github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Updated information 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@51 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2005-02-18 21:45:34 +00:00
parent 2e5bfe5bb6
commit 78dab1db70
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README
View File

@ -4,13 +4,14 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_| |_| \__,_|_|_/___|_.__/\__,_|_||_|
============================================================= =============================================================
Fail2Ban (version 0.1.1) 10/23/2004 Fail2Ban (version 0.3.0) 02/??/2005
============================================================= =============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too much password failures. It updates firewall that makes too much password failures. It updates firewall
rules to reject the IP address. Currently sshd, iptables, rules to reject the IP address. Currently iptables, ipfw and
ipfw and ipfwadm are supported. It needs log4py. ipfwadm are supported. Fail2Ban can read multiple log files
such as sshd or Apache web server ones. It needs log4py.
This is my first Python program. I began learning Python for This is my first Python program. I began learning Python for
less than one week so please be understanding ;-) English is less than one week so please be understanding ;-) English is
@ -31,17 +32,21 @@ some google searches, I found that sshd was not able of that.
So I search for a script or program that do it. Found So I search for a script or program that do it. Found
nothing :-( So I decide to write mine and to learn Python :-) nothing :-( So I decide to write mine and to learn Python :-)
I read the log file (/var/log/pwdfail/current on metalog) and For each sections defined in the configuration file, Fail2Ban
search for a given pattern which indicates a login attempt. tries to find lines which match the failregex. Then it
Then I get the ip and if it has already done 3 or more retrieves the message time using timeregex and timepattern.
password failure in the last banTime, I ban the ip for It finally gets the ip and if it has already done 3 or more
password failures in the last banTime, the ip is banned for
banTime using a iptable rule. After banTime, the rule is banTime using a iptable rule. After banTime, the rule is
deleted. deleted.
Sections can be freely added so it is possible to monitor
several daemons at the same time.
Runs on my server and does its job rather well :-) The idea Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with most syslog daemons and is to make fail2ban usable with daemons and services that
services that require a login (sshd, telnetd, ...). It should require a login (sshd, telnetd, ...). It should also support
also support others firewalls than iptables. others firewalls than iptables.
Installation: Installation:
@ -52,8 +57,8 @@ Require: python-2.3 (http://www.python.org)
To install, just do: To install, just do:
> tar xvfj fail2ban-0.1.2.tar.bz2 > tar xvfj fail2ban-0.3.0.tar.bz2
> cd fail2ban-0.1.2 > cd fail2ban-0.3.0
> python setup.py install > python setup.py install
This will install Fail2Ban into /usr/lib/fail2ban. The This will install Fail2Ban into /usr/lib/fail2ban. The