Shows geolocation of the IPs of the failed attempts recorded by fail2ban
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
fail2bangeolocation
Shows geolocation of failed attempts registered by fail2ban.
It's useful to know from which locations you are being attacked the most.
You can group locations by country or by country and by city.
Screenshots
- Grouped by country
- Grouped by country and city
Geolocation DB
IP geolocation is done through reallyfreegeoip.org. This means you will need an active internet connection in order to geolocate the IPs.
Requirements
- requests
- tqdm
- colorama
Installation
You can install fail2bangeolocation via pipx:
$ pipx install fail2bangeolocation
Usage
-
You can run fail2bangeolocation directly from the command line interface:
$ fail2bangeolocation [-h] [-c] {fail2ban,log,server}
-
fail2bangeolocation arguments
usage: fail2bangeolocation.py [-h] [-c] {fail2ban,log,server} ... Shows geolocation of failed attempts registered by fail2ban positional arguments: {fail2ban,log,server} These options are mutually exclusive fail2ban analyze all banned IPs by fail2ban (from fail2ban output) log analyze a fail2ban log file. Use "log -h" to see more options server analyze all banned IPs by fail2ban (e.g. "server sshd") optional arguments: -h, --help show this help message and exit -c, --show-city group IPs by country and city
-
Analyze all IPs registered by fail2ban
:warning: Requires root privileges
Run fail2bangeolocation using the fail2ban argument:
$ sudo fail2bangeolocation fail2ban
-
Analyze all IPs registered by fail2ban for a given jailed server/service, e.g. sshd
:warning: Requires root privileges
Run fail2bangeolocation with the server argument and the jailed server name:$ sudo fail2bangeolocation server sshd
-
Analyze a log file
:warning: May require root privileges depending on the file to be analyzed
Run fail2bangeolocation with the log argument and the path to the log file:$ fail2bangeolocation log /var/log/fai2ban.log
You can also geolocate the unbanned IPs contained in the log adding the -u argument:
$ fail2bangeolocation log -u /var/log/fai2ban.log
-
Group the output by country and city
Run fail2bangeolocation with "-c" as first argument:
$ fail2bangeolocation -c {fail2ban,log,server}
Troubleshooting
In case of any problem create an issue
Discussions
If you want ask (or answer) a question, leave an opinion or have an open-ended conversation you can create (or join) a discussion
Support
If you find this application useful you can star this repo.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fail2bangeolocation-2.0.8.tar.gz.
File metadata
- Download URL: fail2bangeolocation-2.0.8.tar.gz
- Upload date:
- Size: 90.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2d3170bf1c6bb6dbcd2eecae8e8abc8e529daf463ca05e9bfc71f9c068da1f24 |
|
| MD5 | ee634548ba23fec976a8ff3fd33723e3 |
|
| BLAKE2b-256 | c46ea4aa73d0a62e619d2f64e0d12a96c2ba88be12049606a16c4780f8f37a27 |
File details
Details for the file fail2bangeolocation-2.0.8-py3-none-any.whl.
File metadata
- Download URL: fail2bangeolocation-2.0.8-py3-none-any.whl
- Upload date:
- Size: 38.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e1aed7f59c0888adb41bf9696b6faa668ee6b5bce0cd5eb309bec67dbdfc49c |
|
| MD5 | f0430013eeda7a5a7829339923188b39 |
|
| BLAKE2b-256 | 989b2edcf93ba88fe0230ee5b2f78efbf5814f98e7b2919371b407d1eb643fcb |
