Question fail2ban/ip_ban access in plesk-php?

[Azurel]

It is possible to add client-ip to fail2ban per plesk-php? My php script detects unqiue attacks and I would wish to add instantly the client-ip to a fail2ban jail. The same for banned users that create a account again and again.

on command-line for fail2ban

# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>
# fail2ban-client status <JAIL>

Is this working fine with plesk extension of fail2ban?

I found ip_ban: IP Address Banning (Fail2Ban) but actual this not support add a banip.

I have tested this, but I get no results, because my vhost-user is not in sudoers

$exec = exec('sudo -u root -S fail2ban-client status recidive < /etc/psa/.psa.shadow', $output, $return);

The vhost-user should not get generally access to sudo. He should only get access to fail2ban.

 

[Bitpalast]

The ip_ban utility cannot be used to add an ip address to iptables.
Actually, there is no Plesk utility that can do that.
You could of course add an ip address to iptables directly, however, this would need root privileges for a PHP script. So your script cannot run from within the subscription account.

 

[Azurel]

I have tried a other solution. I created a custom jail with custom filter and want add with plesk-php ip in this logfile.

My filter

[Definition]
failregex = <HOST>$
ignoreregex =

My Jail

[vhost_example]
enabled = true
filter = vhost_example
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
logpath = /var/www/vhosts/example.com/fail2ban/banned_ips.log
maxretry = 1

I add with editor an ip to logfile /var/www/vhosts/example.com/fail2ban/banned_ips.log but nothing happen. Is this not the way its should working?

I have test it with command-line

# fail2ban-regex /var/www/vhosts/example.com/fail2ban/banned_ips.log /etc/fail2ban/filter.d/vhost_example.local

Running tests
=============

Use failregex filter file : vhost_example, basedir: /etc/fail2ban
Use log file : /var/www/vhosts/example.com/fail2ban/banned_ips.log
Use encoding : UTF-8


Results
=======

Failregex: 2 total
|- #) [# of hits] regular expression
| 1) [2] <HOST>$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
| [2] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 2 lines, 0 ignored, 2 matched, 0 missed
[processed in 0.00 sec]

Matched found, regex is ok.

UPDATE:
I found the solution. My custom entry in banned list have a copy&paste time was too old. After change for today, its working. Yeah! So its possible to add ips to fail2ban with php.
Again: You need a valid and actual time in the log. If the timezone of the logs files is wrong, fail2ban considers this as too old entries and fails to process it.