fail2abuseipdb is a server administration tool (currently WIP!) which allows server administrators to easily and automagically convert fail2ban's output (which a weird semi-JSON format) to a CSV-format which can directly be published to abuseipdb!
fail2abuseipdb provides a limited featureset, although it is enough for its task.
- Reading fail2ban's output from a file
- Reading fail2ban's output from stdin via pipes
- Reading fail2ban's output directly by calling fail2ban (requires elevated privileges and may be dangerous!) (Search is bugged!)
- Comment customisation
- Supports both individual jails and complete f2b output!
- Jail names are detected automatically when full output is detected
The following table describes the individual arguments and switches fail2abuseipdb understands. Arguments and switched marked as ((planned)) are not use available (or usable)!
Long | Short | Description | Status |
---|---|---|---|
--help | -h | Prints the help menu and exits. | working |
--stdin | -s | Reads input from stdin (pipe). | working |
--file= | -f[f] | Reads input from the passed file or fail2ban.json if no file passed. | working |
--version | -v | Prints the version information and exits. | ((planned)) |
--comment | -c | Overrides the default value for the comment. Must be in quotes (")! | working |
--jail-name= | -j[j] | Useful when importing single jails; sets the name for the jail. | working |
--f2b= | -e[f] | Sets the location of fail2ban directory | working |
--call-f2b | -% | No, that's not a typo. Call fail2ban directly | (kinda)working |
Variable | Function | Status |
---|---|---|
{0} | Prints the jail name in the comment. | working |
{1} | Prints the report time in the comment. | ((planned)) |
Code | Meaning |
---|---|
0 | Success |
1 | Failed to parse input from file |
2 | Failed to parse input from stdin |
3 | Failed to parse input from fail2ban directly |
4 | Insufficient execution rights |
5 | Could not find fail2ban-client |
Getting started with fail2abuseipdb is simple. Install the file to /usr/bin (or where ever in your PATH) and call it as follows.
# Single jail
fail2ban-client get myjail banned >/tmp/myjail.txt
fail2abuseipdb -f/tmp/myjail.txt -jmyjail -c"Was banned for fcking w/ my shit. Fail2ban jail: {0}" >/tmp/myjail.csv
# ALL THE JAILS
fail2ban-client banned >/tmp/alljails.txt
fail2abuseipdb -f/tmp/alljails.txt -c"Brute-force attack against {0}" >/tmp/alljails.csv
# Single jail
fail2ban-client get myjail banned | fail2abuseipdb -s -jmyjail -c"Was banned for fcking w/ my shit. Fail2ban jail: {0}" >/tmp/myjail.csv
# ALL THE JAILS
fail2ban-client banned | fail2abuseipdb -s -c"Brute-force attack against {0}" >/tmp/alljails.csv
If you don't trust the .deb packages uploaded in the releases, or your system doesn't use .deb packages, you can download, build and install the application yourself.
To do so is fairly simple:
# getting ready
$ git clone --recursive https://github.com/SimonCahill/fail2abuseipdb.git && cd fail2abuseipdb
$ mkdir build && cd build
$ cmake ..
# making the .deb:
$ cpack .
# making the application:
$ make -j
# generating documentation (requires Doxygen!)
$ make docs
# installing the freshly generated binary
$ sudo make install
v0.2.0b
New features:
- Added support for piping fail2ban-client output directly
- Added support for calling fail2ban-client directly
New bugs:
- Automagic search for fail2ban is bugged and I don't want to fix it just yet
- Circumvent this issue by calling
fail2abuseipdb -% -e$(which fail2ban-client)
- Circumvent this issue by calling
v0.1.0b
- Initial release
- Very much still a beta release, but it works!
In no particular order, the to-dos are as follows. I just hope I update them 🫣
Add version information during buildWorkingAdd install targetWorkingAdd remove targetUse deb insteadBuild deb-package?!WorkingAdd pipe supportWorkingAdd support for calling fail2ban directlyWorking, except for automagic search- Clean up code for first real release
- Add debug messages (printed to stderr)
- Unit tests? Don't really care for them
- Add support for adding/overriding categories (both default and per jail)