From e98f8c8182081bddea507e88068a2a4030f3ee1b Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Thu, 7 Jul 2005 16:55:50 +0000 Subject: [PATCH] - Updated git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_5@121 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- CHANGELOG | 5 ++++- README | 29 ++++++++++++++--------------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7969fd7a..3edb0931 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,8 +9,11 @@ Fail2Ban (version 0.?.?) ??/??/2005 ver. 0.?.? (??/??/2005) - ??? ---------- +- Remove interface option +- Added start and end commands in the configuration file. + Thanks to Yaroslav Halchenko - Added firewall rules definition in the configuration file -- Cleaned a bit fail2ban.py +- Cleaned fail2ban.py - Added an initd script for RedHat/Fedora. Thanks to Andrey G. Grozin diff --git a/README b/README index b88f1731..c23b9d5c 100644 --- a/README +++ b/README @@ -4,14 +4,14 @@ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= -Fail2Ban (version 0.4.1) 06/30/2005 +Fail2Ban (version 0.?.?) ??/??/2005 ============================================================= Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall -rules to reject the IP address. Currently iptables, ipfw and -ipfwadm are supported. Fail2Ban can read multiple log files -such as sshd or Apache web server ones. It needs log4py. +rules to reject the IP address. These rules can be defined by +the user. Fail2Ban can read multiple log files such as sshd +or Apache web server ones. It needs log4py. This is my first Python program. Moreover, English is not my mother tongue... @@ -36,18 +36,19 @@ tries to find lines which match the failregex. Then it retrieves the message time using timeregex and timepattern. It finally gets the ip and if it has already done 3 or more password failures in the last banTime, the ip is banned for -banTime using a firewall rule. After banTime, the rule is -deleted. Notice that if no "plain" ip is available, Fail2Ban -try to do DNS lookup in order to found one or several ip's to -ban. +banTime using a firewall rule. This rule is set by the user +in the configuration file. Thus, Fail2Ban can be adapted for +lots of firewall. After banTime, the rule is deleted. Notice +that if no "plain" ip is available, Fail2Ban try to do DNS +lookup in order to found one or several ip's to ban. Sections can be freely added so it is possible to monitor several daemons at the same time. Runs on my server and does its job rather well :-) The idea is to make fail2ban usable with daemons and services that -require a login (sshd, telnetd, ...). It should also support -others firewalls than iptables. +require a login (sshd, telnetd, ...) and with different +firewalls. Installation: @@ -65,7 +66,8 @@ To install, just do: This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban.py executable is placed into /usr/bin. -For Gentoo users, an ebuild is available on the website. +Gentoo: an ebuild is available on the website. +Debian: a package is available on the website. Fail2Ban should now be correctly installed. Just type: @@ -93,7 +95,6 @@ options: -b start fail2ban in background -d start fail2ban in debug mode - -e ban IP on the INTF interface -c read configuration file FILE -p create PID lock in FILE -h display this help message @@ -103,8 +104,6 @@ options: -r allow a max of VALUE password failure -t