Skip to content

Instantly share code, notes, and snippets.

@ThatLurker
Created January 2, 2018 11:04
Show Gist options
  • Save ThatLurker/b3cdfd427b3d4d20fa478b3df0b88adb to your computer and use it in GitHub Desktop.
Save ThatLurker/b3cdfd427b3d4d20fa478b3df0b88adb to your computer and use it in GitHub Desktop.
Get fail2ban banned ip's and location
#!/usr/bin/env python
# Fail2BanGeo.py, improved
import os
import sys
import GeoIP
import pyparsing as pp
if os.geteuid() != 0:
os.execvp("sudo", ["sudo"] + ["python"] + sys.argv)
log_path = '/var/log/fail2ban.log'
if os.path.exists(log_path):
log = open(log_path, 'r')
else:
log = open('/var/log/messages', 'r')
geo = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
octet = pp.Word(pp.nums, min=1, max=3)
ip_matcher = pp.Combine(octet + ('.' + octet) * 3)
for line in log:
if 'fail2ban' in line and 'Ban' in line:
match = ip_matcher.searchString(line)
if match:
ip = match.pop()[0]
code = geo.country_code_by_addr(ip)
name = geo.country_name_by_addr(ip)
if not code or not name:
print "No GeoIP info for IP %s." % ip
else:
print "GeoIP info for %s:\t%s, %s" % (ip, code, name)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment