github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Updated information 

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@51 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2005-02-18 21:45:34 +00:00
parent 2e5bfe5bb6
commit 78dab1db70
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README
View File

@ -4,13 +4,14 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.1.1) 10/23/2004
Fail2Ban (version 0.3.0) 02/??/2005
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too much password failures. It updates firewall
rules to reject the IP address. Currently sshd, iptables,
ipfw and ipfwadm are supported. It needs log4py.
rules to reject the IP address. Currently iptables, ipfw and
ipfwadm are supported. Fail2Ban can read multiple log files
such as sshd or Apache web server ones. It needs log4py.
This is my first Python program. I began learning Python for
less than one week so please be understanding ;-) English is
@ -31,17 +32,21 @@ some google searches, I found that sshd was not able of that.
So I search for a script or program that do it. Found
nothing :-( So I decide to write mine and to learn Python :-)
I read the log file (/var/log/pwdfail/current on metalog) and
search for a given pattern which indicates a login attempt.
Then I get the ip and if it has already done 3 or more
password failure in the last banTime, I ban the ip for
For each sections defined in the configuration file, Fail2Ban
tries to find lines which match the failregex. Then it
retrieves the message time using timeregex and timepattern.
It finally gets the ip and if it has already done 3 or more
password failures in the last banTime, the ip is banned for
banTime using a iptable rule. After banTime, the rule is
deleted.
Sections can be freely added so it is possible to monitor
several daemons at the same time.
Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with most syslog daemons and
services that require a login (sshd, telnetd, ...). It should
also support others firewalls than iptables.
is to make fail2ban usable with daemons and services that
require a login (sshd, telnetd, ...). It should also support
others firewalls than iptables.
Installation:
@ -52,8 +57,8 @@ Require: python-2.3 (http://www.python.org)
To install, just do:
> tar xvfj fail2ban-0.1.2.tar.bz2
> cd fail2ban-0.1.2
> tar xvfj fail2ban-0.3.0.tar.bz2
> cd fail2ban-0.3.0
> python setup.py install
This will install Fail2Ban into /usr/lib/fail2ban. The