2009-02-09 22:36:11 +00:00
|
|
|
__ _ _ ___ _
|
|
|
|
/ _|__ _(_) |_ ) |__ __ _ _ _
|
|
|
|
| _/ _` | | |/ /| '_ \/ _` | ' \
|
|
|
|
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
2015-04-27 02:10:48 +00:00
|
|
|
v0.9.2.dev 2015/xx/xx
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2013-05-03 03:55:26 +00:00
|
|
|
## Fail2Ban: ban hosts that cause multiple authentication errors
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2009-02-09 22:36:11 +00:00
|
|
|
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
|
|
|
|
password failures. It updates firewall rules to reject the IP address. These
|
|
|
|
rules can be defined by the user. Fail2Ban can read multiple log files such as
|
|
|
|
sshd or Apache web server ones.
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2014-02-02 04:17:10 +00:00
|
|
|
Fail2Ban is able to reduce the rate of incorrect authentications attempts
|
|
|
|
however it cannot eliminate the risk that weak authentication presents.
|
|
|
|
Configure services to use only two factor or public/private authentication
|
|
|
|
mechanisms if you really want to protect services.
|
|
|
|
|
2009-02-09 22:36:11 +00:00
|
|
|
This README is a quick introduction to Fail2ban. More documentation, FAQ, HOWTOs
|
2013-04-17 14:07:01 +00:00
|
|
|
are available in fail2ban(1) manpage and on the website http://www.fail2ban.org
|
2004-10-12 21:45:41 +00:00
|
|
|
|
|
|
|
Installation:
|
|
|
|
-------------
|
|
|
|
|
2013-04-25 04:07:39 +00:00
|
|
|
**It is possible that Fail2ban is already packaged for your distribution. In
|
|
|
|
this case, you should use it instead.**
|
|
|
|
|
2006-09-14 22:05:32 +00:00
|
|
|
Required:
|
2014-03-14 12:08:25 +00:00
|
|
|
- [Python2 >= 2.6 or Python >= 3.2](http://www.python.org) or [PyPy](http://pypy.org)
|
2006-09-14 22:05:32 +00:00
|
|
|
|
|
|
|
Optional:
|
2013-04-25 04:07:39 +00:00
|
|
|
- [pyinotify >= 0.8.3](https://github.com/seb-m/pyinotify)
|
|
|
|
- Linux >= 2.6.13
|
|
|
|
- [gamin >= 0.0.21](http://www.gnome.org/~veillard/gamin)
|
2013-05-10 16:06:53 +00:00
|
|
|
- [systemd >= 204](http://www.freedesktop.org/wiki/Software/systemd)
|
2015-01-24 17:22:34 +00:00
|
|
|
- [dnspython](http://www.dnspython.org/)
|
2004-10-12 21:45:41 +00:00
|
|
|
|
|
|
|
To install, just do:
|
|
|
|
|
2015-04-27 01:39:54 +00:00
|
|
|
tar xvfj fail2ban-0.9.2.tar.bz2
|
|
|
|
cd fail2ban-0.9.2
|
2013-04-25 04:07:39 +00:00
|
|
|
python setup.py install
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2014-03-14 12:08:25 +00:00
|
|
|
This will install Fail2Ban into the python library directory. The executable
|
|
|
|
scripts are placed into /usr/bin, and configuration under /etc/fail2ban.
|
2005-04-24 11:04:29 +00:00
|
|
|
|
2006-11-19 21:36:32 +00:00
|
|
|
Fail2Ban should be correctly installed now. Just type:
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2013-04-25 04:07:39 +00:00
|
|
|
fail2ban-client -h
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2013-04-17 14:07:01 +00:00
|
|
|
to see if everything is alright. You should always use fail2ban-client and
|
|
|
|
never call fail2ban-server directly.
|
2004-10-12 21:45:41 +00:00
|
|
|
|
|
|
|
Configuration:
|
|
|
|
--------------
|
|
|
|
|
2013-04-17 14:07:01 +00:00
|
|
|
You can configure Fail2Ban using the files in /etc/fail2ban. It is possible to
|
|
|
|
configure the server using commands sent to it by fail2ban-client. The
|
|
|
|
available commands are described in the fail2ban-client(1) manpage. Also see
|
2014-03-14 12:08:25 +00:00
|
|
|
fail2ban(1) and jail.conf(5) manpages for further references.
|
2006-08-22 22:20:09 +00:00
|
|
|
|
2013-04-25 04:07:39 +00:00
|
|
|
Code status:
|
|
|
|
------------
|
|
|
|
|
2013-05-10 02:27:16 +00:00
|
|
|
* [![tests status](https://secure.travis-ci.org/fail2ban/fail2ban.png?branch=master)](https://travis-ci.org/fail2ban/fail2ban) travis-ci.org (master branch)
|
2013-04-25 04:07:39 +00:00
|
|
|
|
|
|
|
* [![Coverage Status](https://coveralls.io/repos/fail2ban/fail2ban/badge.png?branch=master)](https://coveralls.io/r/fail2ban/fail2ban)
|
|
|
|
|
2004-10-12 21:45:41 +00:00
|
|
|
Contact:
|
|
|
|
--------
|
|
|
|
|
2014-04-17 17:19:03 +00:00
|
|
|
### Bugs, feature requests, discussions?
|
|
|
|
See [CONTRIBUTING.md](https://github.com/fail2ban/fail2ban/blob/master/CONTRIBUTING.md)
|
2011-11-29 02:39:41 +00:00
|
|
|
|
2013-04-25 04:07:39 +00:00
|
|
|
### You just appreciate this program:
|
2014-04-17 17:19:03 +00:00
|
|
|
send kudos to the original author ([Cyril Jaquier](mailto: Cyril Jaquier <cyril.jaquier@fail2ban.org>))
|
|
|
|
or *better* to the [mailing list](https://lists.sourceforge.net/lists/listinfo/fail2ban-users)
|
2013-04-17 14:07:01 +00:00
|
|
|
since Fail2Ban is "community-driven" for years now.
|
2004-10-12 21:45:41 +00:00
|
|
|
|
|
|
|
Thanks:
|
|
|
|
-------
|
|
|
|
|
2013-04-25 04:07:39 +00:00
|
|
|
See [THANKS](https://github.com/fail2ban/fail2ban/blob/master/THANKS) file.
|
2004-10-12 21:45:41 +00:00
|
|
|
|
|
|
|
License:
|
|
|
|
--------
|
|
|
|
|
2009-02-09 22:36:11 +00:00
|
|
|
Fail2Ban is free software; you can redistribute it and/or modify it under the
|
|
|
|
terms of the GNU General Public License as published by the Free Software
|
|
|
|
Foundation; either version 2 of the License, or (at your option) any later
|
2004-10-12 21:45:41 +00:00
|
|
|
version.
|
|
|
|
|
2009-02-09 22:36:11 +00:00
|
|
|
Fail2Ban is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
|
|
PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
2004-10-12 21:45:41 +00:00
|
|
|
|
2009-02-09 22:36:11 +00:00
|
|
|
You should have received a copy of the GNU General Public License along with
|
2013-03-10 04:18:09 +00:00
|
|
|
Fail2Ban; if not, write to the Free Software Foundation, Inc., 51 Franklin
|
|
|
|
Street, Fifth Floor, Boston, MA 02110, USA
|