fail2ban with mysql

Steps to configure:

1. Copy /etc/fail2ban/jail.conf to /etc/fail2ban/jail.local
2. Enable jail by: enabled = yes
3. Do not forget to enable your internal IPs

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 10.0.0.1/8 {{ ansible_eth0.ipv4.address }} {{ ansible_eth1.ipv4.address }}

Good Note from https://talk.plesk.com/threads/fail2ban-log-bans-to-mysql.344162/:

You could define actions that insert directly into you mysql database like:

actionban = printf %%b "insert into table('ban', '<ip>', <failures>, '<name>');" | mysql -u user, --password=password database

Have also à look to following web page:
http://www.seleads.com/fail2ban-mysql-database-manage-persistent-bans/

Here is an other example with “actionban”

actionban = /home/all/scripts/fail2ban-sms.sh ban <ip>
#You need actionban to do something every time a ban triggers.

Source : Extend Fail2ban to send text messages every time a user/bot gets banned

Testing Regexp

$ fail2ban-regex ./test.log '^.: NOQUEUE: reject: CONNECT from \S+[]: .$'

Resources

• Setting up your firewall with fail2ban, February 1, 2019
• How fail2ban saved my bacon
• Fork of fail2sql: https://github.com/nlivingstone/fail2sql
• http://fail2sql.sourceforge.net/
• https://serverfault.com/questions/625656/sharing-of-fail2ban-banned-ips
• Introducing fail2ban-zmq-tools: a fail2ban clustering solution based on zeromq or it’s Github page https://github.com/buanzo/fail2ban-zmq-tools using www.zeromq.org messaging API
• Centralize Fail2Ban – Part 1
• Centralize Fail2Ban – Part 2