diff --git a/en_US/howto/fail2ban.sql.md b/en_US/howto/fail2ban.sql.md index 0bbaafbc..502d3de8 100644 --- a/en_US/howto/fail2ban.sql.md +++ b/en_US/howto/fail2ban.sql.md @@ -162,7 +162,7 @@ add or remove banned IP addresses. ## Enable the new action `banned_db` -Now go to `/etc/fail2ban/jail.d/` and update config files for the jails you +Now go to directory `/etc/fail2ban/jail.d/` and update config files for the jails you want to store banned IP in SQL db. Let's take `dovecot.local` for example. * The `action =` line in original file looks like this: @@ -177,10 +177,11 @@ action = iptables-multiport[name=dovecot, port="80,443,25,587,465,110,995,1 !!! warning - The name set in `banned_db[name=, ...]` line must be same as - the jail name which is defined in the first line `[dovecot-iredmail]`. - In above sample, it's `dovecot-iredmail`. - Do __NOT__ copy the name used in `iptables-multiport[]` line. + * The name set in `banned_db[name=, ...]` line must be same as + the jail name which is defined in the first line `[dovecot-iredmail]`. + In above sample, jail name is `dovecot-iredmail`. + Do __NOT__ copy the name used in `iptables-multiport[...]` line. + * There's only one `action =` parameter for a jail. ``` [dovecot-iredmail] @@ -201,15 +202,17 @@ Now add a cron job for `root` user: * * * * * /bin/bash /usr/local/bin/fail2ban_banned_db unban_db ``` -It runs every minute and query SQL database to get IP addresses which are -pending for removal. +It runs every minute and queries SQL database to get banned IP addresses which +are pending for removal. -## Optional: Add GeoIP database to look up location of banned IP address +## Optional: look up and store country name of banned IP address Script `/usr/local/bin/fail2ban_banned_db` detects whether commands `geoiplookup` and `geoiplookup6` exist, if exist, it runs the command to query country of banned IP address and store it in SQL database. +Both commands are offered by GeoIP related packages, please install them. + * On RHEL/CentOS 7: ``` diff --git a/html/fail2ban.sql.html b/html/fail2ban.sql.html index 7cef17a0..febdba8a 100644 --- a/html/fail2ban.sql.html +++ b/html/fail2ban.sql.html @@ -29,7 +29,7 @@
/root/.my.cnf-fail2ban
(OpenLDAP/MySQL/MariaDB backends) or
~postgresql/.pgpass
(PostgreSQL backend), then connect to SQL server and
add or remove banned IP addresses.
banned_db
Now go to /etc/fail2ban/jail.d/
and update config files for the jails you
+
Now go to directory /etc/fail2ban/jail.d/
and update config files for the jails you
want to store banned IP in SQL db. Let's take dovecot.local
for example.
action =
line in original file looks like this:Add our new action under existing action:
Warning
-The name set in banned_db[name=, ...]
line must be same as
-the jail name which is defined in the first line [dovecot-iredmail]
.
-In above sample, it's dovecot-iredmail
.
-Do NOT copy the name used in iptables-multiport[]
line.
banned_db[name=, ...]
line must be same as
+ the jail name which is defined in the first line [dovecot-iredmail]
.
+ In above sample, jail name is dovecot-iredmail
.
+ Do NOT copy the name used in iptables-multiport[...]
line.action =
parameter for a jail.* * * * * /bin/bash /usr/local/bin/fail2ban_banned_db unban_db
-It runs every minute and query SQL database to get IP addresses which are -pending for removal.
-It runs every minute and queries SQL database to get banned IP addresses which +are pending for removal.
+Script /usr/local/bin/fail2ban_banned_db
detects whether commands
geoiplookup
and geoiplookup6
exist, if exist, it runs the command to query
country of banned IP address and store it in SQL database.
Both commands are offered by GeoIP related packages, please install them.