fail2ban-bot 🛡️📊

A Telegram bot for monitoring fail2ban activity: bans, statistics, service status, and geolocation mapping of attackers.

---

🚀 Features

• ✅ Real-time ban statistics (hour, day, week, month, year)
• ✅ Comparison with previous periods
• ✅ Service status: fail2ban running/enabled/version/start time
• ✅ SSH jail details via fail2ban-client status sshd
• 🌍 Geo-mapping of banned IPs:
  • World map with unique colors per country
  • Countries without bans → white
  • Legend with country + ban count
• 🔁 Auto-update of GeoIP database (monthly)
• 📢 Telegram notifications on GeoIP update
• 🐳 Fully Dockerized
• 📦 Easy deployment with .env config

---

📦 Prerequisites

• fail2ban installed and running
• Telegram Bot Token (from @BotFather)
• MaxMind account for GeoLite2 (free tier)

---

🛠️ Setup

1. Clone the repo

git clone https://github.com/ksalab/fail2ban_bot.git
cd fail2ban_bot

2. Create .env

cp example.env .env

3. Build docker image

docker build -t fail2ban-bot .

4. Run with Docker

docker run -d --name fail2ban-bot \
  -v /var/log/fail2ban.log:/var/log/fail2ban.log:ro \
  -v ./geoip:/app/geoip:rw \
  --restart unless-stopped \
  --env-file .env \
  fail2ban-bot

🔹 The bot will auto-download GeoIP DB on first run.

📅 Commands

COMMANDS	DESCRIPTIONS
/start	Welcome message
/stats	Ban stats by period
/status	Service status
/geo	Global geo map of banned IPs

🗺️ Geo Features

• /geo → world map with colored countries
• From stats menu → "🗺️ Geo Stats for This Period"
• Auto-updates GeoIP DB every 28 days
• Sends Telegram alert on update

📄 License

MIT License — see LICENSE

🤝 Contributing

PRs welcome! Please follow Python best practices and keep code clean.