Fail2ban2geo

TL;DR

Let’s share fail2ban2geo, for fun.

In GeoIP database from MaxMind I was a bit hand-wavy by only giving credits to the tools/data I used without showing any code.

Well, here it is, even with some help!

Installing it can be done with the help of Installing Perl Modules, thanks to the cpanfile. The help is available by running sub-command help:

$ ./fail2ban2geo help
map IPs from Fail2ban to Country names

Description:
    This program takes the output of:
    
       fail2ban-client status fail2ban
    
    and extracts the list of blocked IPs, then queries them from a local
    copy of GeoIP data to see what countries the source IPs were from.
    
    So yes, this can give us an idea of who is trying to brute force
    into a server.
    
    Option `--input`/`-i` allows setting the input. By default it's from
    STDIN, which is also the case if it set to the string '-'. If the
    argument starts with a colon, it's assumed to be the name of a jail
    managed by Fail2ban and used to call the command (if the needed jail
    is `XXX`):
    
       fail2ban-client status XXX
    
    Option `--fail2ban` allows setting the executable for
    `fail2ban-client`, in case it's named differently or not available
    in `PATH`. Option `--sudo` allows calling it with `sudo`.
    
    The translation from an IP address to the country name is performed
    thanks to the Perl module `IP::Geolocation::MMDB`, which leverages a
    DB File in MaxMind format available for free from MaxMind, see:
    
       https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
    
    It's possible to point to the local copy of the database file
    through option `--dbpath` or its aliases.
    
    The output is usually sorted from the most frequent down to the
    least one. Option `--ascending` and its aliases allow reverting
    this.

Options:
      ascending: sort in ascending order (most frequent last)
                 command-line: boolean option
                               --ascending | --no-ascending
                               --asc | --no-asc
                               -a
                  environment: F2B2G_SORT_ASCENDING
                      default: 0

         dbpath: path to a MaxMind-compatible db file
                 command-line: mandatory string option
                               --dbpath <value>
                               --db <value>
                               -d <value>
                  environment: F2B2G_DBPATH
                      default: /path/to/find2bin2geo/local/city.mmdb

       fail2ban: command to run for fail2ban
                 command-line: mandatory string option
                               --fail2ban <value>
                  environment: F2B2G_FAIL2BAN
                      default: fail2ban-client

          input: where to get the input (- => stdin, :XXX => jail XXX)
                 command-line: mandatory string option
                               --input <value>
                               -i <value>
                  environment: F2B2G_INPUT
                      default: -

           sudo: run with sudo
                 command-line: boolean option
                               --sudo | --no-sudo
                  environment: F2B2G_SUDO
                      default: 0

Sub-commands:
           help: print a help command
       commands: list sub-commands

It’s been fun to reinvent this wheel 🙄

Stay safe!


Comments? Octodon, , GitHub, Reddit, or drop me a line!