github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Fail2ban now support ipfw and ipfwadm 

- New options


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@47 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2004-11-06 14:06:06 +00:00
parent f1770f937b
commit 11330ff944
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README
View File

@ -9,8 +9,8 @@ Fail2Ban (version 0.1.1) 10/23/2004
Fail2Ban scans log files like /var/log/pwdfail and bans IP Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too much password failures. It updates firewall that makes too much password failures. It updates firewall
rules to reject the IP address. Currently sshd and iptables rules to reject the IP address. Currently sshd, iptables,
are supported. It needs log4py. ipfw and ipfwadm are supported. It needs log4py.
This is my first Python program. I began learning Python for This is my first Python program. I began learning Python for
less than one week so please be understanding ;-) English is less than one week so please be understanding ;-) English is
@ -32,10 +32,11 @@ So I search for a script or program that do it. Found
nothing :-( So I decide to write mine and to learn Python :-) nothing :-( So I decide to write mine and to learn Python :-)
I read the log file (/var/log/pwdfail/current on metalog) and I read the log file (/var/log/pwdfail/current on metalog) and
search for line with "Failed password". Then get the ip and search for a given pattern which indicates a login attempt.
if it has already done 3 or more password failure in the last Then I get the ip and if it has already done 3 or more
banTime, I ban the ip for banTime using a iptable rule. After password failure in the last banTime, I ban the ip for
banTime, the rule is deleted. banTime using a iptable rule. After banTime, the rule is
deleted.
Runs on my server and does its job rather well :-) The idea Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with most syslog daemons and is to make fail2ban usable with most syslog daemons and
@ -77,6 +78,7 @@ options:
-b start fail2ban in background -b start fail2ban in background
-d start fail2ban in debug mode -d start fail2ban in debug mode
-e <INTF> ban IP on the INTF interface
-f <FILE> read password failure from FILE -f <FILE> read password failure from FILE
-h display this help message -h display this help message
-i <IP(s)> IP(s) to ignore -i <IP(s)> IP(s) to ignore
@ -84,7 +86,8 @@ options:
-r <VALUE> allow a max of VALUE password failure -r <VALUE> allow a max of VALUE password failure
-t <TIME> ban IP for TIME seconds -t <TIME> ban IP for TIME seconds
-v verbose -v verbose
-w <FIWA> select the firewall to use. Can be iptables,
ipfwadm or ipfw
Contact: Contact:
-------- --------
@ -100,7 +103,7 @@ Cyril Jaquier: <lostcontrol@users.sourceforge.net>
Thanks: Thanks:
------- -------
Kévin Drapel, Marvin Rouge Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker
License: License: