|
7 months ago | |
---|---|---|
ansible | 8 months ago | |
vendor | 8 months ago | |
.gitignore | 8 months ago | |
Dockerfile | 8 months ago | |
README.md | 7 months ago | |
build.sh | 8 months ago | |
go.mod | 8 months ago | |
go.sum | 8 months ago | |
ip-blocker-set.sh | 8 months ago | |
ip-blocker.conf | 8 months ago | |
main.go | 8 months ago | |
so-cool-so-much-wow-wow.jpg | 8 months ago |
My own IP storage for fail2ban. Written to blacklist fucking botnets bruteforcing my servers. It centralize information about blocks across all my servers in one single watch tower.
Create config file /opt/ip-blocker/ip-blocker.conf
with contents:
DB:
masterDB: "/var/ip-blocker/ip.db"
clean: LastWeek
API:
listen: "0.0.0.0:34534"
Option clean
means you want to delete records older than week. Possible values:
Create empty file for database file and run docker container
$> touch /opt/ip-blocker/ip.db
$> docker run -d --name ip-blocker \
-p 0.0.0.0:34534:34534 \
-v /opt/ip-blocker/ip-blocker.conf:/etc/ip-blocker.conf \
-v /opt/ip-blocker/ip.db:/var/ip-blocker/ip.db \
registry.blindage.org/ip-blocker-db:latest -config /etc/ip-blocker.conf
You can protect API with webserver basic auth and SSL, curl
can handle it directly from command line
(something like https://login:password@my-watchtower.ru/list/sshd/1
). To do it bind container to 127.0.0.1
instead of 0.0.0.0 and proxy from nginx or other webserver you love.
At first step install fail2ban into your OS. How to do it you already know because you are sysadmin.
Next step add line to /etc/fail2ban/action.d/iptables-multiport.conf
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
/usr/bin/curl -s https://login:password@my-watchtower.ru/set/`hostname`/<name>/<ip>/<protocol>/<port>
Directive set
means you want to add IP into database:
hostname
tells what server added recordname
is a block table name (i.e. sshd, used to add rules into iptables)ip
to blockprotocol
(tcp or udp)port
number (or service name from /etc/services, i.e. ssh).At last step create bash script somewhere on server and add to crontab.
#!/bin/bash
source /etc/profile
IFS=$'\n'
# cron for every minute run
# block ssh
IPs=$(curl -s https://login:password@my-watchtower.ru/list/sshd/1)
for ip in $IPs
do
echo "Blocking IP $ip"
fail2ban-client set sshd banip $ip
done
Directive list
means you want get IP list, sshd
is a block table name and last parameter is a minutes to
get records not older than 1 minute.
Wow! You did so much! I hope you did it with Ansible or other program you love, just imagine how to do it by hands for all servers...
Copyright by Vladimir Smagin (21h) 2020
http://blindage.org email: 21h@blindage.org
Project page: https://git.blindage.org/21h/ip-blocker-db