Yesterday, saw this week’s project come to life.
This week, I was working on a couple of scripts to report the IP addresses from Fail2Ban logs to Abuse IP DB, I know there is a tool already made for this, (actually built into Fail2Ban) but I wanted to give myself a quick project. As someone, who is not a programmer, and does not do that much coding, it’s nice to work on these little things every now and then.
Wolf Bot was a nice little extra I added to the scripts I made this week. As shortly after implementing this, I got a notification from one of my servers to let me know what updates had been installed over the week, so I decided to add Slack notifications to Wolf Bot.
The script has a few parts.
The first one is a controller that stores the config and runs the other scripts. It first runs a script that take the logs from Fail2Ban and outputs the IP addresses to a file that were banned for SSH Brute-Force attacks on my servers, and all the others to another file. The second script the script that reports these to Abuse IP DB. A third script that takes the output of successfully reported IP addresses and chucks them into Slack.
After taking a look at the Slack API, and it surprised me how easy it was to actually send nicely formatted messages to Slack, and I am quite tempted to find other things to write with the Slack API down the line. As getting notifications that were nicely formatted into Slack, was something I was able to do on my dinner break at work.
Following this, the Fail2Ban IP reporter is being rolled out to two of my servers. Wolf Bot now has his own Slack channel (#IP_Reports), which I have muted but is nice to look at to how many IP addresses are getting banned from accessing my servers.
I’ll have to write an aggregator of some kind down the line, as I don’t want a dozen messages a day coming into Slack, thus why I have only put the Fail2Ban reporter with Wolf Bot on two servers at the moment.