mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Cyril Jaquier
0f6829bd64
|
19 years ago | |
---|---|---|
client | 19 years ago | |
config | ||
doc | ||
server | ||
testcases | 19 years ago | |
CHANGELOG | 19 years ago | |
MANIFEST | 19 years ago | |
README | 19 years ago | |
TODO | ||
fail2ban-client | 19 years ago | |
fail2ban-server | ||
fail2ban-testcases | ||
kill-server | ||
setup.cfg | ||
setup.py | 19 years ago | |
version.py | 19 years ago |
README
__ _ _ ___ _ / _|__ _(_) |_ ) |__ __ _ _ _ | _/ _` | | |/ /| '_ \/ _` | ' \ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= Fail2Ban (version 0.7.0) 2006/08/23 ============================================================= Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. This is my first Python program. Moreover, English is not my mother tongue... More details: ------------- Fail2Ban is rather simple. I have a home server connected to the Internet which runs apache, samba, sshd, ... I see in my logs that people are trying to log into my box using "manual" brute force or scripts. They try 10, 20 and sometimes more user/password (without success anyway). In order to discourage these script kiddies, I wanted that sshd refuse login from a specific ip after 3 password failures. After some Google searches, I found that sshd was not able of that. So I search for a script or program that do it. I found nothing :-( So I decide to write mine and to learn Python :-) For each sections defined in the configuration file, Fail2Ban tries to find lines which match the failregex. Then it retrieves the message time using timeregex and timepattern. It finally gets the ip and if it has already done 3 or more password failures in the last banTime, the ip is banned for banTime using a firewall rule. This rule is set by the user in the configuration file. Thus, Fail2Ban can be adapted for lots of firewall. After banTime, the rule is deleted. Notice that if no "plain" ip is available, Fail2Ban try to do DNS lookup in order to found one or several ip's to ban. Sections can be freely added so it is possible to monitor several daemons at the same time. Runs on my server and does its job rather well :-) The idea is to make fail2ban usable with daemons and services that require a login (sshd, telnetd, ...) and with different firewalls. Installation: ------------- Require: python-2.4 (http://www.python.org) To install, just do: > tar xvfj fail2ban-0.7.0.tar.bz2 > cd fail2ban-0.7.0 > python setup.py install This will install Fail2Ban into /usr/lib/fail2ban. The executable scripts are placed into /usr/bin. Gentoo: ebuilds are available on the website. Debian: Fail2Ban is in Debian unstable. RedHat: packages are available on the website. Fail2Ban should now be correctly installed. Just type: > fail2ban-client -h to see if everything is alright. Configuration: -------------- You can configure fail2ban using the files in /etc/fail2ban or using command line. Here are the available command line options (not complete yet): <COMMAND> start start the server and the jails reload reload the configuration stop stop all jails and terminate the server status get the current status set loglevel <LEVEL> set loglevel to <LEVEL> get loglevel get loglevel set logtarget <TARGET> set log target to <TARGET> get logtarget get log target add <JAIL> create <JAIL> set <JAIL> <CMD> set the <CMD> value for <JAIL> get <JAIL> <CMD> get the <CMD> value for <JAIL> start <JAIL> start <JAIL> stop <JAIL> stop <JAIL>. The jail is removed status <JAIL> get the current status of <JAIL> [OPTIONS] -c <DIR> configuration directory -d dump configuration. For debugging -v increase verbosity -q decrease verbosity -x force execution of the server -h display this help message Contact: -------- You need some new features, you found bugs or you just appreciate this program, you can contact me at : Website: http://fail2ban.sourceforge.net Cyril Jaquier: <lostcontrol@users.sourceforge.net> Thanks: ------- K<E9>vin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko, Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark Edgington, Patrick B<>rjesson, kojiro, zugeschmiert License: -------- Fail2Ban is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Fail2Ban is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Fail2Ban; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA