'fail2ban/readme.txt' hinzufügen
This commit is contained in:
parent
07444f0ebc
commit
85ebdc29e1
113
fail2ban/readme.txt
Normal file
113
fail2ban/readme.txt
Normal file
@ -0,0 +1,113 @@
|
||||
CREATE TABLE `erp_core_fail2ban` (
|
||||
`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
`hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci',
|
||||
`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
`name` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`org` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
`asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
|
||||
PRIMARY KEY (`id`),
|
||||
INDEX `hostname` (`hostname`, `ip`)
|
||||
);
|
||||
|
||||
apt-get install fail2ban logrotate jq
|
||||
|
||||
################################################## /etcfail2ban/log_sql.sh ###############################################################
|
||||
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
name=$1
|
||||
protocol=$2
|
||||
port=$3
|
||||
ip=$4;
|
||||
|
||||
hname=$(hostname)
|
||||
|
||||
VAL=$(curl --silent ipinfo.io/$ip)
|
||||
json_hostname=$(echo "$VAL" | jq -r ".hostname")
|
||||
json_country=$(echo "$VAL" | jq -r ".country")
|
||||
json_org=$(echo "$VAL" | jq -r ".org")
|
||||
json_as=$(echo $json_org | head -n1 | cut -d " " -f1)
|
||||
|
||||
|
||||
# WERTE in Datenbank eintragen
|
||||
INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');";
|
||||
#echo "$INSERT\n";
|
||||
echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11
|
||||
# echo $INSERT
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
################################################## /etc/fail2ban/action.d/mysql-log.conf ###############################################################
|
||||
|
||||
# Fail2Ban configuration file
|
||||
#
|
||||
# Author: Cyril Jaquier
|
||||
#
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
# Option: actionstart
|
||||
# Notes.: command executed once at the start of Fail2Ban.
|
||||
# Values: CMD
|
||||
#
|
||||
actionstart =
|
||||
|
||||
# Option: actionstop
|
||||
# Notes.: command executed once at the end of Fail2Ban
|
||||
# Values: CMD
|
||||
#
|
||||
actionstop =
|
||||
|
||||
# Option: actioncheck
|
||||
# Notes.: command executed once before each actionban command
|
||||
# Values: CMD
|
||||
#
|
||||
actioncheck =
|
||||
|
||||
# Option: actionban
|
||||
# Notes.: command executed when banning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionban = /etc/fail2ban/log_sql.sh <name> <protocol> <port> <ip>
|
||||
|
||||
# Option: actionunban
|
||||
# Notes.: command executed when unbanning an IP. Take care that the
|
||||
# command is executed with Fail2Ban user rights.
|
||||
# Tags: See jail.conf(5) man page
|
||||
# Values: CMD
|
||||
#
|
||||
actionunban =
|
||||
|
||||
|
||||
################################################## /etc/fail2ban/jail.conf ###############################################################
|
||||
|
||||
#
|
||||
# ACTIONS
|
||||
#
|
||||
|
||||
# Default banning action (e.g. iptables, iptables-new,
|
||||
# iptables-multiport, shorewall, etc) It is used to define
|
||||
# action_* variables. Can be overridden globally or per
|
||||
# section within jail.local file
|
||||
#banaction = iptables-multiport
|
||||
banaction = mysql-log
|
||||
|
||||
# email action. Since 0.8.1 upstream fail2ban uses sendmail
|
||||
# MTA for the mailing. Change mta configuration parameter to mail
|
||||
# if you want to revert to conventional 'mail'.
|
||||
#mta = sendmail
|
||||
mta =
|
Loading…
Reference in New Issue
Block a user