Log and MonitoringWeb Application Security

Fail2ban Attack monitor with Grafana

r00tBy 1348 views
0

Fail2ban Attack Monitor allows you to see the source of the attacks that fail2ban blocks

Abstract

This is a personal project that I am developing to improve the blocking capacity that the firewalls that I manage have. It has no intention of becoming a popular tool and I also cannot guarantee that it will work for your scenario.

Tools used

Tool Version
Python 3.8
InfluxDB 0.10.0
Grafana 7.1.5
IPinfo API

How to configure (Ubuntu)

Install influxDB

apt install influxdb influxdb-client

Create database

curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE fail2ban"

Install script

Clone project

git clone github.com/bsd0x/fail2ban-attack-monitoring

Install requirements

pip install -r requirements.txt

Add your jails name in config.ini

[FAIL2BAN_JAILS]
jails = sshd, ftpd

Execute script

python main.py

Crontab example

0 */1 * * * root cd /root/fail2ban-attack-monitor/ && python3 main.py && echo $(date) >> /var/log/fail2ban-monitor-log.log

Grafana with wordmap panel

Query example

Imgur

Wordmap example

Imgur

Geohash field example

Imgur

Download Fail2ban-attack-monitor

Fawkes – SQL injection scanner

Previous article

JWTRipper – Encoding Decoding and Brute-forcing JSON Web Token(JWT)

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Log and Monitoring