Fail2ban-FastAPI

Author: dunderrrrrr

.gitignore

@@ -0,0 +1,138 @@
+api/data/*.txt
+node_modules/
+npm-debug.log
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+node_modules

README.md

@@ -0,0 +1,88 @@
+fail2ban-fastapi
+----------
+  
+Fail2Ban operates by monitoring log files (e.g. `/var/log/auth.log`, `/var/log/apache/access.log`, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security.
+
+**What is fail2ban-fastapi?**  
+Frontend (vuejs) and backend (fastapi). FastAPI reads it's data from files created by this script (since Fail2ban's internal sqlite database is not human readable). The script user must have permissions to execute `$ fail2ban-client` to generate this data.
+```
+.
+├── api
+│   └── data/
+│       └── jails.txt
+│       └── jail_<jailname>.txt
+│       └── jail_<jailname>.txt
+```
+
+![Fail2ban-FastAPI Demo](https://i.imgur.com/7sQhGeh.gif)
+
+## Installation
+
+### Fail2ban Setup
+
+First of all, the script needs to be able to run `fail2ban-client` command. This is usually done with root permissions. To solve this, you need to create a new (non-root) user and run fail2ban as this user. 
+
+```bash
+$ sudo apt install fail2ban
+$ sudo adduser fail2ban
+```
+
+Set `User` to "fail2ban" in the [Service] section in `/lib/systemd/system/fail2ban.service`
+```text
+...
+[Service]
+User=fail2ban
+...
+```
+
+Change permissions of `/var/run/fail2ban`.
+```bash
+$ sudo chown -R fail2ban:root /var/run/fail2ban
+```
+
+Verify permissions with `sudo ls -la /var/run/fail2ban/`. Make sure fail2ban user can read and write to this location.
+
+Depending on your jails, the fail2ban user needs to be able read your logfiles (ex. `/var/log/auth.log`). An example configuration can be found in [jail.local.sample](./jail.local.sample).  
+  
+So change permisions of your logfiles.
+```bash
+$ sudo chown fail2ban:root /var/log/auth.log
+```
+
+Now you should be all set to reload `systemctl daemon` and restart fail2ban.
+
+```bash
+$ sudo systemctl daemon-reload
+$ sudo systemctl restart fail2ban.service
+```
+
+Check status of fail2ban.service to make sure we're all set and you have no errors.
+
+## Install Fail2ban-FastAPI
+
+Clone rep, create virtualenv and install requirements.
+```bash
+$ git clone [email protected]:dunderrrrrr/fail2ban-fastapi.git
+$ mkvirtualenv --python=/usr/bin/python3 fail2ban-fastapi
+$ pip install -r requirements.txt
+```
+
+Before starting FastAPI backend we'll need to generate some Fail2ban data. This will only be necessary once when setting up Fail2ban-FastAPI for the first time on.
+```bash
+$ cd api/
+$ python first_init.py
+```
+
+Start FastAPI backend.
+```bash
+$ python main.py
+```
+
+Start vuejs frontend.
+```bash
+$ npm install
+$ npm run dev
+```
+
+FastAPI backend can be access at `http://localhost:8000`.  
+Frontend access at `http://localhost:8080`.

