mirror of https://github.com/fail2ban/fail2ban
parent
c3909b8ec4
commit
120a1d9fbc
13
CHANGELOG
13
CHANGELOG
|
@ -4,9 +4,20 @@
|
||||||
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
||||||
|
|
||||||
=============================================================
|
=============================================================
|
||||||
Fail2Ban (version 0.5.0) 2005/07/12
|
Fail2Ban (version 0.5.1) 2005/07/23
|
||||||
=============================================================
|
=============================================================
|
||||||
|
|
||||||
|
ver. 0.5.1 (2005/07/23) - beta
|
||||||
|
----------
|
||||||
|
- Fixed bugs #1241756, #1239557
|
||||||
|
- Added log targets in configuration file. Removed -l option
|
||||||
|
- Changed iptables rules in order to create a separated chain
|
||||||
|
for each section
|
||||||
|
- Fixed static banList in firewall.py
|
||||||
|
- Added an initd script for Debian. Thanks to Yaroslav
|
||||||
|
Halchenko
|
||||||
|
- Check for obsolete files after install
|
||||||
|
|
||||||
ver. 0.5.0 (2005/07/12) - beta
|
ver. 0.5.0 (2005/07/12) - beta
|
||||||
----------
|
----------
|
||||||
- Added support for CIDR mask in ignoreip
|
- Added support for CIDR mask in ignoreip
|
||||||
|
|
2
PKG-INFO
2
PKG-INFO
|
@ -1,6 +1,6 @@
|
||||||
Metadata-Version: 1.0
|
Metadata-Version: 1.0
|
||||||
Name: fail2ban
|
Name: fail2ban
|
||||||
Version: 0.5.0
|
Version: 0.5.1
|
||||||
Summary: Ban IPs that make too many password failure
|
Summary: Ban IPs that make too many password failure
|
||||||
Home-page: http://fail2ban.sourceforge.net
|
Home-page: http://fail2ban.sourceforge.net
|
||||||
Author: Cyril Jaquier
|
Author: Cyril Jaquier
|
||||||
|
|
25
README
25
README
|
@ -4,7 +4,7 @@
|
||||||
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
||||||
|
|
||||||
=============================================================
|
=============================================================
|
||||||
Fail2Ban (version 0.5.0) 2005/07/12
|
Fail2Ban (version 0.5.1) 2005/07/23
|
||||||
=============================================================
|
=============================================================
|
||||||
|
|
||||||
Fail2Ban scans log files like /var/log/pwdfail and bans IP
|
Fail2Ban scans log files like /var/log/pwdfail and bans IP
|
||||||
|
@ -55,34 +55,36 @@ Installation:
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Require: python-2.3 (http://www.python.org)
|
Require: python-2.3 (http://www.python.org)
|
||||||
log4py-1.1 (http://sourceforge.net/projects/log4py)
|
log4py-1.3 (http://sourceforge.net/projects/log4py)
|
||||||
|
|
||||||
To install, just do:
|
To install, just do:
|
||||||
|
|
||||||
> tar xvfj fail2ban-0.5.0.tar.bz2
|
> tar xvfj fail2ban-0.5.1.tar.bz2
|
||||||
> cd fail2ban-0.5.0
|
> cd fail2ban-0.5.1
|
||||||
> python setup.py install
|
> python setup.py install
|
||||||
|
|
||||||
This will install Fail2Ban into /usr/lib/fail2ban. The
|
This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban
|
||||||
fail2ban.py executable is placed into /usr/bin.
|
executable is placed into /usr/bin.
|
||||||
|
|
||||||
Gentoo: an ebuild is available on the website.
|
Gentoo: an ebuild is available on the website.
|
||||||
Debian: a package is available on the website.
|
Debian: a package is available on the website.
|
||||||
|
|
||||||
Fail2Ban should now be correctly installed. Just type:
|
Fail2Ban should now be correctly installed. Just type:
|
||||||
|
|
||||||
> fail2ban.py -h
|
> fail2ban -h
|
||||||
|
|
||||||
to see if everything is alright. You can configure fail2ban
|
to see if everything is alright. You can configure fail2ban
|
||||||
with a config file. Copy config/fail2ban.conf.default to
|
with a config file. Copy config/fail2ban.conf.default to
|
||||||
/etc/fail2ban.conf.
|
/etc/fail2ban.conf.
|
||||||
|
|
||||||
Gentoo users can use the initd script available in config/.
|
You can use the initd script available in config/. Copy
|
||||||
Copy gentoo-initd to /etc/init.d/fail2ban and gentoo-confd
|
<dist>-initd to /etc/init.d/fail2ban. Gentoo users must copy
|
||||||
to /etc/conf.d/fail2ban. You can start fail2ban and add it
|
gentoo-confd to /etc/conf.d/fail2ban. You can start fail2ban:
|
||||||
to your default runlevel:
|
|
||||||
|
|
||||||
> /etc/init.d/fail2ban start
|
> /etc/init.d/fail2ban start
|
||||||
|
|
||||||
|
Gentoo users can add it to the default runlevel:
|
||||||
|
|
||||||
> rc-update add fail2ban default
|
> rc-update add fail2ban default
|
||||||
|
|
||||||
Configuration:
|
Configuration:
|
||||||
|
@ -100,7 +102,6 @@ options:
|
||||||
-h display this help message
|
-h display this help message
|
||||||
-i <IP(s)> IP(s) to ignore
|
-i <IP(s)> IP(s) to ignore
|
||||||
-k kill a currently running Fail2Ban instance
|
-k kill a currently running Fail2Ban instance
|
||||||
-l <FILE> log messages in FILE
|
|
||||||
-r <VALUE> allow a max of VALUE password failure
|
-r <VALUE> allow a max of VALUE password failure
|
||||||
-t <TIME> ban IP for TIME seconds
|
-t <TIME> ban IP for TIME seconds
|
||||||
-v verbose. Use twice for greater effect
|
-v verbose. Use twice for greater effect
|
||||||
|
|
10
TODO
10
TODO
|
@ -7,9 +7,7 @@
|
||||||
ToDo
|
ToDo
|
||||||
=============================================================
|
=============================================================
|
||||||
|
|
||||||
- cleanup fail2ban.py
|
See Feature Request Tracking System at SourceForge.net
|
||||||
- improve configuration file and command line options
|
|
||||||
handling
|
- improve installation process (better prefix support)
|
||||||
- improve installation process
|
- add better documentation (man page)
|
||||||
- add init script
|
|
||||||
- use FAM (inotify, gamin, ...)
|
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# Fail2Ban init.d file - to be launched on boot
|
||||||
|
#
|
||||||
|
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
|
||||||
|
# Modified for Debian
|
||||||
|
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
||||||
|
# Adjusted for Fail2Ban
|
||||||
|
# by Yaroslav Halchenko <debian@onerussian.com>.
|
||||||
|
#
|
||||||
|
# Version: $Id: $
|
||||||
|
#
|
||||||
|
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/bin/fail2ban
|
||||||
|
NAME=fail2ban
|
||||||
|
DESC=fail2ban
|
||||||
|
PIDFILE=/var/run/$NAME.pid
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
|
||||||
|
# Include fail2ban defaults if available
|
||||||
|
if [ -f /etc/default/fail2ban ] ; then
|
||||||
|
. /etc/default/fail2ban
|
||||||
|
fi
|
||||||
|
DAEMON_OPTS=$FAIL2BAN_OPTS
|
||||||
|
set -e
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
echo -n "Starting $DESC: "
|
||||||
|
[ -f $PIDFILE ] && [ ! -d /proc/`cat $PIDFILE` ] && rm -f $PIDFILE
|
||||||
|
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
|
||||||
|
-b --exec $DAEMON -- $DAEMON_OPTS
|
||||||
|
echo "$NAME."
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
echo -n "Stopping $DESC: "
|
||||||
|
start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid
|
||||||
|
rm -f $PIDFILE
|
||||||
|
echo "$NAME."
|
||||||
|
;;
|
||||||
|
restart|force-reload)
|
||||||
|
#
|
||||||
|
# If the "reload" option is implemented, move the "force-reload"
|
||||||
|
# option to the "reload" entry above. If not, "force-reload" is
|
||||||
|
# just the same as "restart".
|
||||||
|
#
|
||||||
|
echo -n "Restarting $DESC: "
|
||||||
|
( $0 stop )
|
||||||
|
sleep 1
|
||||||
|
$0 start
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
N=/etc/init.d/$NAME
|
||||||
|
# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
|
||||||
|
echo "Usage: $N {start|stop|restart|force-reload}" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,6 +1,6 @@
|
||||||
# Fail2Ban configuration file
|
# Fail2Ban configuration file
|
||||||
#
|
#
|
||||||
# $Revision: 1.8.2.5 $
|
# $Revision: 1.8.2.7 $
|
||||||
#
|
#
|
||||||
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de
|
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de
|
||||||
|
|
||||||
|
@ -17,18 +17,18 @@ background = true
|
||||||
#
|
#
|
||||||
debug = false
|
debug = false
|
||||||
|
|
||||||
|
# Option: logtargets
|
||||||
|
# Notes.: log targets. Space separated list of logging targets.
|
||||||
|
# Values: STDOUT STDERR SYSLOG file Default: STDOUT /var/log/fail2ban.log
|
||||||
|
#
|
||||||
|
logtargets = STDOUT /var/log/fail2ban.log
|
||||||
|
|
||||||
# Option: pidlock
|
# Option: pidlock
|
||||||
# Notes.: path of the PID lock file (must be able to write to file).
|
# Notes.: path of the PID lock file (must be able to write to file).
|
||||||
# Values: FILE Default: /var/run/fail2ban.pid
|
# Values: FILE Default: /var/run/fail2ban.pid
|
||||||
#
|
#
|
||||||
pidlock = /var/run/fail2ban.pid
|
pidlock = /var/run/fail2ban.pid
|
||||||
|
|
||||||
# Option: logfile
|
|
||||||
# Notes.: logfile for logging fail2ban messages.
|
|
||||||
# Values: FILE Default: /var/log/fail2ban.log
|
|
||||||
#
|
|
||||||
logfile = /var/log/fail2ban.log
|
|
||||||
|
|
||||||
# Option: maxretry
|
# Option: maxretry
|
||||||
# Notes.: number of retrys before IP gets banned.
|
# Notes.: number of retrys before IP gets banned.
|
||||||
# Values: NUM Default: 3
|
# Values: NUM Default: 3
|
||||||
|
@ -45,9 +45,12 @@ bantime = 600
|
||||||
# Notes.: space separated list of IP's to be ignored by fail2ban.
|
# Notes.: space separated list of IP's to be ignored by fail2ban.
|
||||||
# You can use CIDR mask in order to specify a range.
|
# You can use CIDR mask in order to specify a range.
|
||||||
# Example: ignoreip = 192.168.0.1/24 123.45.235.65
|
# Example: ignoreip = 192.168.0.1/24 123.45.235.65
|
||||||
# Values: IP Default: 192.168.0.0/24
|
# Values: IP Default: empty
|
||||||
|
# Examples
|
||||||
|
# ignoreip = 192.168.0.0/24
|
||||||
#
|
#
|
||||||
ignoreip = 192.168.0.0/16
|
ignoreip =
|
||||||
|
|
||||||
|
|
||||||
# Option: cmdstart
|
# Option: cmdstart
|
||||||
# Notes.: command executed once at the start of Fail2Ban
|
# Notes.: command executed once at the start of Fail2Ban
|
||||||
|
@ -93,7 +96,8 @@ port = 25
|
||||||
from = fail2ban
|
from = fail2ban
|
||||||
|
|
||||||
# Option: to
|
# Option: to
|
||||||
# Notes.: e-mail address of the receiver.
|
# Notes.: e-mail addresses of the receiver. Addresses are space
|
||||||
|
# separated.
|
||||||
# Values: MAIL Default: root
|
# Values: MAIL Default: root
|
||||||
#
|
#
|
||||||
to = root
|
to = root
|
||||||
|
@ -116,10 +120,10 @@ subject = [Fail2Ban] Banned <ip>
|
||||||
# Values: TEXT Default:
|
# Values: TEXT Default:
|
||||||
#
|
#
|
||||||
message = Hi,<br>
|
message = Hi,<br>
|
||||||
The IP <ip> has just been banned by Fail2Ban after
|
The IP <ip> has just been banned by Fail2Ban after
|
||||||
<failures> attempts.<br>
|
<failures> attempts.<br>
|
||||||
Regards,<br>
|
Regards,<br>
|
||||||
Fail2Ban
|
Fail2Ban
|
||||||
|
|
||||||
# You can define a new section for each log file to check for
|
# You can define a new section for each log file to check for
|
||||||
# password failure. Each section has to define the following
|
# password failure. Each section has to define the following
|
||||||
|
@ -143,13 +147,17 @@ logfile = /var/log/apache/access.log
|
||||||
# Notes.: command executed once at the start of Fail2Ban
|
# Notes.: command executed once at the start of Fail2Ban
|
||||||
# Values: CMD Default:
|
# Values: CMD Default:
|
||||||
#
|
#
|
||||||
fwstart =
|
fwstart = iptables -N FAIL2BAN-HTTP
|
||||||
|
iptables -I INPUT -i eth0 -p tcp --dport http -j FAIL2BAN-HTTP
|
||||||
|
iptables -A FAIL2BAN-HTTP -j RETURN
|
||||||
|
|
||||||
# Option: fwend
|
# Option: fwend
|
||||||
# Notes.: command executed once at the end of Fail2Ban
|
# Notes.: command executed once at the end of Fail2Ban
|
||||||
# Values: CMD Default:
|
# Values: CMD Default:
|
||||||
#
|
#
|
||||||
fwend =
|
fwend = iptables -D INPUT -i eth0 -p tcp --dport http -j FAIL2BAN-HTTP
|
||||||
|
iptables -D FAIL2BAN-HTTP -j RETURN
|
||||||
|
iptables -X FAIL2BAN-HTTP
|
||||||
|
|
||||||
# Option: fwban
|
# Option: fwban
|
||||||
# Notes.: command executed when banning an IP. Take care that the
|
# Notes.: command executed when banning an IP. Take care that the
|
||||||
|
@ -161,7 +169,7 @@ fwend =
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
# Default: iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
# Default: iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
||||||
#
|
#
|
||||||
fwban = iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
fwban = iptables -I FAIL2BAN-HTTP 1 -i eth0 -s <ip> -j DROP
|
||||||
|
|
||||||
# Option: fwunban
|
# Option: fwunban
|
||||||
# Notes.: command executed when unbanning an IP. Take care that the
|
# Notes.: command executed when unbanning an IP. Take care that the
|
||||||
|
@ -172,7 +180,7 @@ fwban = iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
