diff --git a/Applications/fail2ban-manager/README.md b/Applications/fail2ban-manager/README.md index e3803bd..723c0db 100644 --- a/Applications/fail2ban-manager/README.md +++ b/Applications/fail2ban-manager/README.md @@ -1,25 +1,91 @@ # fail2ban-manager +An extensible CLI tool for managing [fail2ban](https://github.com/fail2ban/fail2ban). + +- [fail2ban-manager](#fail2ban-manager) + - [Introduction](#introduction) + - [Working with Jails](#working-with-jails) + - [Plugins](#plugins) + - [Cloudflare](#cloudflare) + - [Plugin: Hetzner](#plugin-hetzner) + - [Plugin: Telegram](#plugin-telegram) + - [Credits](#credits) + ## Introduction Source Code hosted on my [Forgejo instance](https://forgejo.gravityfargo.dev/gravityfargo/fail2ban-manager). Registration is enabled for the public with GitHub via Authentik. -Any issues and feature requests can be submitted to the [issue tracker](https://github.com/gravityfargo/fail2ban-manager) on GitHub. +Any issues and feature requests can be submitted here on GitHub. + +This tool is designed to make managing fail2ban easier without the need to edit configuration files. It is designed to be extensible via plugins, and easy to use. ## Working with Jails ## Plugins -### Enabling Plugins +### Cloudflare + +> Ban an IP address using IP Rules in [Cloudflare WAF](https://developers.cloudflare.com/waf/tools/ip-access-rules/create/). Jails are configured create rules in a specific DNS zone. Bans are cached in a database for fail2ban's check action to use. + +| Notes | | +| -------------------- | ----------------------------------------------------------------- | +| Typer generated docs | [Link](man/cloudflare.md) | +| Provided via | [Officicial SDK](https://github.com/cloudflare/cloudflare-python) | + +--- + +| Variable | Purpose | +| ---------------------- | ----------------------------------------- | +| `CLOUDFLARE_EMAIL` | Email address for Cloudflare account | +| `CLOUDFLARE_API_TOKEN` | Token with permissions to manage IP Rules | + +1. Enable the Cloudflare plugin + +```bash +f2bm plugin enable cloudflare +``` + +1. Create an [API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) +2. Get the [Zone ID](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) from Cloudflare and create a zone in the database + +```bash +f2bm cloudflare create-zone 11111111111111111111111111111111 example.com +``` ### Plugin: Hetzner -[MAN Page](plugins/hetzner.md) +> Whitelist ip addresses in the [Hetzner](https://www.hetzner.com/) cloud firewall, and bulk whitelist Cloudflare IP addresses. -### Plugin: Cloudflare +| Notes | | +| -------------------- | --------------------------------------------------------------- | +| Typer generated docs | [Link](man/hetzner.md) | +| Provided via | [Officicial SDK](https://github.com/hetznercloud/hcloud-python) | -[MAN Page](plugins/cloudflare.md) +--- + +1. Enable the Hetzner plugin + +```bash +f2bm plugin enable hetzner +``` + +2. Create an [API Token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/) ### Plugin: Telegram -[MAN Page](plugins/telegram.md) +> Send a message to a Telegram chat. Custom messages per-jail are supported as well as seperate groups for each jail. + +| Notes | | +| -------------------- | ----------------------------------------------------------------- | +| Typer generated docs | [Link](man/telegram.md) | +| Provided via | [Rest API](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) | + +--- + +## Credits + +- [Typer](https://github.com/fastapi/typer), build great CLIs. Easy to code. Based on Python type hints. + +- [Rich](https://github.com/Textualize/rich) is a Python library for rich text and beautiful formatting in the terminal. + +- [envoyer](https://forgejo.gravityfargo.dev/gravityfargo/envoyer) Stupid simple notifications library. (My Project)