CREATE TABLE `erp_core_fail2ban` ( `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, `hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci', `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `name` TEXT NOT NULL COLLATE 'utf8_unicode_ci', `protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci', `port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci', `ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci', `hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', `country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', `org` TEXT NOT NULL COLLATE 'utf8_unicode_ci', `asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci', PRIMARY KEY (`id`), INDEX `hostname` (`hostname`, `ip`) ); apt-get install fail2ban logrotate jq ################################################## /etcfail2ban/log_sql.sh ############################################################### #!/bin/bash # name=$1 protocol=$2 port=$3 ip=$4; hname=$(hostname) VAL=$(curl --silent ipinfo.io/$ip) json_hostname=$(echo "$VAL" | jq -r ".hostname") json_country=$(echo "$VAL" | jq -r ".country") json_org=$(echo "$VAL" | jq -r ".org") json_as=$(echo $json_org | head -n1 | cut -d " " -f1) # WERTE in Datenbank eintragen INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');"; #echo "$INSERT\n"; echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11 # echo $INSERT exit 0 ################################################## /etc/fail2ban/action.d/mysql-log.conf ############################################################### # Fail2Ban configuration file # # Author: Cyril Jaquier # # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = /etc/fail2ban/log_sql.sh # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = ################################################## /etc/fail2ban/jail.conf ############################################################### # # ACTIONS # # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overridden globally or per # section within jail.local file #banaction = iptables-multiport banaction = mysql-log # email action. Since 0.8.1 upstream fail2ban uses sendmail # MTA for the mailing. Change mta configuration parameter to mail # if you want to revert to conventional 'mail'. #mta = sendmail mta =