
This guide with badips.com is kind of officially known reporting and analysis system. You already have one config file in Fail2Ban software by badips.com. We are showing the steps of how to setup Fail2Ban log analytics graph with badips.com and get a basic online Pie Chart analysis of the attackers. It is very easy and free service. You should use it because the reporting attackers IPs is important.

What I Need to Setup Fail2Ban Log Analytics Graph With badips.com?

You need to follow some kind like our guide iptables Basics : Chapter 2 to install and setup Fail2Ban. If you already running Fail2Ban properly, you need not to read it. The graph will look like this :

Steps to Setup Fail2Ban Log Analytics Graph With badips.com

SSH to your server. If you run a cat on /etc/fail2ban/action.d/badips.conf file :

Advertisement ---

/etc/fail2ban/action.d/badips.conf 1 / etc / fail2ban / action . d / badips . conf

We were talking about this file at the beginning of this guide. If you followed our to setup Fail2Ban, it is just easy few steps. We gave the readers those configuration files which are on Github as gist for these two configuration files (they were too much easy, sufficient to the basic work) :

/etc/fail2ban/jail.conf /etc/fail2ban/jail.local 1 2 / etc / fail2ban / jail . conf / etc / fail2ban / jail . local

In both files, we had this stanza :

[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 1 2 3 4 5 6 7 [ sshd ] enabled = true port = ssh filter = sshd logpath = / var / log / auth . log maxretry = 3

You will modify the entries like this :

[sshd] enabled = true action = iptables-multiport badips[category=ssh] port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 1 2 3 4 5 6 7 8 9 [ sshd ] enabled = true action = iptables - multiport badips [ category = ssh ] port = ssh filter = sshd logpath = / var / log / auth . log maxretry = 3

We added two lines in both file’s that [sshd] entry. Save the files. Now restart and check status of Fail2Ban :

sudo service fail2ban restart systemctl status fail2ban.service 1 2 sudo service fail2ban restart systemctl status fail2ban . service

Service is running means everything is fine. Run a cat on Fail2Ban log :

cat /var/log/fail2ban.log 1 cat / var / log / fail2ban . log

Copy any of the attacker’s IP, suppose it is 218.161.3.238 (change with whatever attacker IP you have in log).

Now run these two commands :

wget https://www.badips.com/add/ssh/218.161.3.238 wget -q -O – http://www.badips.com/get/key 1 2 wget https : / / www . badips . com / add / ssh / 218.161.3.238 wget - q - O – http : / / www . badips . com / get / key

At the end will get a response like this :

{ "err":"", "suc":"new key 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 has been set.", "key":"88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69" } 1 2 3 4 5 { "err" : "" , "suc" : "new key 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 has been set." , "key" : "88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69" }

Instead of that 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 key, use your own key to compose this kind of URL :

https://www.badips.com/stats?key=88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 1 https : / / www . badips . com / stats ? key = 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69

This is a working example of Fail2Ban log analytics graph, open it on browser:

https://www.badips.com/stats?key=ea49a83bab4875db136bfb2c399a52ec5a6cf0f8 1 https : / / www . badips . com / stats ? key = ea49a83bab4875db136bfb2c399a52ec5a6cf0f8

Tagged With

This Article Has Been Shared 905 Times! Pinterest

About Abhishek Ghosh Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.