OK, ich habe das Script nochmal angepasst, die aktiven Bans die direkt von Fail2Ban ausgelöst wurden werden jetzt auch wieder mit eingefügt
#!/bin/bash
# Adjust the values of the following variables
ABUSEIP_API_KEY="XXXXXXXXX"
MAILCOW_API_KEY="YYYYYYYY"
MAILSERVER_FQDN="your.mail.server"
echo "Retrieve IPs from AbuseIPDB"
curl -sG https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=90 \
-d plaintext \
-H "Key: $ABUSEIP_API_KEY" \
-H "Accept: application/json" \
-o /tmp/abuseipdb_blacklist.txt
# Capture the exit code from curl
exit_code=$?
# Check if curl encountered an error
if [ $exit_code -ne 0 ]; then
echo "Curl encountered an error with exit code $exit_code while rertieving the AbuseIPDB IPs"
exit 1
fi
# Add a newline to the end of the blacklist file
echo >> /tmp/abuseipdb_blacklist.txt
echo "Get current Fail2Ban config, extract active_bans IPs and add them to the blacklist file"
curl -s --header "Content-Type: application/json" \
--header "X-API-Key: $MAILCOW_API_KEY" \
"https://${MAILSERVER_FQDN}/api/v1/get/fail2ban" |\
jq -r '.active_bans[].ip' >> /tmp/abuseipdb_blacklist.txt
BLACKLIST=$(awk '{if (index($0, ":") > 0) printf "%s%s/128", sep, $0; else printf "%s%s/32", sep, $0; sep=","} END {print ""}' /tmp/abuseipdb_blacklist.txt)
cat <<EOF > /tmp/request.json
{
"items":["none"],
"attr": {
"blacklist": "$BLACKLIST"
}
}
EOF
echo "Add IPs to Fail2Ban"
curl -s --include \
--request POST \
--header "Content-Type: application/json" \
--header "X-API-Key: $MAILCOW_API_KEY" \
--data-binary @/tmp/request.json \
"https://${MAILSERVER_FQDN}/api/v1/edit/fail2ban"
# Capture the exit code from curl
exit_code=$?
# Check if curl encountered an error
if [ $exit_code -ne 0 ]; then
echo "Curl encountered an error with exit code $exit_code while setting the Fail2Ban IPs"
exit 1
fi
echo -e "\n\nAll done, have fun"
Das Paket “jq” muss noch zusätzlich installiert werden
Wie gesagt, bei mir macht das Script ansonsten keine Probleme.
