JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
Sefinek 2024-10-31 02:34:41 +01:00
parent c2f87159f7
commit adf9c284c5
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
README.md
View file

@ -1,14 +1,15 @@
# 🛡️ UFW AbuseIPDB Reporter
A tool that analyzes UFW firewall logs and reports malicious IP addresses to the [AbuseIPDB](https://www.abuseipdb.com) database.
> [!IMPORTANT]
> If you'd like to make changes to any files in this repository, please start by creating a public fork.
<div align="center">
[<a href="README.md">English</a>]
[<a href="README_PL.md">Polish</a>]
</div>
# 🛡️ UFW AbuseIPDB Reporter
A tool that analyzes UFW firewall logs and reports malicious IP addresses to the [AbuseIPDB](https://www.abuseipdb.com) database.
If you like this repository or find it useful, I would greatly appreciate it if you could give it a star ⭐. Thanks a lot!
> [!IMPORTANT]
> If you'd like to make changes to any files in this repository, please start by creating a public fork.
- [⚙️ How does it work in detail?](#how-it-works)
- [📋 Requirements](#requirements)
- [🛠️ Installing required packages](#installing-required-packages)
@ -24,7 +25,6 @@ A tool that analyzes UFW firewall logs and reports malicious IP addresses to the
See also this: [sefinek24/Node-Cloudflare-WAF-AbuseIPDB](https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB)
> If you like this repository or find it useful, I would greatly appreciate it if you could give it a star ⭐. Thanks a lot!
## ⚙️ How does it work in detail?<div id="how-it-works"></div>
1. **Monitoring UFW logs:** The tool continuously monitors logs generated by the UFW firewall, looking for unauthorized access attempts or other suspicious activities.
@ -32,6 +32,7 @@ See also this: [sefinek24/Node-Cloudflare-WAF-AbuseIPDB](https://github.com/sefi
3. **Reporting IP to AbuseIPDB:** If the IP meets the criteria, the address is reported to the AbuseIPDB database with information about the protocol, source port, destination port, etc.
4. **Cache of reported IPs:** The tool stores a list of reported IPs in a temporary file to prevent multiple reports of the same IP address in a short period.
## 📋 Requirements<div id="requirements"></div>
- **Operating System:** Linux with UFW firewall installed and configured.
- **AbuseIPDB Account:** An account on the AbuseIPDB service [with a valid API token](https://www.abuseipdb.com/account/api). The API token is required.
@ -89,14 +90,13 @@ journalctl -u abuseipdb-ufw.service -f
### 📄 Example report<div id="example-report"></div>
```
Blocked by UFW (TCP on port 848).
Source port: 42764
TTL: 236
Packet length: 40
Blocked by UFW (TCP on port 11682).
Source port: 56585
TTL: 60
Packet length: 44
TOS: 0x00
Timestamp: 2024-08-20 09:06:48 [Europe/Warsaw]
This report (for 83.222.190.122) was generated by:
This report (for 147.185.133.245) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter
```