# Default: iptables -D INPUT -i eth0 -s <ip> -j DROP
|
# Default: iptables -D INPUT -i eth0 -s <ip> -j DROP
|
||||||
#
|
#
|
||||||
fwunban = iptables -D INPUT -i eth0 -s <ip> -j DROP
|
fwunban = iptables -D FAIL2BAN-HTTP -i eth0 -s <ip> -j DROP
|
||||||
|
|
||||||
# Option: timeregex
|
# Option: timeregex
|
||||||
# Notes.: regex to match timestamp in Apache logfile.
|
# Notes.: regex to match timestamp in Apache logfile.
|
||||||
|
@ -211,13 +219,17 @@ logfile = /var/log/auth.log
|
||||||
# Notes.: command executed once at the start of Fail2Ban
|
# Notes.: command executed once at the start of Fail2Ban
|
||||||
# Values: CMD Default:
|
# Values: CMD Default:
|
||||||
#
|
#
|
||||||
fwstart =
|
fwstart = iptables -N FAIL2BAN-SSH
|
||||||
|
iptables -I INPUT -i eth0 -p tcp --dport ssh -j FAIL2BAN-SSH
|
||||||
|
iptables -A FAIL2BAN-SSH -j RETURN
|
||||||
|
|
||||||
# Option: fwend
|
# Option: fwend
|
||||||
# Notes.: command executed once at the end of Fail2Ban
|
# Notes.: command executed once at the end of Fail2Ban
|
||||||
# Values: CMD Default:
|
# Values: CMD Default:
|
||||||
#
|
#
|
||||||
fwend =
|
fwend = iptables -D INPUT -i eth0 -p tcp --dport ssh -j FAIL2BAN-SSH
|
||||||
|
iptables -D FAIL2BAN-SSH -j RETURN
|
||||||
|
iptables -X FAIL2BAN-SSH
|
||||||
|
|
||||||
# Option: fwbanrule
|
# Option: fwbanrule
|
||||||
# Notes.: command executed when banning an IP. Take care that the
|
# Notes.: command executed when banning an IP. Take care that the
|
||||||
|
@ -229,7 +241,7 @@ fwend =
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
# Default: iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
# Default: iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
||||||
#
|
#
|
||||||
fwban = iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
fwban = iptables -I FAIL2BAN-SSH 1 -i eth0 -s <ip> -j DROP
|
||||||
|
|
||||||
# Option: fwunbanrule
|
# Option: fwunbanrule
|
||||||
# Notes.: command executed when unbanning an IP. Take care that the
|
# Notes.: command executed when unbanning an IP. Take care that the
|
||||||
|
@ -240,7 +252,7 @@ fwban = iptables -I INPUT 1 -i eth0 -s <ip> -j DROP
|
||||||
# Values: CMD
|
# Values: CMD
|
||||||
# Default: iptables -D INPUT -i eth0 -s <ip> -j DROP
|
# Default: iptables -D INPUT -i eth0 -s <ip> -j DROP
|
||||||
#
|
#
|
||||||
fwunban = iptables -D INPUT -i eth0 -s <ip> -j DROP
|
fwunban = iptables -D FAIL2BAN-SSH -i eth0 -s <ip> -j DROP
|
||||||
|
|
||||||
# Option: timeregex
|
# Option: timeregex
|
||||||
# Notes.: regex to match timestamp in SSH logfile.
|
# Notes.: regex to match timestamp in SSH logfile.
|
||||||
|
|
|
@ -2,12 +2,18 @@ fail2ban for Debian
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
This package is nearly 100% identical to the upstream version. It was
|
This package is nearly 100% identical to the upstream version. It was
|
||||||
merely packaged to be installed on a Debian system.
|
merely packaged to be installed on a Debian system and due to tight
|
||||||
|
collaboration with upstream author most of the Debian modifications
|
||||||
|
penetrate into the next upstream.
|
||||||
|
|
||||||
Module log4py installed into lib/fail2ban directory because there is no
|
Currently the main difference with upstream: python libraries are
|
||||||
package for not-developed-in-a-long-time fail2ban
|
placed under /usr/share/fail2ban insteadh of /usr/lib/fail2ban to
|
||||||
|
comply with policy regarding architecture independent resources.
|
||||||
|
|
||||||
|
Module log4py installed along into fail2ban directory because there is
|
||||||
|
no package for not-developed-in-a-long-time fail2ban
|
||||||
|
|
||||||
See the file TODO.Debian for more details, as well as the Debian Bug
|
See the file TODO.Debian for more details, as well as the Debian Bug
|
||||||
Tracking system.
|
Tracking system.
