If you only want the two character country code, change the line to LogSys.warn(" Ban %s %s" % ((), aInfo, commands.getstatusoutput('geoiplookup ' + aInfo))) Make sure you install geoiplookup, then edit the file /usr/share/fail2ban/server/actions.py and change line 31 to readĪnd change line 139 in the _checkBan(self) function from
You can also change the fail2ban script to write the country code to the log file whenever a ban occurs. Print "GeoIP info for %s:\t%s, %s" % (ip, code, name) Ip_matcher = pp.Combine(octet + ('.' + octet) * 3) Geo = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE) The following script performs a similar function using those bindings, plus it works on Fedora and any other distro where fail2ban outputs to syslog: There is a package of GeoIP bindings for Python available as well. You may have to change the hardcoded iphone camera apps paths in the script depending on your business blog configuration. Ban 192.168.1.1", extracts the IP and runs geoiplookup. This small script will extract the banned IPs from fail2ban.log. In Fedora, you can install with this command: pkcon install GeoIP Script In Debian or Ubuntu, one can simple do apt-get install geoip-bin This will install "geoiplookup" and "geoipupdate" to update the database (you need a license id to get a new db) Latest version installed: ĭescription: easily lookup countries by IP addresses, even when Reverse DNS entries don't exist In Gentoo, the needed package is the following : GeoIP - (Homepage: - this probably isn't what you want though - see below for info on distro packages).This document explains how to find these information. You may be interested in a quick summary of the countries where the attacks come from.
0 kommentar(er)
