From df26a74d53c448e187ebff1ec326be39f1dc1902 Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Sun, 10 Sep 2006 20:53:21 +0000 Subject: [PATCH] - Updated git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@346 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- CHANGELOG | 6 +++--- MANIFEST | 23 ++++++++++++----------- README | 51 ++++++++------------------------------------------- TODO | 10 ++++++---- 4 files changed, 29 insertions(+), 61 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e213aa31..7385fe44 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,10 +4,10 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.7.2) 2006/??/?? +Fail2Ban (version 0.7.2) 2006/09/10 ============================================================= -ver. 0.7.2 (2006/??/??) - ??? +ver. 0.7.2 (2006/09/10) - beta ---------- - Refactoring and code cleanup - Improved client output @@ -21,7 +21,7 @@ ver. 0.7.2 (2006/??/??) - ??? - Added "fail2ban-regex". This is a tool to help finding "failregex" - Improved server communication. Start a new thread for each - incoming request + incoming request. Fail2ban is not really thread-safe yet ver. 0.7.1 (2006/08/23) - alpha ---------- diff --git a/MANIFEST b/MANIFEST index f3880d47..62101b22 100644 --- a/MANIFEST +++ b/MANIFEST @@ -5,11 +5,11 @@ fail2ban-client fail2ban-server fail2ban-testcases fail2ban-regex -client/beautifier.py client/configreader.py client/jailreader.py client/fail2banreader.py client/jailsreader.py +client/beautifier.py client/filterreader.py client/actionreader.py client/__init__.py @@ -18,43 +18,44 @@ client/csocket.py server/ssocket.py server/banticket.py server/filter.py -server/datedetector.py -server/datetemplate.py server/server.py +server/datestrptime.py server/failticket.py server/actions.py +server/datetai64n.py server/faildata.py server/failmanager.py +server/datedetector.py server/jailthread.py server/transmitter.py server/action.py server/ticket.py server/jail.py server/__init__.py +server/dateepoch.py server/banmanager.py -setup.py -setup.cfg +server/datetemplate.py testcases/banmanagertestcase.py testcases/failmanagertestcase.py testcases/clientreadertestcase.py testcases/filtertestcase.py testcases/__init__.py +testcases/datedetectortestcase.py testcases/servertestcase.py -testcases/files/testcase01.log -testcases/files/testcase02.log +setup.py +setup.cfg version.py config/jail.conf +config/filter.d/postfix.conf config/filter.d/vsftpd.conf config/filter.d/apache-auth.conf -config/filter.d/sshd.conf -config/filter.d/couriersmtp.conf config/filter.d/qmail.conf -config/filter.d/postfix.conf +config/filter.d/couriersmtp.conf +config/filter.d/sshd.conf config/action.d/iptables.conf config/action.d/mail-whois.conf config/action.d/dummy.conf config/action.d/mail.conf -config/action.d/mail-report.conf config/action.d/hostsdeny.conf config/fail2ban.conf files/gentoo-initd diff --git a/README b/README index e5516b60..e80123c1 100644 --- a/README +++ b/README @@ -4,7 +4,7 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.7.1) 2006/08/23 +Fail2Ban (version 0.7.2) 2006/09/10 ============================================================= Fail2Ban scans log files like /var/log/pwdfail and bans IP @@ -13,43 +13,8 @@ rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. -This is my first Python program. Moreover, English is not my -mother tongue... - - -More details: -------------- - -Fail2Ban is rather simple. I have a home server connected to -the Internet which runs apache, samba, sshd, ... I see in my -logs that people are trying to log into my box using "manual" -brute force or scripts. They try 10, 20 and sometimes more -user/password (without success anyway). In order to -discourage these script kiddies, I wanted that sshd refuse -login from a specific ip after 3 password failures. After -some Google searches, I found that sshd was not able of that. -So I search for a script or program that do it. I found -nothing :-( So I decide to write mine and to learn Python :-) - -For each sections defined in the configuration file, Fail2Ban -tries to find lines which match the failregex. Then it -retrieves the message time using timeregex and timepattern. -It finally gets the ip and if it has already done 3 or more -password failures in the last banTime, the ip is banned for -banTime using a firewall rule. This rule is set by the user -in the configuration file. Thus, Fail2Ban can be adapted for -lots of firewall. After banTime, the rule is deleted. Notice -that if no "plain" ip is available, Fail2Ban try to do DNS -lookup in order to found one or several ip's to ban. - -Sections can be freely added so it is possible to monitor -several daemons at the same time. - -Runs on my server and does its job rather well :-) The idea -is to make fail2ban usable with daemons and services that -require a login (sshd, telnetd, ...) and with different -firewalls. - +Documentation, FAQ, HOWTOs are available on the project +website: http://fail2ban.sourceforge.net Installation: ------------- @@ -58,8 +23,8 @@ Require: python-2.4 (http://www.python.org) To install, just do: -> tar xvfj fail2ban-0.7.1.tar.bz2 -> cd fail2ban-0.7.1 +> tar xvfj fail2ban-0.7.2.tar.bz2 +> cd fail2ban-0.7.2 > python setup.py install This will install Fail2Ban into /usr/lib/fail2ban. The @@ -106,6 +71,7 @@ options (not complete yet): -c configuration directory -d dump configuration. For debugging + -i interactive mode -v increase verbosity -q decrease verbosity -x force execution of the server @@ -121,14 +87,13 @@ Website: http://fail2ban.sourceforge.net Cyril Jaquier: - Thanks: ------- -Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, +KĂ©vin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko, Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark -Edgington, Patrick Börjesson, kojiro, zugeschmiert +Edgington, Patrick Börjesson, kojiro, zugeschmiert License: -------- diff --git a/TODO b/TODO index 5e9be5e0..3a9d37d3 100644 --- a/TODO +++ b/TODO @@ -13,7 +13,9 @@ Legend: # partially done * done -- Is there a do...while loop in Python? For interactive mode +- Verify TAI64N + +* Is there a do...while loop in Python? For interactive mode # implement all get/set functions @@ -23,7 +25,7 @@ Legend: * add a reload option to fail2ban-client -- see Feature Request Tracking System at SourceForge.net +# see Feature Request Tracking System at SourceForge.net * findall in dns.py should be no more needed @@ -39,7 +41,7 @@ Legend: * better configuration files -- add a check to see if the time of the log messages is +* add a check to see if the time of the log messages is correctly detected (valid regexp) * remove debug mode (root check) @@ -95,7 +97,7 @@ Legend: Should we start one thread per file or just one thread per serivce? -- autodetect date format in log file. Match the most popular +# autodetect date format in log file. Match the most popular format and sort them using the hit ratio. Should avoid user problem with regex and not have a big impact on perfs.