|
||||||
|
|
||||||
-- Yaroslav Halchenko <debian@onerussian.com>, Tue, 4 Jul 2005 00:00:00 -1000
|
-- Yaroslav O. Halchenko <debian@onerussian.com>, Sat Jul 23 09:09:51 2005
|
||||||
|
|
|
@ -1,6 +1,13 @@
|
||||||
|
fail2ban (0.5.1-1) unstable; urgency=low
|
||||||
|
|
||||||
|
* New upstream release
|
||||||
|
|
||||||
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 23 Jul 2005 08:50:00 -1000
|
||||||
|
|
||||||
fail2ban (0.5.0-1) unstable; urgency=low
|
fail2ban (0.5.0-1) unstable; urgency=low
|
||||||
|
|
||||||
* New upstream release
|
* New upstream release
|
||||||
|
* Libraries placed under /usr/share/fail2ban instead of /usr/lib/fail2ban
|
||||||
* Corrections to the description of the package
|
* Corrections to the description of the package
|
||||||
|
|
||||||
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 12 Jul 2005 23:33:20 -1000
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 12 Jul 2005 23:33:20 -1000
|
||||||
|
|
|
@ -2,7 +2,5 @@
|
||||||
# Run the "uscan" command to check for upstream updates and more.
|
# Run the "uscan" command to check for upstream updates and more.
|
||||||
# Site Directory Pattern Version Script
|
# Site Directory Pattern Version Script
|
||||||
version=3
|
version=3
|
||||||
http://sf.net/fail2ban/fail2ban-(.*)\.tar\.bz2
|
|
||||||
#http://voxel.dl.sourceforge.net/sourceforge/fail2ban/ \
|
http://sf.net/fail2ban/fail2ban-(.*)\.tar\.bz2 debian svn-upgrade
|
||||||
# fail2ban-([0-9]+\.[0-9]+\.[0-9]*)\.tar\.bz2
|
|
||||||
# debian uupdate
|
|
||||||
|
|
10
fail2ban
10
fail2ban
|
@ -18,21 +18,21 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.4.2.2 $
|
# $Revision: 1.4.2.3 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.4.2.2 $"
|
__version__ = "$Revision: 1.4.2.3 $"
|
||||||
__date__ = "$Date: 2005/07/08 10:21:52 $"
|
__date__ = "$Date: 2005/07/15 14:11:21 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
from sys import exit, path
|
from sys import exit, path
|
||||||
|
|
||||||
#yoh: We do need to load this path first if we ship log4py with fail2ban
|
#yoh: We do need to load this path first if we ship log4py with fail2ban
|
||||||
# Appends our own modules path
|
# Appends our own modules path. Added before log4py import
|
||||||
|
# because log4py could be distributed with Fail2Ban.
|
||||||
path.append('/usr/share/fail2ban')
|
path.append('/usr/share/fail2ban')
|
||||||
|
|
||||||
|
|
||||||
# Checks for required libs
|
# Checks for required libs
|
||||||
# Checks if log4py is present.
|
# Checks if log4py is present.
|
||||||
try:
|
try:
