APIBAN is made possible by the generosity of our sponsors. For more information, and to get your FREE APIBAN api key, please visit apiban.org.
- Super Simple Script Install
- Get an APIBAN APIKEY
- Using the Go client
- Logs
- Automation
- License / Warranty
- Support
Please at least look at the script before blindly running it on your system.
NOTE: You need an APIKEY before running this command.
Don't have a key? No problem. Visit apiban.org to get your free key.
Then, once you have your APIKEY, run:
curl -sSL https://raw.githubusercontent.com/apiban/apiban-fail2ban/main/install.sh | bash -s -- APIBANKEY
where APIKEY is your APIBAN API KEY
The script will install the apiban-fail2ban client in /usr/local/bin/apiban/. The executable was compiled for amd64 architectures and will not work on pi's (you'll need to compile it yourself).
An apiban-fail2ban.service and timer are also created allowing the client to regularly check for new IP addresses. The default config created uses the jail of asterisk-iptables and an apiban data set of all (SIP and HTTP). These default values can be changed in /usr/local/bin/apiban/config.json.
Check out the Using the Go client section for more info on using apiban-fail2ban.
Getting an APIKEY is easy and FREE (thanks to our sponsors).
- Go to apiban.org/getkey.html
- Enter your Name and Email address
- Check your email (and spam folder) for the key.
You can build the client using go, or just use the pre-built executable. The user running the executable will need permission to run fail2ban commands.
Be sure to update the jail in the config to match your desired jail.
- Create the folder
/usr/local/bin/apiban
mkdir /usr/local/bin/apiban - Download apiban-fail2ban to
/usr/local/bin/apiban/
cd /usr/local/bin/apiban wget https://github.com/apiban/apiban-fail2ban/raw/main/apiban-fail2ban- Download
config.jsonto/usr/local/bin/apiban/
cd /usr/local/bin/apibanwget https://github.com/apiban/apiban-fail2ban/raw/main/config.json- Using your favorite text editor, update
config.jsonwith your APIBAN key, for e.g:
vi config.json- Give apiban-fail2ban execute permission
chmod +x /usr/local/bin/apiban/apiban-fail2ban- Test
/usr/local/bin/apiban/apiban-fail2ban Normally, apiban-fail2ban will add just the ip's that are needed to be blocked since the last successful check. Sometimes, such as after a reboot (or restart of fail2ban), you may want to pull all the active address. To do so, simply use the FULL argument. For example:
/usr/local/bin/apiban/apiban-fail2ban FULL
Please note, a FULL pull can take a bit to add to fail2ban.
The default data set chosen is all, which incorporates both the SIP and HTTP/HTTPS honeypot data. If you wanted to have just SIP or HTTP, change the /usr/local/bin/apiban/config.json set value to either sip, http, or all.
| parameter | description |
|---|---|
apikey |
your APIBAN APIKEY |
lkid |
last known id - the "id" of the last ip address added |
version |
the version of the config |
set |
data set to use (all, http, or sip) |
flush |
used to determine when to refresh data (about 7 days from last FULL pull) |
jail |
the fail2ban jail to add ip address |
Log output is saved to /var/log/apiban-client.log.
Want to rotate the log? Here's an example...
cat > /etc/logrotate.d/apiban-client << EOF
/var/log/apiban-client.log {
daily
copytruncate
rotate 7
compress
}
EOFExample crontab running every 4 min...
# update apiban iptables
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
*/4 * * * * /usr/local/bin/apiban/apiban-fail2ban >/dev/null 2>&1Example service style automation with a 5 minute timer
cat > /lib/systemd/system/apiban-fail2ban.service << EOF
[Unit]
Description=APIBAN blocker for fail2ban
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/apiban/apiban-fail2ban
[Install]
WantedBy=multi-user.target
EOF
cat > /lib/systemd/system/apiban-fail2ban.timer << EOF
[Unit]
Description=APIBan fail2ban service schedule
[Timer]
OnUnitActiveSec=300
[Install]
WantedBy=timers.target
EOF
systemctl enable apiban-fail2ban.timer
systemctl enable apiban-fail2ban.service
systemctl start apiban-fail2ban.timer
systemctl start apiban-fail2ban.serviceapiban-fail2ban is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version
apiban-fail2ban is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
Support is provided by LOD and an APIBAN room is available on the LOD Matrix homeserver.