CREATE TABLE `erp_core_fail2ban` (
`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
`hostname` VARCHAR(255) NULL DEFAULT NULL COLLATE 'utf8_unicode_ci',
`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`name` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
`protocol` VARCHAR(16) NOT NULL COLLATE 'utf8_unicode_ci',
`port` VARCHAR(32) NOT NULL COLLATE 'utf8_unicode_ci',
`ip` VARCHAR(64) NOT NULL COLLATE 'utf8_unicode_ci',
`hostname_attckr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
`country` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
`org` TEXT NOT NULL COLLATE 'utf8_unicode_ci',
`asnr` VARCHAR(255) NOT NULL COLLATE 'utf8_unicode_ci',
PRIMARY KEY (`id`),
INDEX `hostname` (`hostname`, `ip`)
);
apt-get install fail2ban logrotate jq
################################################## /etcfail2ban/log_sql.sh ###############################################################
#!/bin/bash
#
name=$1
protocol=$2
port=$3
ip=$4;
hname=$(hostname)
VAL=$(curl --silent ipinfo.io/$ip)
json_hostname=$(echo "$VAL" | jq -r ".hostname")
json_country=$(echo "$VAL" | jq -r ".country")
json_org=$(echo "$VAL" | jq -r ".org")
json_as=$(echo $json_org | head -n1 | cut -d " " -f1)
# WERTE in Datenbank eintragen
INSERT="INSERT INTO erp_core_fail2ban (hostname,name,protocol,port,ip,hostname_attckr,country,org,asnr) VALUES ('${hname}','${name}','${protocol}','${port}','${ip}','${json_hostname}','${json_country}','${json_org}','${json_as}');";
#echo "$INSERT\n";
echo $INSERT | mysql -h 188.68.32.44 -P 3306 -u USERNAME -pPASSWORDHERE -D DHT11
# echo $INSERT
exit 0
################################################## /etc/fail2ban/action.d/mysql-log.conf ###############################################################
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = /etc/fail2ban/log_sql.sh <name> <protocol> <port> <ip>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
################################################## /etc/fail2ban/jail.conf ###############################################################
#
# ACTIONS
#
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
#banaction = iptables-multiport
banaction = mysql-log
# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
#mta = sendmail
mta =