git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@346 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.x
Cyril Jaquier 18 years ago
parent 4eb611dd46
commit df26a74d53

@ -4,10 +4,10 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.7.2) 2006/??/??
Fail2Ban (version 0.7.2) 2006/09/10
=============================================================
ver. 0.7.2 (2006/??/??) - ???
ver. 0.7.2 (2006/09/10) - beta
----------
- Refactoring and code cleanup
- Improved client output
@ -21,7 +21,7 @@ ver. 0.7.2 (2006/??/??) - ???
- Added "fail2ban-regex". This is a tool to help finding
"failregex"
- Improved server communication. Start a new thread for each
incoming request
incoming request. Fail2ban is not really thread-safe yet
ver. 0.7.1 (2006/08/23) - alpha
----------

@ -5,11 +5,11 @@ fail2ban-client
fail2ban-server
fail2ban-testcases
fail2ban-regex
client/beautifier.py
client/configreader.py
client/jailreader.py
client/fail2banreader.py
client/jailsreader.py
client/beautifier.py
client/filterreader.py
client/actionreader.py
client/__init__.py
@ -18,43 +18,44 @@ client/csocket.py
server/ssocket.py
server/banticket.py
server/filter.py
server/datedetector.py
server/datetemplate.py
server/server.py
server/datestrptime.py
server/failticket.py
server/actions.py
server/datetai64n.py
server/faildata.py
server/failmanager.py
server/datedetector.py
server/jailthread.py
server/transmitter.py
server/action.py
server/ticket.py
server/jail.py
server/__init__.py
server/dateepoch.py
server/banmanager.py
setup.py
setup.cfg
server/datetemplate.py
testcases/banmanagertestcase.py
testcases/failmanagertestcase.py
testcases/clientreadertestcase.py
testcases/filtertestcase.py
testcases/__init__.py
testcases/datedetectortestcase.py
testcases/servertestcase.py
testcases/files/testcase01.log
testcases/files/testcase02.log
setup.py
setup.cfg
version.py
config/jail.conf
config/filter.d/postfix.conf
config/filter.d/vsftpd.conf
config/filter.d/apache-auth.conf
config/filter.d/sshd.conf
config/filter.d/couriersmtp.conf
config/filter.d/qmail.conf
config/filter.d/postfix.conf
config/filter.d/couriersmtp.conf
config/filter.d/sshd.conf
config/action.d/iptables.conf
config/action.d/mail-whois.conf
config/action.d/dummy.conf
config/action.d/mail.conf
config/action.d/mail-report.conf
config/action.d/hostsdeny.conf
config/fail2ban.conf
files/gentoo-initd

@ -4,7 +4,7 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.7.1) 2006/08/23
Fail2Ban (version 0.7.2) 2006/09/10
=============================================================
Fail2Ban scans log files like /var/log/pwdfail and bans IP
@ -13,43 +13,8 @@ rules to reject the IP address. These rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.
This is my first Python program. Moreover, English is not my
mother tongue...
More details:
-------------
Fail2Ban is rather simple. I have a home server connected to
the Internet which runs apache, samba, sshd, ... I see in my
logs that people are trying to log into my box using "manual"
brute force or scripts. They try 10, 20 and sometimes more
user/password (without success anyway). In order to
discourage these script kiddies, I wanted that sshd refuse
login from a specific ip after 3 password failures. After
some Google searches, I found that sshd was not able of that.
So I search for a script or program that do it. I found
nothing :-( So I decide to write mine and to learn Python :-)
For each sections defined in the configuration file, Fail2Ban
tries to find lines which match the failregex. Then it
retrieves the message time using timeregex and timepattern.
It finally gets the ip and if it has already done 3 or more
password failures in the last banTime, the ip is banned for
banTime using a firewall rule. This rule is set by the user
in the configuration file. Thus, Fail2Ban can be adapted for
lots of firewall. After banTime, the rule is deleted. Notice
that if no "plain" ip is available, Fail2Ban try to do DNS
lookup in order to found one or several ip's to ban.
Sections can be freely added so it is possible to monitor
several daemons at the same time.
Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with daemons and services that
require a login (sshd, telnetd, ...) and with different
firewalls.
Documentation, FAQ, HOWTOs are available on the project
website: http://fail2ban.sourceforge.net
Installation:
-------------
@ -58,8 +23,8 @@ Require: python-2.4 (http://www.python.org)
To install, just do:
> tar xvfj fail2ban-0.7.1.tar.bz2
> cd fail2ban-0.7.1
> tar xvfj fail2ban-0.7.2.tar.bz2
> cd fail2ban-0.7.2
> python setup.py install
This will install Fail2Ban into /usr/lib/fail2ban. The
@ -106,6 +71,7 @@ options (not complete yet):
-c <DIR> configuration directory
-d dump configuration. For debugging
-i interactive mode
-v increase verbosity
-q decrease verbosity
-x force execution of the server
@ -121,14 +87,13 @@ Website: http://fail2ban.sourceforge.net
Cyril Jaquier: <lostcontrol@users.sourceforge.net>
Thanks:
-------
Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
Edgington, Patrick Börjesson, kojiro, zugeschmiert
Edgington, Patrick Börjesson, kojiro, zugeschmiert
License:
--------

10
TODO

@ -13,7 +13,9 @@ Legend:
# partially done
* done
- Is there a do...while loop in Python? For interactive mode
- Verify TAI64N
* Is there a do...while loop in Python? For interactive mode
# implement all get/set functions
@ -23,7 +25,7 @@ Legend:
* add a reload option to fail2ban-client
- see Feature Request Tracking System at SourceForge.net
# see Feature Request Tracking System at SourceForge.net
* findall in dns.py should be no more needed
@ -39,7 +41,7 @@ Legend:
* better configuration files
- add a check to see if the time of the log messages is
* add a check to see if the time of the log messages is
correctly detected (valid regexp)
* remove debug mode (root check)
@ -95,7 +97,7 @@ Legend:
Should we start one thread per file or just one thread per
serivce?
- autodetect date format in log file. Match the most popular
# autodetect date format in log file. Match the most popular
format and sort them using the hit ratio. Should avoid
user problem with regex and not have a big impact on perfs.

Loading…
Cancel
Save