IPs in fail2ban: Zugehörigkeit der IPs zu Ländern

[schorsch_76]

Hallo zusammen,
war mir jetzt nicht sicher ob ich das ins Netzwerk ordnen soll oder nicht...

Ich hab letztens mal ein kleines Script gebastelt das mir zeigt aus welchen Ländern die gebannten IPs in meinen Fail2ban sind:

Code: Alles auswählen

#!/bin/sh
for j in sshd postfix; do
        echo "Jail: $j"
        IPS=`fail2ban-client get $j banned | sed 's/\[//g' | sed 's/\]//g' | sed "s/'//g" | sed 's/,//g'`
        for i in $IPS; do geoiplookup $i ; done | sort | uniq -c | sort -hr
        echo "\n"
done

Das braucht offensichtlich geoip-bin und fail2ban

Jetzt sieht es bei mir gerade eher ruhig aus dort hab ich aber auch schon mal 700 IPs in der sshd Jail gehabt. Ist das bei euch auch so ähnlich verteilt? Das aus Asien die meisten IPs hier im Jail sind?

Code: Alles auswählen

Jail: sshd
     60 GeoIP Country Edition: CN, China
     18 GeoIP Country Edition: US, United States
      9 GeoIP Country Edition: SG, Singapore
      8 GeoIP Country Edition: IN, India
      8 GeoIP Country Edition: DE, Germany
      6 GeoIP Country Edition: NL, Netherlands
      3 GeoIP Country Edition: UA, Ukraine
      3 GeoIP Country Edition: TW, Taiwan
      3 GeoIP Country Edition: TH, Thailand
      3 GeoIP Country Edition: RU, Russian Federation
      3 GeoIP Country Edition: KR, Korea, Republic of
      3 GeoIP Country Edition: FR, France
      2 GeoIP Country Edition: MX, Mexico
      2 GeoIP Country Edition: KE, Kenya
      2 GeoIP Country Edition: IP Address not found
      2 GeoIP Country Edition: ID, Indonesia
      2 GeoIP Country Edition: HU, Hungary
      2 GeoIP Country Edition: GB, United Kingdom
      2 GeoIP Country Edition: CA, Canada
      2 GeoIP Country Edition: AE, United Arab Emirates
      1 GeoIP Country Edition: VN, Vietnam
      1 GeoIP Country Edition: TN, Tunisia
      1 GeoIP Country Edition: RO, Romania
      1 GeoIP Country Edition: MK, Macedonia
      1 GeoIP Country Edition: LT, Lithuania
      1 GeoIP Country Edition: JP, Japan
      1 GeoIP Country Edition: IR, Iran, Islamic Republic of
      1 GeoIP Country Edition: IL, Israel
      1 GeoIP Country Edition: HK, Hong Kong
      1 GeoIP Country Edition: EE, Estonia
      1 GeoIP Country Edition: CH, Switzerland
      1 GeoIP Country Edition: BG, Bulgaria
      1 GeoIP Country Edition: AR, Argentina

Jail: postfix
      1 GeoIP Country Edition: US, United States
      1 GeoIP Country Edition: HK, Hong Kong
      1 GeoIP Country Edition: DE, Germany

[MSfree]

Mein Router setzt zwar nicht auf fail2ban, um Einbruchsversuche zu verhindern, aber die Urspünge der IP-Adressen der verweigerten SSH-Logins der letzten 50 Tage sehen bei mir so aus:

