AbuseipDB and Fail2ban Integration in Server Manager?

Is there a possibility to add a way to use abuseipdb in the fail2ban context to report bans to them?
as the jail.local will be updated as soon as you change settings via the UI and there are only small changes needed in the config files maybe there could be offered a way to input the API key via the Server Manager?

Kind Regards
ShodanKi

2 Likes

It works with custom templates.

Create the custom template dir:

mkdir -p /etc/e-smith/templates-custom/etc/fail2ban/jail.local/

Create /etc/e-smith/templates-custom/etc/fail2ban/jail.local/10abuseipdb with following content:

# Report ban via abuseipdb.com.
#
# See action.d/abuseipdb.conf for usage example and details.
#
action_abuseipdb = abuseipdb

Copy the needed template fragment:

cp /etc/e-smith/templates/etc/fail2ban/jail.local/05GlobalSettings /etc/e-smith/templates-custom/etc/fail2ban/jail.local/

Edit /etc/e-smith/templates-custom/etc/fail2ban/jail.local/05GlobalSettings and add your API key to the action like this:

action = {(($fail2ban{Mail} || 'enabled') eq 'enabled') ? '%(action_mw)s' : '%(action_)s' }
         %(action_abuseipdb)s[abuseipdb_apikey="YOURAPIKEY", abuseipdb_category="18"]

Edit /etc/fail2ban/action.d/abuseipdb.conf and enter the API key at the bottom:

abuseipdb_apikey = 3ee5ca...

Apply the changes and restart the services:

signal-event nethserver-fail2ban-save

Now the banned IPs should be reported to AbuseIPDB.

6 Likes