• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Fail2ban with geoiplookup

EnriqueR

EnriqueR

Regular Pleskian
The system fail2ban installed with Plesk is perfect for ban injections, but the stored IP hardly gives any information. Is there a way to activate geoiplookup to display additional information about the banned IP?

It would be great to enable. A perfect tool.
 
Other way: use "sendmail-whois" function, to generate the info in all mails signaling a banned IP.

To do so, first check that the "whois" function is installed on your server.
Then create the following file:
/etc/fail2ban/action.d/sendmail-whois.conf

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#

[INCLUDES]

before = sendmail-common.conf

[Definition]

# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =

# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =

[Init]

# Default name of the chain
#
name = default
Click to expand...

Finally, in all your jails, replace the "sendmail" command by "sendmail-whois".
 
You must log in or register to reply here.

Similar threads

L
Question Fail2ban ignorecommand
Replies
5
Views
768
Peter Debik
P
K
Resolved Ubuntu 24.04 - Fail2ban not working
Replies
2
Views
560
Kaspar@Plesk
Kaspar@Plesk
P
Resolved Suspicious IP address in the list
Replies
2
Views
705
Patashoow
P
A
Issue Problems with fail2ban
Replies
1
Views
257
Kaspar@Plesk
Kaspar@Plesk
brother4
Input Plesk Fail2Ban: Integration for AbuseIPDB
Replies
2
Views
982
Kaspar
K
Back
Top