTTPS endpoints and bans them

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for James.Hodgkinson from gravatar.com James.Hodgkinson

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: James Hodgkinson

Tags fail2ban, security, s3

Classifiers

Project description

fail2ban-from-s3

Grabs a JSON-encoded list of things to ban and bans them using fail2ban.

Configuration

Config file can be in one of the following paths:

  • ./fail2ban_importer.json
  • ~/.config/fail2ban_importer.json
  • /etc/fail2ban_importer.json

Fields

Field Name Value Type Default Value Description Required
source str Where to pull the file from, can be a http(s):// or s3:// URL. Yes
fail2ban_client str fail2ban_client The path to the fail2ban-client executable, in case it's not in the user's $PATH No
jail_field str jail The field to pull the target fail2ban [jail] from in your file. No
jail_target str target The field to pull the target IP from in your file. No
schedule_mins int 5 How often to run the action. No
s3_endpoint str The endpoint URL if you need to force it for s3, eg if you're using minio or another S3-compatible store. No
s3_v4 bool false Whether to force s3_v4 requests (useful for minio) No
s3_minio bool false Enable minio mode, force s3_v4 requests No

HTTPS Source

{
    "source": "https://example.com/fail2ban.json",
    "jail_field": "service",
    "jail_target": "src",
    "fail2ban_client": "/usr/bin/fail2ban-client",
    "schedule_mins" : 1
}

S3-compatible Source

You can use the usual boto3 AWS configuration, or put the options in the config file.

{
    "source": "s3://my-magic-fail2ban-bucket/fail2ban.json",
    "AWS_ACCESS_KEY_ID" : "exampleuser",
    "AWS_SECRET_ACCESS_KEY" : "hunter2",
    "jail_field": "service",
    "jail_target": "src",
    "schedule_mins" : 1
}

If you're using minio as your backend, you should add the following additional options to the config file:

{
    "s3_v4" : true,
    "s3_endpoint" : "https://example.com",
}

Example source data file

[
  {
    "ban_time": "1640997884.011",
    "host": "host1.example.com",
    "service": "sshd",
    "src": "196.30.15.254"
  },
  {
    "ban_time": "1640996178.501",
    "host": "host2.example.com",
    "service": "https",
    "src": "119.13.89.28"
  }
]

Thanks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for James.Hodgkinson from gravatar.com James.Hodgkinson

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: James Hodgkinson

Tags fail2ban, security, s3

Classifiers

Release history Release notifications | RSS feed

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

This version

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fail2ban_importer-0.0.4.tar.gz (5.0 kB view hashes)

Uploaded Source

Built Distribution

fail2ban_importer-0.0.4-py2.py3-none-any.whl (5.6 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page