|
||||||
|
|
57
fail2ban.py
57
fail2ban.py
|
@ -16,23 +16,24 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.20.2.5 $
|
# $Revision: 1.20.2.8 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.20.2.5 $"
|
__version__ = "$Revision: 1.20.2.8 $"
|
||||||
__date__ = "$Date: 2005/07/12 13:11:58 $"
|
__date__ = "$Date: 2005/07/22 21:13:19 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
import time, sys, getopt, os, string, signal, log4py
|
import time, sys, getopt, os, string, signal, log4py
|
||||||
from ConfigParser import *
|
from ConfigParser import *
|
||||||
|
|
||||||
|
from version import version
|
||||||
from firewall.firewall import Firewall
|
from firewall.firewall import Firewall
|
||||||
from logreader.logreader import LogReader
|
from logreader.logreader import LogReader
|
||||||
from confreader.configreader import ConfigReader
|
from confreader.configreader import ConfigReader
|
||||||
from utils.process import *
|
|
||||||
from utils.mail import Mail
|
from utils.mail import Mail
|
||||||
from version import version
|
from utils.dns import *
|
||||||
|
from utils.process import *
|
||||||
|
|
||||||
# Gets the instance of log4py.
|
# Gets the instance of log4py.
|
||||||
logSys = log4py.Logger().get_instance()
|
logSys = log4py.Logger().get_instance()
|
||||||
|
@ -56,7 +57,6 @@ def dispUsage():
|
||||||
print " -h display this help message"
|
print " -h display this help message"
|
||||||
print " -i <IP(s)> IP(s) to ignore"
|
print " -i <IP(s)> IP(s) to ignore"
|
||||||
print " -k kill a currently running Fail2Ban instance"
|
print " -k kill a currently running Fail2Ban instance"
|
||||||
print " -l <FILE> log messages in FILE"
|
|
||||||
print " -r <VALUE> allow a max of VALUE password failure"
|
print " -r <VALUE> allow a max of VALUE password failure"
|
||||||
print " -t <TIME> ban IP for TIME seconds"
|
print " -t <TIME> ban IP for TIME seconds"
|
||||||
print " -v verbose. Use twice for greater effect"
|
print " -v verbose. Use twice for greater effect"
|
||||||
|
@ -119,8 +119,6 @@ def getCmdLineOptions(optList):
|
||||||
conf["background"] = True
|
conf["background"] = True
|
||||||
if opt[0] == "-d":
|
if opt[0] == "-d":
|
||||||
conf["debug"] = True
|
conf["debug"] = True
|
||||||
if opt[0] == "-l":
|
|
||||||
conf["logfile"] = opt[1]
|
|
||||||
if opt[0] == "-t":
|
if opt[0] == "-t":
|
||||||
try:
|
try:
|
||||||
conf["bantime"] = int(opt[1])
|
conf["bantime"] = int(opt[1])
|
||||||
|
@ -153,7 +151,7 @@ def main():
|
||||||
|
|
||||||
# Reads the command line options.
|
# Reads the command line options.
|
||||||
try:
|
try:
|
||||||
cmdOpts = 'hvVbdkc:l:t:i:r:p:'
|
cmdOpts = 'hvVbdkc:t:i:r:p:'
|
||||||
cmdLongOpts = ['help','version']
|
cmdLongOpts = ['help','version']
|
||||||
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
|
optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
|
||||||
except getopt.GetoptError:
|
except getopt.GetoptError:
|
||||||
|
@ -171,8 +169,8 @@ def main():
|
||||||
|
|
||||||
# Options
|
# Options
|
||||||
optionValues = (["bool", "background", False],
|
optionValues = (["bool", "background", False],
|
||||||
|
["str", "logtargets", "STDOUT /var/log/fail2ban.log"],
|
||||||
["bool", "debug", False],
|
["bool", "debug", False],
|
||||||
["str", "logfile", "/var/log/fail2ban.log"],
|
|
||||||
["str", "pidlock", "/var/run/fail2ban.pid"],
|
["str", "pidlock", "/var/run/fail2ban.pid"],
|
||||||
["int", "maxretry", 3],
|
["int", "maxretry", 3],
|
||||||
["int", "bantime", 600],
|
["int", "bantime", 600],
|
||||||
|
@ -188,6 +186,31 @@ def main():
|
||||||
getCmdLineOptions(optList)
|
getCmdLineOptions(optList)
|
||||||
|
|
||||||
# Process some options
|
# Process some options
|
||||||
|
# Log targets
|
||||||
|
# Bug fix for #1234699
|
||||||
|
os.umask(0077)
|
||||||
|
# Remove all the targets before setting our own
|
||||||
|
logSys.remove_all_targets()
|
||||||
|
for target in conf["logtargets"].split():
|
||||||
|
if target == "STDOUT":
|
||||||
|
logSys.add_target(log4py.TARGET_SYS_STDOUT)
|
||||||
|
elif target == "STDERR":
|
||||||
|
logSys.add_target(log4py.TARGET_SYS_STDERR)
|
||||||
|
elif target == "SYSLOG":
|
||||||
|
logSys.add_target(log4py.TARGET_SYSLOG)
|
||||||
|
else:
|
||||||
|
# Target should be a file
|
||||||
|
try:
|
||||||
|
open(target, "a")
|
||||||
|
logSys.add_target(target)
|
||||||
|
except IOError:
|
||||||
|
logSys.error("Unable to log to " + target)
|
||||||
|
|
||||||
|
# Check if at least one target exists
|
||||||
|
if len(logSys.get_targets()) == 0:
|
||||||
|
logSys.add_target(log4py.TARGET_SYS_STDOUT)
|
||||||
|
logSys.error("No valid logging target found. Logging to STDOUT")
|
||||||
|
|
||||||
# Verbose level
|
# Verbose level
|
||||||
if conf["verbose"]:
|
if conf["verbose"]:
|
||||||
logSys.warn("Verbose level is "+`conf["verbose"]`)
|
logSys.warn("Verbose level is "+`conf["verbose"]`)
