@deafbutnotdead

fail2ban IP changes

I use fail2ban to protect my Linux PCs
I use SSH to access my computers from a distance.
One from a second home
One that's in a cupboard running as my server.
I need easy access, obviously.

The problem
One day, SSH worked.
The next day, I was locked out

Note that I use in my jail.local file the
ignore= IP "my PC's public ip, plus my other PC's public ip" that I use for ssh connections.

After spending ages to suss out the problem, I finally realised that my public IP had changed and I was locked out, doh...
Like many, I don't have a fixed IP, and so when the IP changed, I was banned/locked out, as my new IP wasn't trusted.

So, I added the new IP to the ignoreip list in my jail.local and restarting fail2ban and all worked again.

I presume that you know how to do the above, but just in case. In terminal :
sudo nano /etc/fail2ban/jail.local (I'm old school & prefer nano, plus I don't like vi), then added the new public IP to the line ignoreip = 123.22.33.44 for example.
Save the file, in my case ctrl o, ctrl x and run sudo systemctl restart fail2ban

Get alerted when your IP changes
After this, I said to myself. How to not get caught out by this again, I asked ChatGPT. Could I test my IP? (don't slag me, I'm crap at programming, so ChatGPT is a Godsend)
Here's how, it said 

First: Create a file to store the last IP
.last_public_ip (I created it in my home folder)
(note the dot before) as it's a hidden file and run chmod 600 ~/.last_public_ip (readable/writable only by the user) 

Second: Create an .sh file to create the IP-check script
ip_change_alert.sh (I created it here ~/Documents/My_SH_files) where all my SH files are stored
In this file, insert all the text below

#!/bin/sh

# File to store the last IP
LAST_IP_FILE="$HOME/.last_public_ip"

# Get current public IP
CURRENT_IP=$(curl -fs https://ipv4.icanhazip.com | tr -d '[:space:]')

# Abort if curl failed
[ -z "$CURRENT_IP" ] && exit 1

# If no last IP file, create it
if [ ! -f "$LAST_IP_FILE" ]; then
    echo "$CURRENT_IP" > "$LAST_IP_FILE"
    exit 0
fi

LAST_IP=$(<"$LAST_IP_FILE")

# Compare
if [ "$CURRENT_IP" != "$LAST_IP" ]; then
    echo "$CURRENT_IP" > "$LAST_IP_FILE"

    echo -e "Subject: Public IP Change Detected Debian1\n\nYour new IP is: $CURRENT_IP" \
        | /usr/sbin/sendmail -f "you@example.com" "you@example.com"
fi

I added this ip_change_alert.sh file with the above text to a folder called "My_SH_files"

When creating the file, you will need to make it executable (so cron can run it): 
chmod +x /home/xxx/Documents/My_SH_files/ip_change_alert.sh (this is my path, yours can and may be different)

Thirdly : 

The cron job that will run the file
*/10 * * * * /home/xxxx/Documents/My_SH_files/ip_change_alert.sh

It works well. I have had two IPs changed in the last month and had time to log in and add the new IP to my ignoreip list.

PS: to check your public IP, just type curl -4 ifconfig.me in the terminal.

Like this post? Buy me a coffee!
Your support means a lot and helps me keep creating useful content ☕😊
https://buymeacoffee.com/minty95

fail2ban fail2ban-blocked-out fail2ban-ignoreip fail2ban-ip fail2ban-ip-changes ignoreip