Code: Alles auswählen

   1671 GeoIP Country Edition: US, United States
    655 GeoIP Country Edition: CN, China
    642 GeoIP Country Edition: KR, Korea, Republic of
    471 GeoIP Country Edition: LT, Lithuania
    328 GeoIP Country Edition: NL, Netherlands
    302 GeoIP Country Edition: FR, France
    268 GeoIP Country Edition: DE, Germany
    223 GeoIP Country Edition: HK, Hong Kong
    178 GeoIP Country Edition: SG, Singapore
    172 GeoIP Country Edition: IN, India
    158 GeoIP Country Edition: CH, Switzerland
    145 GeoIP Country Edition: GB, United Kingdom
    119 GeoIP Country Edition: RU, Russian Federation
     90 GeoIP Country Edition: TW, Taiwan
     74 GeoIP Country Edition: ID, Indonesia
     65 GeoIP Country Edition: AU, Australia
     62 GeoIP Country Edition: IT, Italy
     58 GeoIP Country Edition: TH, Thailand
     56 GeoIP Country Edition: SE, Sweden
     44 GeoIP Country Edition: VN, Vietnam
     44 GeoIP Country Edition: BR, Brazil
     34 GeoIP Country Edition: JP, Japan
     33 GeoIP Country Edition: FI, Finland
     32 GeoIP Country Edition: TN, Tunisia
     30 GeoIP Country Edition: TR, Turkey
     24 GeoIP Country Edition: IP Address not found
     24 GeoIP Country Edition: HU, Hungary
     23 GeoIP Country Edition: ES, Spain
     21 GeoIP Country Edition: MY, Malaysia
     20 GeoIP Country Edition: CA, Canada
     15 GeoIP Country Edition: PL, Poland
     15 GeoIP Country Edition: BG, Bulgaria
     14 GeoIP Country Edition: RO, Romania
     13 GeoIP Country Edition: KE, Kenya
     11 GeoIP Country Edition: AR, Argentina
      8 GeoIP Country Edition: IR, Iran, Islamic Republic of
      7 GeoIP Country Edition: PT, Portugal
      7 GeoIP Country Edition: MX, Mexico
      7 GeoIP Country Edition: LU, Luxembourg
      7 GeoIP Country Edition: IE, Ireland
      7 GeoIP Country Edition: CO, Colombia
      6 GeoIP Country Edition: KZ, Kazakhstan
      6 GeoIP Country Edition: BD, Bangladesh
      5 GeoIP Country Edition: VE, Venezuela
      5 GeoIP Country Edition: PH, Philippines
      5 GeoIP Country Edition: PE, Peru
      4 GeoIP Country Edition: NO, Norway
      4 GeoIP Country Edition: EE, Estonia
      4 GeoIP Country Edition: EC, Ecuador
      4 GeoIP Country Edition: DZ, Algeria
      4 GeoIP Country Edition: CL, Chile
      3 GeoIP Country Edition: UA, Ukraine
      3 GeoIP Country Edition: SO, Somalia
      3 GeoIP Country Edition: SC, Seychelles
      3 GeoIP Country Edition: SA, Saudi Arabia
      3 GeoIP Country Edition: PR, Puerto Rico
      3 GeoIP Country Edition: HR, Croatia
      2 GeoIP Country Edition: ZA, South Africa
      2 GeoIP Country Edition: TT, Trinidad and Tobago
      2 GeoIP Country Edition: NZ, New Zealand
      2 GeoIP Country Edition: NP, Nepal
      2 GeoIP Country Edition: LV, Latvia
      2 GeoIP Country Edition: GE, Georgia
      2 GeoIP Country Edition: BE, Belgium
      2 GeoIP Country Edition: AZ, Azerbaijan
      1 GeoIP Country Edition: VI, Virgin Islands, U.S.
      1 GeoIP Country Edition: PY, Paraguay
      1 GeoIP Country Edition: PS, Palestinian Territory
      1 GeoIP Country Edition: PK, Pakistan
      1 GeoIP Country Edition: PA, Panama
      1 GeoIP Country Edition: MU, Mauritius
      1 GeoIP Country Edition: MT, Malta
      1 GeoIP Country Edition: MN, Mongolia
      1 GeoIP Country Edition: MG, Madagascar
      1 GeoIP Country Edition: KH, Cambodia
      1 GeoIP Country Edition: JO, Jordan
      1 GeoIP Country Edition: JM, Jamaica
      1 GeoIP Country Edition: IS, Iceland
      1 GeoIP Country Edition: IL, Israel
      1 GeoIP Country Edition: GR, Greece
      1 GeoIP Country Edition: GH, Ghana
      1 GeoIP Country Edition: FJ, Fiji
      1 GeoIP Country Edition: EG, Egypt
      1 GeoIP Country Edition: DK, Denmark
      1 GeoIP Country Edition: CZ, Czech Republic
      1 GeoIP Country Edition: CY, Cyprus
      1 GeoIP Country Edition: CR, Costa Rica
      1 GeoIP Country Edition: BW, Botswana
      1 GeoIP Country Edition: BJ, Benin
      1 GeoIP Country Edition: BB, Barbados
      1 GeoIP Country Edition: BA, Bosnia and Herzegovina
      1 GeoIP Country Edition: AT, Austria
      1 GeoIP Country Edition: AM, Armenia
      1 GeoIP Country Edition: AE, United Arab Emirates

Bei mir liegt also die USA mit weitem Abstand an der Spitze.

[reox]

Code: Alles auswählen

sed 's/\[//g' | sed 's/\]//g' | sed "s/'//g" | sed 's/,//g'`

ließe sich auch schneller als

Code: Alles auswählen

tr -d "[],'"

schreiben

Bei mir schaut die Verteilung ähnlich aus wie bei MSfree.