About Chester250

Chester250 is a zip drive. An Iomega 250mb External Zip Drive. This is his story…

My development server is using Fail2Ban to monitor our log files for failed ssh login attempts. Fail2Ban will ban the ip address of anybody making several consecutive failed logins. I decided to go one further and integrate this process with Twitter. Using this writeup as a starting point, I put together a shell script to tweet from the command line.

Next, I had to configure Fail2Ban to run the tweet script when an IP is banned. To do this I configured a new action in /etc/fail2ban/action.d/, then called that action in /etc/fail2ban/jail.conf. The Fail2Ban documentation is a good place to start for more information.

Log Rotation, Python, and Google Maps

Updating Twitter when a new ban is issued is neat, but I wanted a better way to present the data over the long term. I’ve had fun with Google Maps in the past, and thought maybe it could be useful to get a better idea of where these failed logins were coming from. Using some python, I was able to add some code to the log rotation process to publish the log data in a weekly blog entry.

In addition to posting the contents of the logs to the blog and uploading the log file, I made use of this geolocation api to get location data on the ip addresses from the logs. The gps data is then used to generate a JSON data array that is stored with the blog entry. This array is used to generate the map in the browser.

Further Reading

Chester250.com is a product of bSC Technology. We’re using analytics by rockst4r.net. Follow @chester250 on Twitter. Send an email to postmaster at chester250.com