Takes banlists and uses fail2ban to block them
Project description
fail2ban-from-s3
Grabs a JSON-encoded list of things to ban and bans them using fail2ban.
Installation
python -m pip install --upgrade fail2ban-importer
Usage
fail2ban-importer [--oneshot|--dryrun]
Configuration
The following paths will be tested (in order) and the first one loaded:
./fail2ban-importer.json/etc/fail2ban-importer.json~/.config/fail2ban-importer.json
Fields
Note the fail2ban_jail field. If you're going to pick up your logs from fail2ban, and use them for the source of automation, make sure to filter out the actions by this system - otherwise you'll end up in a loop!
| Field Name | Value Type | Default Value | Required | Description |
|---|---|---|---|---|
download_module |
str |
http |
No | The download module to use (either http or s3) |
fail2ban_jail |
str |
unset | Yes | The jail to use for banning - DO NOT REUSE AN EXISTING JAIL |
source |
str |
blank |
Yes | Where to pull the file from, can be a http(s):// or s3:// URL. |
fail2ban_client |
str |
fail2ban_client |
No | The path to the fail2ban-client executable, in case it's not in the user's $PATH |
schedule_mins |
int |
15 | No | How often to run the action. |
s3_endpoint |
str |
No | The endpoint URL if you need to force it for s3, eg if you're using minio or another S3-compatible store. | |
s3_v4 |
bool |
false |
No | Whether to force s3_v4 requests (useful for minio) |
s3_minio |
bool |
false |
No | Enable minio mode, force s3_v4 requests |
HTTP(S) Source
x
{
"source": "https://example.com/fail2ban.json",
"fail2ban_client": "/usr/bin/fail2ban-client",
"fail2ban_jail" : "automated",
"schedule_mins" : 15
}
S3-compatible Source
You can use the usual boto3 AWS configuration, or put the options in the config file.
{
"source": "s3://my-magic-fail2ban-bucket/fail2ban.json",
"AWS_ACCESS_KEY_ID" : "exampleuser",
"AWS_SECRET_ACCESS_KEY" : "hunter2",
"schedule_mins" : 1
}
If you're using minio as your backend, you should add the following additional options to the config file:
{
"s3_v4" : true,
"s3_endpoint" : "https://example.com",
}
Example source data file
[
{
"jail": "sshd",
"ip": "196.30.15.254"
},
{
"jail": "sshd",
"ip": "119.13.89.28"
}
]
Thanks
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fail2ban-importer-0.0.9.tar.gz.
File metadata
- Download URL: fail2ban-importer-0.0.9.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.2 Darwin/21.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 07805b3d62dbcba7f51c694da8ea691b20c2819a356069b83e83e56f822b5160 |
|
| MD5 | a907b94391cdf049af0dcb1483e0dfff |
|
| BLAKE2b-256 | 3873566048640c6ca0410d2a0eb6a08c9ce6a50aebe01097564345a5a2e3883c |
File details
Details for the file fail2ban_importer-0.0.9-py3-none-any.whl.
File metadata
- Download URL: fail2ban_importer-0.0.9-py3-none-any.whl
- Upload date:
- Size: 8.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.13 CPython/3.10.2 Darwin/21.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 37d0dcee35eb3658db700021c59cc4a4f3de6a2854c5c8f843b5633cb87059f8 |
|
| MD5 | cebeb0fdb95a43eec009238f31a17fe4 |
|
| BLAKE2b-256 | e5bbfa8b613cd7c1a29ff41f898c6366e85e25d81d875c55f2600c9556a5cbdd |
