Fail2Ban and Twitter

Using Fail2Ban in this situation is a no-brainer, but after getting it set up, I decided to go one further and integrate with Twitter. The first step in this is creating a script that can update twitter from the command line. Jeff Miller has a fantastic writeup that made this part very easy using python.

The second step is configure Fail2Ban to run the Twitter update script when an IP is banned. To do this I configured a new action in /etc/fail2ban/action.d/, then configure Fail2Ban to take that action in /etc/fail2ban/jail.conf. The Fail2Ban documentation has some good information regarding this process. Be sure to back up your jail.conf before making any changes.

Log Rotation and WordPress

Updating Twitter when a new ban is issued is neat, but I wanted a better way to present the data over the long term. After having success with WordPress’s ‘blog via email’ feature elsewhere, it seemed like a candidate for use here. A bash script was added to the log rotation sequence, which generates a condensed version of the weeks log file, crafts the posts content, and emails the content to the website.

Python GeoIP and Google Maps

In addition to the weekly blog post, each week the map on the front page is updated showing the locations of banned IP addresses from the latest log. Using the Python GeoIP API, an XML file is generate and uploaded to the server. JavaScript is then used to load the XML file and produce the map for display.