fail2ban Reporter
Monitor fail2ban bans and auto-report attackers to AbuseIPDB.
Setup
- •Get a free AbuseIPDB API key at https://www.abuseipdb.com/account/api
- •Store it:
pass insert abuseipdb/api-key - •Install the monitor:
bash {baseDir}/scripts/install.sh
Manual Usage
Report all currently banned IPs
bash
bash {baseDir}/scripts/report-banned.sh
Check a specific IP
bash
bash {baseDir}/scripts/check-ip.sh <ip>
Show ban stats
bash
bash {baseDir}/scripts/stats.sh
Auto-Reporting
The install script sets up a fail2ban action that auto-reports new bans.
bash
bash {baseDir}/scripts/install.sh # install auto-reporting
bash {baseDir}/scripts/uninstall.sh # remove auto-reporting
Heartbeat Integration
Add to HEARTBEAT.md to check for new bans periodically:
markdown
- [ ] Check fail2ban stats and report any unreported IPs to AbuseIPDB
Workflow
- •fail2ban bans an IP → action triggers
report-single.sh - •Script reports to AbuseIPDB with SSH brute-force category
- •Sends Telegram notification (if configured)
- •Logs report to
/var/log/abuseipdb-reports.log
API Reference
See references/abuseipdb-api.md for full API docs.