|
||||||
|
@ -210,14 +233,6 @@ def main():
|
||||||
if not retCode:
|
if not retCode:
|
||||||
logSys.error("Unable to start daemon")
|
logSys.error("Unable to start daemon")
|
||||||
sys.exit(-1)
|
sys.exit(-1)
|
||||||
# Bug fix for #1234699
|
|
||||||
os.umask(0077)
|
|
||||||
try:
|
|
||||||
open(conf["logfile"], "a")
|
|
||||||
logSys.set_target(conf["logfile"])
|
|
||||||
except IOError:
|
|
||||||
logSys.error("Unable to log to " + conf["logfile"])
|
|
||||||
logSys.warn("Using default output for logging")
|
|
||||||
|
|
||||||
# Ignores IP list
|
# Ignores IP list
|
||||||
ignoreIPList = conf["ignoreip"].split(' ')
|
ignoreIPList = conf["ignoreip"].split(' ')
|
||||||
|
@ -291,8 +306,10 @@ def main():
|
||||||
element[1].addIgnoreIP("127.0.0.1")
|
element[1].addIgnoreIP("127.0.0.1")
|
||||||
while len(ignoreIPList) > 0:
|
while len(ignoreIPList) > 0:
|
||||||
ip = ignoreIPList.pop()
|
ip = ignoreIPList.pop()
|
||||||
for element in logFwList:
|
# Bug fix for #1239557
|
||||||
element[1].addIgnoreIP(ip)
|
if isValidIP(ip):
|
||||||
|
for element in logFwList:
|
||||||
|
element[1].addIgnoreIP(ip)
|
||||||
|
|
||||||
logSys.info("Fail2Ban v"+version+" is running")
|
logSys.info("Fail2Ban v"+version+" is running")
|
||||||
# Execute global start command
|
# Execute global start command
|
||||||
|
|
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.8.2.4 $
|
# $Revision: 1.8.2.5 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.8.2.4 $"
|
__version__ = "$Revision: 1.8.2.5 $"
|
||||||
__date__ = "$Date: 2005/07/12 13:08:24 $"
|
__date__ = "$Date: 2005/07/15 14:07:08 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
|
@ -37,12 +37,11 @@ class Firewall:
|
||||||
the IP.
|
the IP.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
banList = dict()
|
|
||||||
|
|
||||||
def __init__(self, banRule, unBanRule, banTime):
|
def __init__(self, banRule, unBanRule, banTime):
|
||||||
self.banRule = banRule
|
self.banRule = banRule
|
||||||
self.unBanRule = unBanRule
|
self.unBanRule = unBanRule
|
||||||
self.banTime = banTime
|
self.banTime = banTime
|
||||||
|
self.banList = dict()
|
||||||
|
|
||||||
def addBanIP(self, aInfo, debug):
|
def addBanIP(self, aInfo, debug):
|
||||||
""" Bans an IP.
|
""" Bans an IP.
|
||||||
|
|
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.13.2.2 $
|
# $Revision: 1.13.2.4 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.13.2.2 $"
|
__version__ = "$Revision: 1.13.2.4 $"
|
||||||
__date__ = "$Date: 2005/07/12 13:09:09 $"
|
__date__ = "$Date: 2005/07/23 09:07:53 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
|
@ -186,6 +186,12 @@ class LogReader:
|
||||||
"""
|
"""
|
||||||
date = list(time.strptime(value, self.timepattern))
|
date = list(time.strptime(value, self.timepattern))
|
||||||
if date[0] < 2000:
|
if date[0] < 2000:
|
||||||
|
# There is probably no year field in the logs
|
||||||
date[0] = time.gmtime()[0]
|
date[0] = time.gmtime()[0]
|
||||||
|
# Bug fix for #1241756
|
||||||
|
# If the date is greater than the current time, we suppose
|
||||||
|
# that the log is not from this year but from the year before
|
||||||
|
if time.mktime(date) > time.time():
|
||||||
|
date[0] -= 1
|
||||||
unixTime = time.mktime(date)
|
unixTime = time.mktime(date)
|
||||||
return unixTime
|
return unixTime
|
||||||
|
|
54
setup.py
54
setup.py
|
@ -18,25 +18,55 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.4.2.1 $
|
# $Revision: 1.4.2.2 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.4.2.1 $"
|
__version__ = "$Revision: 1.4.2.2 $"
|
||||||
__date__ = "$Date: 2005/07/07 16:57:05 $"
|
__date__ = "$Date: 2005/07/15 14:14:12 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
from distutils.core import setup
|
from distutils.core import setup
|
||||||
from version import version
|
from version import version
|
||||||
|
from os.path import isfile, join
|
||||||
|
from sys import exit, argv
|
||||||
|
|
||||||
setup(
|
setup(
|
||||||
name = "fail2ban",
|
name = "fail2ban",
|
||||||
version = version,
|
version = version,
|
||||||
description = "Ban IPs that make too many password failure",
|
description = "Ban IPs that make too many password failure",
|
||||||
author = "Cyril Jaquier",
|
author = "Cyril Jaquier",
|
||||||
author_email = "lostcontrol@users.sourceforge.net",
|
author_email = "lostcontrol@users.sourceforge.net",
|
||||||
url = "http://fail2ban.sourceforge.net",
|
url = "http://fail2ban.sourceforge.net",
|
||||||
scripts = ['fail2ban'],
|
scripts = ['fail2ban'],
|
||||||
py_modules = ['fail2ban', 'version','log4py'],
|
py_modules = ['fail2ban', 'version', 'log4py'],
|
||||||
packages = ['firewall', 'logreader', 'confreader', 'utils']
|
packages = ['firewall', 'logreader', 'confreader', 'utils']
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Do some checks after installation
