This guide with badips.com is kind of officially known reporting and analysis system. You already have one config file in Fail2Ban software by badips.com. We are showing the steps of how to setup Fail2Ban log analytics graph with badips.com and get a basic online Pie Chart analysis of the attackers. It is very easy and free service. You should use it because the reporting attackers IPs is important.
What I Need to Setup Fail2Ban Log Analytics Graph With badips.com?
You need to follow some kind like our guide iptables Basics : Chapter 2 to install and setup Fail2Ban. If you already running Fail2Ban properly, you need not to read it. The graph will look like this :
Steps to Setup Fail2Ban Log Analytics Graph With badips.com
SSH to your server. If you run a cat on /etc/fail2ban/action.d/badips.conf file :
---
1 | /etc/fail2ban/action.d/badips.conf |
We were talking about this file at the beginning of this guide. If you followed our to setup Fail2Ban, it is just easy few steps. We gave the readers those configuration files which are on Github as gist for these two configuration files (they were too much easy, sufficient to the basic work) :
1 2 | /etc/fail2ban/jail.conf /etc/fail2ban/jail.local |
In both files, we had this stanza :
1 2 3 4 5 6 7 | [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 |
You will modify the entries like this :
1 2 3 4 5 6 7 8 9 | [sshd] enabled = true action = iptables-multiport badips[category=ssh] port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 |
We added two lines in both file’s that [sshd] entry. Save the files. Now restart and check status of Fail2Ban :
1 2 | sudo service fail2ban restart systemctl status fail2ban.service |
Service is running means everything is fine. Run a cat on Fail2Ban log :
1 | cat /var/log/fail2ban.log |
Copy any of the attacker’s IP, suppose it is 218.161.3.238 (change with whatever attacker IP you have in log).
Now run these two commands :
1 2 | wget https://www.badips.com/add/ssh/218.161.3.238 wget -q -O – http://www.badips.com/get/key |
At the end will get a response like this :
1 2 3 4 5 | { "err":"", "suc":"new key 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 has been set.", "key":"88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69" } |
Instead of that 88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 key, use your own key to compose this kind of URL :
1 | https://www.badips.com/stats?key=88f92219d8fc5b1b6ecc47e27b6c75b4d42f5c69 |
This is a working example of Fail2Ban log analytics graph, open it on browser:
1 | https://www.badips.com/stats?key=ea49a83bab4875db136bfb2c399a52ec5a6cf0f8 |
