diff --git a/fail2ban/readme.txt b/fail2ban/readme.txt new file mode 100644 index 0000000..a845623 --- /dev/null +++ b/fail2ban/readme.txt @@ -0,0 +1,113 @@ +CREATE TABLE `erp_core_fail2ban` ( + `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, + `hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci', + `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + `name` TEXT NOT NULL COLLATE 'utf8_unicode_ci', + `protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci', + `port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci', + `ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', + `hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', + `country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', + `org` TEXT NOT NULL COLLATE 'utf8_unicode_ci', + `asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', + PRIMARY KEY (`id`), + INDEX `hostname` (`hostname`, `ip`) +); + +apt-get install fail2ban logrotate jq + +################################################## /etcfail2ban/log_sql.sh ############################################################### + +#!/bin/bash +# + +name=$1 +protocol=$2 +port=$3 +ip=$4; + +hname=$(hostname) + +VAL=$(curl --silent ipinfo.io/$ip) +json_hostname=$(echo "$VAL" | jq -r ".hostname") +json_country=$(echo "$VAL" | jq -r ".country") +json_org=$(echo "$VAL" | jq -r ".org") +json_as=$(echo $json_org | head -n1 | cut -d " " -f1) + + +# WERTE in Datenbank eintragen +INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');"; +#echo "$INSERT\n"; +echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11 +# echo $INSERT + +exit 0 + + + + + + +################################################## /etc/fail2ban/action.d/mysql-log.conf ############################################################### + +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = /etc/fail2ban/log_sql.sh + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + + +################################################## /etc/fail2ban/jail.conf ############################################################### + +# +# ACTIONS +# + +# Default banning action (e.g. iptables, iptables-new, +# iptables-multiport, shorewall, etc) It is used to define +# action_* variables. Can be overridden globally or per +# section within jail.local file +#banaction = iptables-multiport +banaction = mysql-log + +# email action. Since 0.8.1 upstream fail2ban uses sendmail +# MTA for the mailing. Change mta configuration parameter to mail +# if you want to revert to conventional 'mail'. +#mta = sendmail +mta = \ No newline at end of file