Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: William R H on March 24, 2022, 01:42:00 PM
-
I see that fail2ban has a built in capability to send jail entries off to abuseIPDB. See https://www.abuseipdb.com/fail2ban.html
Several questions:
- Is there any value in sending a report in - what does it offer me, you or the world at large?
- assuming it is worthwhile - how to set it up with smeserver config/template system?
I'm willing to have a go at it but am completely new to that sort of thing.
PS: I did look at the web management page for fail2ban but saw nothing there...
PPS: fail2ban-client -V gives me 0.11.2 Is that the latest version?
-
Not sure of Q1 and 2, others may have some answers , but on a default install of smeserver-fail2ban there is a
/etc/fail2ban/action.d/abuseipdb.conf
reading the details there suspect it would not be difficult to enable..account at abuseip a given
Yes 0.11.2 is latest
-
I see that fail2ban has a built in capability to send jail entries off to abuseIPDB. See https://www.abuseipdb.com/fail2ban.html
Several questions:
Is there any value in sending a report in - what does it offer me, you or the world at large?
You'd need to read all their information and decide if and how you can utilise it.
That is a key question before you go any further.
- assuming it is worthwhile - how to set it up with smeserver config/template system?
I'm willing to have a go at it but am completely new to that sort of thing.
There is mountains of info in the wiki. You need to grab a coffee and a test machine, and read and play. You will learn far more that way.
https://wiki.koozali.org/Template-driven_configuration_system
https://wiki.koozali.org/Template_Tutorial
It really isn't hard. Just start by browsing the templates in your own TEST server in /etc/e-smith/templates
Look at how they generate actual files. Look at how they can get variables from configuration entries.
You can then copy them to templates-custom and try some small changes.
When you get stuck on a specific issue then describe what you have done, and then ask..
To enable AbuseIDBP you will have to do a combination of add some of their stuff and customise a bit of the existing templates.
PS: I did look at the web management page for fail2ban but saw nothing there...
Nope because F2B does what it does, and you want to add an enhancement.
-
I would try the same thing. I am already quite familiar with the templates-custom folder structure, but I fail to understand how I could give the correct category of the attack.
I would create the folder
/etc/e-smith/templates-custom/fail2ban/jail.conf/
then create a copy of /etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
(and every following 30Service you have configured)
and add between 'action' and 'EOF' the row
action_abuseipdb[abuseipdb_apikey="my-api-key", abuseipdb_category="18"]
where the 18 should be the category chosen from
https://www.abuseipdb.com/categories
-
fail2ban allow you to add manually some configuration without using the SME templates-custom. Furter more this will be part of the backup since SME 10.1.
simply use the appropriate .d folder to add your .conf file. and if a .conf file with same name already exist and is templated you can create a .local file.