Browse Source

readme

master
Vladimir Smagin 1 month ago
parent
commit
8c9c0b65c5
3 changed files with 66 additions and 5 deletions
  1. +61
    -0
      README.md
  2. +5
    -5
      ip-blocker-set.sh
  3. BIN
      so-cool-so-much-wow-wow.jpg

+ 61
- 0
README.md View File

@@ -0,0 +1,61 @@
# ip-blocker

Written to block fucking botnets bruteforcing my servers. It centalize information about blocks across all my servers in one single watch tower.

# Installation

## Watch tower

Create config file `/opt/ip-blocker/ip-blocker.conf` with contents:

```yaml
DB:
masterDB: "/var/ip-blocker/ip.db"
clean: LastWeek
API:
listen: "0.0.0.0:34534"
```

Create empty file for database file and run docker container

```bash
$> touch /opt/ip-blocker/ip.db
$> docker run -d --name ip-blocker -p 0.0.0.0:34534:34534 -v /opt/ip-blocker/ip-blocker.conf:/etc/ip-blocker.conf -v /opt/ip-blocker/ip.db:/var/ip-blocker/ip.db registry.blindage.org/ip-blocker-db:latest -config /etc/ip-blocker.conf
```

## Secure

You can protect API with webserver basic auth and SSL, `curl` can handle it directly from command line (something like `https://login:password@my-watchtower.ru/list/sshd/1`). To do it bind container to 127.0.0.1 instead of 0.0.0.0 and proxy from nginx or other webserver you love.

## All your servers

At first step install fail2ban into your OS. How to do it you already know because you are sysadmin.

Next step add line to `/etc/fail2ban/action.d/iptables-multiport.conf`

```
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
/usr/bin/curl -s https://login:password@my-watchtower.ru/set/`hostname`/<name>/<ip>/<protocol>/<port>
```

At last step create bash script somewhere on server and add to crontab.

```bash
#!/bin/bash
source /etc/profile
IFS=$'\n'

# cron for every minute run

# block ssh
IPs=$(curl -s https://login:password@my-watchtower.ru/list/sshd/1)
for ip in $IPs
do
echo "Blocking IP $ip"
fail2ban-client set sshd banip $ip
done
```

Wow! You did so much! I hope you did it with Ansible or other program you love, just imagine how to do it by hands for all servers...

![](so-cool-so-much-wow-wow.jpg)

+ 5
- 5
ip-blocker-set.sh View File

@@ -1,13 +1,13 @@
#!/bin/bash

# cron for every minute run

source /etc/profile
IFS=$'\n'
IPs=$(curl -s http://my-watchtower.ru:34534/list/1)

# cron for every minute run

# block ssh
IPs=$(curl -s https://login:password@my-watchtower.ru/list/sshd/1)
for ip in $IPs
do
echo "Blocking IP $ip"
fail2ban-client set sshd banip $ip
done
done

BIN
so-cool-so-much-wow-wow.jpg View File

Before After
Width: 640  |  Height: 480  |  Size: 49 KiB

Loading…
Cancel
Save