script-sammlung/fail2ban
2017-05-14 14:27:07 +02:00
..
readme.txt 'fail2ban/readme.txt' hinzufügen 2017-05-14 14:27:07 +02:00

CREATE TABLE `erp_core_fail2ban` (
	`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
	`hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci',
	`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
	`name` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
	`protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci',
	`port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci',
	`ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci',
	`hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
	`country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
	`org` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
	`asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
	PRIMARY KEY (`id`),
	INDEX `hostname` (`hostname`, `ip`)
);

apt-get install fail2ban logrotate jq

################################################## /etcfail2ban/log_sql.sh ###############################################################

#!/bin/bash
#

name=$1
protocol=$2
port=$3
ip=$4;

hname=$(hostname)

VAL=$(curl --silent ipinfo.io/$ip)
json_hostname=$(echo "$VAL" | jq -r ".hostname")
json_country=$(echo "$VAL" | jq -r ".country")
json_org=$(echo "$VAL" | jq -r ".org")
json_as=$(echo $json_org  | head -n1 | cut -d " " -f1)


# WERTE in Datenbank eintragen
INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');";
#echo "$INSERT\n";
echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11
# echo $INSERT

exit 0






################################################## /etc/fail2ban/action.d/mysql-log.conf ###############################################################

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = /etc/fail2ban/log_sql.sh <name> <protocol> <port> <ip>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =


################################################## /etc/fail2ban/jail.conf ###############################################################

#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
#banaction = iptables-multiport
banaction = mysql-log

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
#mta = sendmail
mta =