fail2bangeolocation 2.0.9

Shows geolocation of the IPs of the failed attempts recorded by fail2ban

fail2bangeolocation

Shows geolocation of failed attempts registered by fail2ban.
It's useful to know from which locations you are being attacked the most.
You can group locations by country or by country and by city.

Screenshots

• Grouped by country

• Grouped by country and city

reallyfreegeoip.org

IP geolocation is done through reallyfreegeoip.org. This means you will need an active internet connection in order to geolocate the IPs.

Installation

You can install fail2bangeolocation via pipx:

Installation as user

$ pipx install fail2bangeolocation

Installation as root

$ sudo su
# pipx install fail2bangeolocation

Usage

• You can run fail2bangeolocation directly from the command line interface:

  fail2bangeolocation [-h] [-c] {fail2ban,log,server}
  

• fail2bangeolocation arguments

  usage: fail2bangeolocation.py [-h] [-c] {fail2ban,log,server} ...
  
  Shows geolocation of failed attempts registered by fail2ban
  
  positional arguments:
    {fail2ban,log,server}
                          These options are mutually exclusive
      fail2ban            analyze all banned IPs by fail2ban (from fail2ban output)
      log                 analyze a fail2ban log file. Use "log -h" to see more options
      server              analyze all banned IPs by fail2ban (e.g. "server sshd")
  
  optional arguments:
    -h, --help            show this help message and exit
    -c, --show-city       group IPs by country and city 
  

• Analyze all IPs registered by fail2ban

  :warning: Requires root privileges

  Run fail2bangeolocation using the fail2ban argument:

  $ sudo su
  # fail2bangeolocation fail2ban
  

• Analyze all IPs registered by fail2ban for a given jailed server/service, e.g. sshd

  :warning: Requires root privileges
  Run fail2bangeolocation with the server argument and the jailed server name:

  $sudo su
  # fail2bangeolocation server sshd
  

• Analyze a log file

  :warning: May require root privileges depending on the file to be analyzed
  Run fail2bangeolocation with the log argument and the path to the log file:

  fail2bangeolocation log /var/log/fai2ban.log
  

  You can also geolocate the unbanned IPs contained in the log adding the -u argument:

  fail2bangeolocation log -u /var/log/fai2ban.log
  

• Group the output by country and city

  Run fail2bangeolocation with "-c" as first argument:

  fail2bangeolocation -c {fail2ban,log,server}
  

Troubleshooting

In case of any problem, you create an issue.

Discussions

If you want ask (or answer) a question, leave an opinion or have an open-ended conversation you can create (or join) a discussion.

Support

If you find this application useful you can star this repo.