api/_defs.py

@@ -0,0 +1,81 @@
+import re
+
+data_path = 'data/'
+data_format = '.txt'
+files = {
+    "jails": "{}jails{}".format(data_path, data_format)
+}
+
+def get_jaildata(jail, jail_path):
+    data = {}
+    f = open(jail_path, "r")
+    l = []
+    for line in f:
+        l.append(line)
+    data['fail_current'] = re.findall(r'\d+', l[2])[0]
+    data['fail_total'] = re.findall(r'\d+', l[3])[0]
+    data['bans_current'] = re.findall(r'\d+', l[6])[0]
+    data['bans_total'] = re.findall(r'\d+', l[7])[0]
+    data['log_file'] = l[4].split(':')[1].strip()
+    data['bans_iplist'] = l[8].split(':')[1].strip().split(' ')
+    return(data)
+
+def summary(obj_jails, jailnums):
+    tot_bans_current = []
+    tot_bans_total = []
+    for k,v in obj_jails['jail'].items():
+        tot_bans_current.append(int(v['bans_current']))
+        tot_bans_total.append(int(v['bans_total']))   
+    obj_jails['sum'] = {}
+    obj_jails['sum']['jail_nums'] = int(jailnums)
+    obj_jails['sum']['total_bans_current'] = sum(tot_bans_current)
+    obj_jails['sum']['total_bans_total'] = sum(tot_bans_total)   
+    return(obj_jails)
+
+def main():
+    obj_jails = {}
+    f = open(files['jails'], "r")
+    l = []
+    for line in f:
+        l.append(line)
+    jailnums = re.findall(r'\d+', l[1])[0]
+    jail_names = l[2].split(':')[1].strip()
+    obj_jails['jail'] = {} 
+    for jail in jail_names.split(', '):
+        jail_path = data_path + 'jail_' + jail + data_format
+        jail_data = get_jaildata(jail, jail_path)
+        obj_jails['jail'][jail] = {
+            "jail_name": jail,
+            "fails_current": jail_data['fail_current'],
+            "fails_total": jail_data['fail_total'],
+            "bans_current": jail_data['bans_current'],
+            "bans_total": jail_data['bans_total'],
+            "log_file": jail_data['log_file'],
+            "bans_iplist": jail_data['bans_iplist']
+        }
+    data = summary(obj_jails, jailnums)
+    return(data)
+
+def get_jail(jail):
+    f = open(files['jails'], "r")
+    l = []
+    for line in f:
+        l.append(line)   
+    jail_names = l[2].split(':')[1].strip().split(', ')
+    if jail in jail_names:
+        obj_jail = {
+            jail: {}
+        }
+        jail_path = data_path + 'jail_' + jail + data_format
+        jail_data = get_jaildata(jail, jail_path)
+        obj_jail[jail] = {
+            "fails_current": jail_data['fail_current'],
+            "fails_total": jail_data['fail_total'],
+            "bans_current": jail_data['bans_current'],
+            "bans_total": jail_data['bans_total'],
+            "log_file": jail_data['log_file'],
+            "bans_iplist": jail_data['bans_iplist']
+        }
+        return(obj_jail)
+    else:
+        return {"error": 404, "msg": "Jail name '{}' not found".format(jail)}

api/data/.gitkeep

@@ -0,0 +1,50 @@
+import os
+import time
+
+data_path = os.path.dirname(os.path.realpath(__file__)) + "/data/"
+
+def create_status():
+    print("Running fail2ban-client status")
+    filename = "jails.txt"
+    data = os.popen('fail2ban-client status').read()
+    file = open(data_path + filename, 'w') 
+    file.write(data)
+    print("Wrote to {}{}\n".format(data_path, filename))
+    
+def get_jails():
+    f = open(data_path + "jails.txt", "r")
+    l = []
+    for line in f:
+        l.append(line)
+    jail_names = l[2].split(':')[1].strip()
+    jails = jail_names.split(', ')
+    return(jails)
+
+def create_jail(jail):
+    print("Running fail2ban-client status {}".format(jail))
+    data = os.popen('fail2ban-client status {}'.format(jail)).read()
+    print("JAILDATA: ", data)
+    file = open(data_path + "jail_" + jail + ".txt", 'w') 
+    file.write(data)
+    print("wrote to {}jail_{}.txt\n".format(data_path, jail))
+
+def ban_ip(ip, jail):
+    print("Banning {} in jail {}".format(ip, jail))
+    data = os.popen('fail2ban-client set {} banip {}'.format(jail, ip)).read()
+    print(data)
+    time.sleep(1.5) # takes time to refresh jail (got diff in vue frontend)
+    create_jail(jail)
+
+def unban_ip(ip, jail):
+    print("Unbanning {} in jail {}".format(ip, jail))
+    data = os.popen('fail2ban-client set {} unbanip {}'.format(jail, ip)).read()
+    print(data)
+    time.sleep(1.5) # takes time to refresh jail (got diff in vue frontend)
+    create_jail(jail)
+
+def generate_files():
+    status = create_status()
+    jails = get_jails()
+    for jail in jails:
+        create_jail(jail)
+

api/f2b.py

@@ -0,0 +1,4 @@
+from f2b import generate_files
+
+if __name__ == "__main__":
+    generate_files()