pondelok, 20. júna 2011

fail2ban

I am quite happy user of denyhosts for my server.
However, I started to look for a solution that is able to block access to other services as well. And I discovered fail2ban.
I am using it to block access to my ssh server and also my apache server, because there is a few queries for the phpmyadmin etc.
There were a few issues with stock fail2ban, namely What are fail2ban's log iptables “returned NNN” entries? (Fail2ban is failing to ban) and fail2ban startup iptables error.
Another problem is that the banned IPs are lost on fail2ban restart. I managed to fix that somehow bu exporting the list of banned IPs on service stop and importing it back again on service start. I even posted the way to export banned IPs to the wiki

#!/bin/sh
jails=$(fail2ban-client status | grep Jail\ list: | sed 's/.*Jail list:\t\+//;s/,//g')
for jail in ${jails}; do
for ip in $(fail2ban-client status ${jail}|grep IP\ list|sed 's/.*IP list:\t//'); do
echo "fail2ban-client set ${jail} banip ${ip}"
done
done

So far it works fine for me.