Skip to content

rubenhortas/fail2bangeolocation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

227 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
.idea
.idea
 
 
screenshots
screenshots
 
 
src/fail2bangeolocation
src/fail2bangeolocation
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

fail2bangeolocation

Shows geolocation of failed attempts registered by fail2ban.
It's useful to know from which locations you are being attacked the most.
You can group locations by country or by country and by city.

GitHub repo file count GitHub code size in bytes GitHub repo size

PyPI PyPI - Python Version PyPI - Implementation PyPI - Wheel PyPI - Downloads

GitHub issues GitHub closed issues GitHub pull requests GitHub closed pull requests GitHub all releases

GitHub

Screenshots

  • Grouped by country

Output grouped by country

  • Grouped by country and city

Output grouped by country and city

Geolocation DB

IP geolocation is done through Geolocation DB. This means you will need an active internet connection in order to geolocate the IPs.

Requirements

  • an active internet connection
  • python3
  • fail2ban
  • python libraries:
    • setuptools
    • requests
    • tqdm
    • colorama

Installation

You can install fail2bangeolocation via pip3:

$ sudo pip3 install fail2bangeolocation

Usage

  • You can run fail2bangeolocation directly from the command line interface:

    $ fail2bangeolocation [-h] [-c] {fail2ban,log,server}

  • fail2bangeolocation arguments

    usage: fail2bangeolocation.py [-h] [-c] {fail2ban,log,server} ...

Shows geolocation of failed attempts registered by fail2ban

positional arguments:
  {fail2ban,log,server}
                        These options are mutually exclusive
    fail2ban            analyze all banned IPs by fail2ban
    log                 analyze a fail2ban log file. Use "log -h" to see more options
    server              analyze all banned IPs by fail2ban (e.g. "server sshd")

optional arguments:
  -h, --help            show this help message and exit
  -c, --show-city       group IPs by country and city

  • Analyze all IPs registered by fail2ban

    ⚠️ Requires root privileges

    Run fail2bangeolocation using the fail2ban argument:

    $ sudo fail2bangeolocation fail2ban

  • Analyze all IPs registered by fail2ban for a given jailed server/service, e.g. sshd

    ⚠️ Requires root privileges
    Run fail2bangeolocation with the server argument and the jailed server name:

    $ sudo fail2bangeolocation server sshd

  • Analyze a log file

    ⚠️ May require root privileges depending on the file to be analyzed
    Run fail2bangeolocation with the log argument and the path to the log file:

    $ fail2bangeolocation log /var/log/fai2ban.log

    You can also geolocate the unbanned IPs contained in the log adding the -u argument:

    $ fail2bangeolocation log -u /var/log/fai2ban.log

  • Group the output by country and city

    Run fail2bangeolocation with "-c" as first argument:

    $ fail2bangeolocation -c {fail2ban,log,server}

Troubleshooting

In case of any problem create an issue

Discussions

If you want ask (or answer) a question, leave an opinion or have an open-ended conversation you can create (or join) a discussion

Support

If you find this application useful you can star this repo.

About

Shows geolocation of failed attempts registered by fail2ban.

Topics

python ban geolocation fail python3 ip python-3 fail2ban

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

v1.0.1 Latest
Jul 16, 2022

Languages