'fail2ban/readme.txt' hinzufügen

fail2ban/readme.txt

@@ -0,0 +1,113 @@
+CREATE TABLE `erp_core_fail2ban` (
+	`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
+	`hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci',
+	`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+	`name` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
+	`protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci',
+	`port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci',
+	`ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci',
+	`hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
+	`country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
+	`org` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
+	`asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
+	PRIMARY KEY (`id`),
+	INDEX `hostname` (`hostname`, `ip`)
+);
+
+apt-get install fail2ban logrotate jq
+
+################################################## /etcfail2ban/log_sql.sh ###############################################################
+
+#!/bin/bash
+#
+
+name=$1
+protocol=$2
+port=$3
+ip=$4;
+
+hname=$(hostname)
+
+VAL=$(curl --silent ipinfo.io/$ip)
+json_hostname=$(echo "$VAL" | jq -r ".hostname")
+json_country=$(echo "$VAL" | jq -r ".country")
+json_org=$(echo "$VAL" | jq -r ".org")
+json_as=$(echo $json_org  | head -n1 | cut -d " " -f1)
+
+
+# WERTE in Datenbank eintragen
+INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');";
+#echo "$INSERT\n";
+echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11
+# echo $INSERT
+
+exit 0
+
+
+
+
+
+
+################################################## /etc/fail2ban/action.d/mysql-log.conf ###############################################################
+
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = /etc/fail2ban/log_sql.sh <name> <protocol> <port> <ip>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+
+################################################## /etc/fail2ban/jail.conf ###############################################################
+
+#
+# ACTIONS
+#
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, shorewall, etc) It is used to define
+# action_* variables. Can be overridden globally or per
+# section within jail.local file
+#banaction = iptables-multiport
+banaction = mysql-log
+
+# email action. Since 0.8.1 upstream fail2ban uses sendmail
+# MTA for the mailing. Change mta configuration parameter to mail
+# if you want to revert to conventional 'mail'.
+#mta = sendmail
+mta =