• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Fail2ban with geoiplookup

EnriqueR

EnriqueR

Regular Pleskian
The system fail2ban installed with Plesk is perfect for ban injections, but the stored IP hardly gives any information. Is there a way to activate geoiplookup to display additional information about the banned IP?

It would be great to enable. A perfect tool.
 
Other way: use "sendmail-whois" function, to generate the info in all mails signaling a banned IP.

To do so, first check that the "whois" function is installed on your server.
Then create the following file:
/etc/fail2ban/action.d/sendmail-whois.conf

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#

[INCLUDES]

before = sendmail-common.conf

[Definition]

# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =

# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =

[Init]

# Default name of the chain
#
name = default
Click to expand...

Finally, in all your jails, replace the "sendmail" command by "sendmail-whois".
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Issue How to properly configure Fail2Ban for ModSecurity in Plesk with NGINX?
Replies
5
Views
2K
klodoma
K
M
Issue How to enable fail2ban for fellow other admins using the restricted mode?
Replies
5
Views
989
Sebahat.hadzhi
Sebahat.hadzhi
J
fail2ban: plesk-wordpress jail is to restrictive
Replies
1
Views
6K
Kaspar@Plesk
Kaspar@Plesk
EnriqueR
Question Exclude email or domain from fail2ban checking
Replies
1
Views
747
Sebahat.hadzhi
Sebahat.hadzhi
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
611
Gianni
Gianni
Back
Top