|
||||||
|
# Search for obsolete files.
|
||||||
|
obsoleteFiles = []
|
||||||
|
elements = {"/usr/bin/": ["fail2ban.py"],
|
||||||
|
"/usr/lib/fail2ban/firewall/": ["iptables.py", "ipfwadm.py",
|
||||||
|
"ipfw.py"]}
|
||||||
|
for dir in elements:
|
||||||
|
for f in elements[dir]:
|
||||||
|
path = join(dir, f)
|
||||||
|
if isfile(path):
|
||||||
|
obsoleteFiles.append(path)
|
||||||
|
if obsoleteFiles:
|
||||||
|
print
|
||||||
|
print "Obsolete files from previous Fail2Ban versions were found on " \
|
||||||
|
"your system."
|
||||||
|
print "Please delete them:"
|
||||||
|
print
|
||||||
|
for f in obsoleteFiles:
|
||||||
|
print "\t" + f
|
||||||
|
print
|
||||||
|
|
||||||
|
# Update config file
|
||||||
|
if argv[1] == "install":
|
||||||
|
print
|
||||||
|
print "Please do not forget to update your configuration file."
|
||||||
|
print "Use config/fail2ban.conf.default as example."
|
||||||
|
print
|
||||||
|
|
18
utils/dns.py
18
utils/dns.py
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.7.2.1 $
|
# $Revision: 1.7.2.2 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.7.2.1 $"
|
__version__ = "$Revision: 1.7.2.2 $"
|
||||||
__date__ = "$Date: 2005/07/12 13:10:14 $"
|
__date__ = "$Date: 2005/07/22 21:11:42 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
|
@ -55,6 +55,15 @@ def searchIP(text):
|
||||||
else:
|
else:
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
def isValidIP(str):
|
||||||
|
""" Return true if str is a valid IP
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
socket.inet_aton(str)
|
||||||
|
return True
|
||||||
|
except socket.error:
|
||||||
|
return False
|
||||||
|
|
||||||
def textToIp(text):
|
def textToIp(text):
|
||||||
""" Return the IP of DNS found in a given text.
|
""" Return the IP of DNS found in a given text.
|
||||||
"""
|
"""
|
||||||
|
@ -62,7 +71,8 @@ def textToIp(text):
|
||||||
# Search for plain IP
|
# Search for plain IP
|
||||||
plainIP = searchIP(text)
|
plainIP = searchIP(text)
|
||||||
for element in plainIP:
|
for element in plainIP:
|
||||||
ipList.append(element)
|
if isValidIP(element):
|
||||||
|
ipList.append(element)
|
||||||
if not ipList:
|
if not ipList:
|
||||||
# Try to get IP from possible DNS
|
# Try to get IP from possible DNS
|
||||||
dnsList = textToDns(text)
|
dnsList = textToDns(text)
|
||||||
|
|
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.1.2.1 $
|
# $Revision: 1.1.2.2 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.1.2.1 $"
|
__version__ = "$Revision: 1.1.2.2 $"
|
||||||
__date__ = "$Date: 2005/07/07 16:53:47 $"
|
__date__ = "$Date: 2005/07/15 14:08:17 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
|
@ -76,9 +76,6 @@ def createDaemon():
|
||||||
# Ensure that the daemon doesn't keep any directory in use. Failure
|
# Ensure that the daemon doesn't keep any directory in use. Failure
|
||||||
# to do this could make a filesystem unmountable.
|
# to do this could make a filesystem unmountable.
|
||||||
os.chdir("/")
|
os.chdir("/")
|
||||||
# Give the child complete control over permissions.
|
|
||||||
# yoh: evil evil evil!
|
|
||||||
# os.umask(0)
|
|
||||||
else:
|
else:
|
||||||
os._exit(0) # Exit parent (the first child) of the second child.
|
os._exit(0) # Exit parent (the first child) of the second child.
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -16,12 +16,12 @@
|
||||||
|
|
||||||
# Author: Cyril Jaquier
|
# Author: Cyril Jaquier
|
||||||
#
|
#
|
||||||
# $Revision: 1.12.2.2 $
|
# $Revision: 1.12.2.4 $
|
||||||
|
|
||||||
__author__ = "Cyril Jaquier"
|
__author__ = "Cyril Jaquier"
|
||||||
__version__ = "$Revision: 1.12.2.2 $"
|
__version__ = "$Revision: 1.12.2.4 $"
|
||||||
__date__ = "$Date: 2005/07/12 13:12:40 $"
|
__date__ = "$Date: 2005/07/23 09:31:12 $"
|
||||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
|
||||||
__license__ = "GPL"
|
__license__ = "GPL"
|
||||||
|
|
||||||
version = "0.5.0"
|
version = "0.5.1"
|
||||||
|
|
Loading…
Reference in New Issue