Is there a possibility to add a way to use abuseipdb in the fail2ban context to report bans to them?
as the jail.local will be updated as soon as you change settings via the UI and there are only small changes needed in the config files maybe there could be offered a way to input the API key via the Server Manager?
Kind Regards
ShodanKi
2 Likes
mrmarkuz
(Markus Neuberger)
June 9, 2022, 10:17pm
2
It works with custom templates.
Create the custom template dir:
mkdir -p /etc/e-smith/templates-custom/etc/fail2ban/jail.local/
Create /etc/e-smith/templates-custom/etc/fail2ban/jail.local/10abuseipdb
with following content:
# Report ban via abuseipdb.com.
#
# See action.d/abuseipdb.conf for usage example and details.
#
action_abuseipdb = abuseipdb
Copy the needed template fragment:
cp /etc/e-smith/templates/etc/fail2ban/jail.local/05GlobalSettings /etc/e-smith/templates-custom/etc/fail2ban/jail.local/
Edit /etc/e-smith/templates-custom/etc/fail2ban/jail.local/05GlobalSettings
and add your API key to the action like this:
action = {(($fail2ban{Mail} || 'enabled') eq 'enabled') ? '%(action_mw)s' : '%(action_)s' }
%(action_abuseipdb)s[abuseipdb_apikey="YOURAPIKEY", abuseipdb_category="18"]
Edit /etc/fail2ban/action.d/abuseipdb.conf
and enter the API key at the bottom:
abuseipdb_apikey = 3ee5ca...
Apply the changes and restart the services:
signal-event nethserver-fail2ban-save
Now the banned IPs should be reported to AbuseIPDB.
6 Likes