mirror of https://github.com/fail2ban/fail2ban
152 lines
5.1 KiB
Plaintext
152 lines
5.1 KiB
Plaintext
__ _ _ ___ _
|
||
/ _|__ _(_) |_ ) |__ __ _ _ _
|
||
| _/ _` | | |/ /| '_ \/ _` | ' \
|
||
|_| \__,_|_|_/___|_.__/\__,_|_||_|
|
||
|
||
=============================================================
|
||
Fail2Ban (version 0.7.1) 2006/08/23
|
||
=============================================================
|
||
|
||
Fail2Ban scans log files like /var/log/pwdfail and bans IP
|
||
that makes too many password failures. It updates firewall
|
||
rules to reject the IP address. These rules can be defined by
|
||
the user. Fail2Ban can read multiple log files such as sshd
|
||
or Apache web server ones.
|
||
|
||
This is my first Python program. Moreover, English is not my
|
||
mother tongue...
|
||
|
||
|
||
More details:
|
||
-------------
|
||
|
||
Fail2Ban is rather simple. I have a home server connected to
|
||
the Internet which runs apache, samba, sshd, ... I see in my
|
||
logs that people are trying to log into my box using "manual"
|
||
brute force or scripts. They try 10, 20 and sometimes more
|
||
user/password (without success anyway). In order to
|
||
discourage these script kiddies, I wanted that sshd refuse
|
||
login from a specific ip after 3 password failures. After
|
||
some Google searches, I found that sshd was not able of that.
|
||
So I search for a script or program that do it. I found
|
||
nothing :-( So I decide to write mine and to learn Python :-)
|
||
|
||
For each sections defined in the configuration file, Fail2Ban
|
||
tries to find lines which match the failregex. Then it
|
||
retrieves the message time using timeregex and timepattern.
|
||
It finally gets the ip and if it has already done 3 or more
|
||
password failures in the last banTime, the ip is banned for
|
||
banTime using a firewall rule. This rule is set by the user
|
||
in the configuration file. Thus, Fail2Ban can be adapted for
|
||
lots of firewall. After banTime, the rule is deleted. Notice
|
||
that if no "plain" ip is available, Fail2Ban try to do DNS
|
||
lookup in order to found one or several ip's to ban.
|
||
|
||
Sections can be freely added so it is possible to monitor
|
||
several daemons at the same time.
|
||
|
||
Runs on my server and does its job rather well :-) The idea
|
||
is to make fail2ban usable with daemons and services that
|
||
require a login (sshd, telnetd, ...) and with different
|
||
firewalls.
|
||
|
||
|
||
Installation:
|
||
-------------
|
||
|
||
Require: python-2.4 (http://www.python.org)
|
||
|
||
To install, just do:
|
||
|
||
> tar xvfj fail2ban-0.7.1.tar.bz2
|
||
> cd fail2ban-0.7.1
|
||
> python setup.py install
|
||
|
||
This will install Fail2Ban into /usr/lib/fail2ban. The
|
||
executable scripts are placed into /usr/bin.
|
||
|
||
Gentoo: ebuilds are available on the website.
|
||
Debian: Fail2Ban is in Debian unstable.
|
||
RedHat: packages are available on the website.
|
||
|
||
Fail2Ban should now be correctly installed. Just type:
|
||
|
||
> fail2ban-client -h
|
||
|
||
to see if everything is alright.
|
||
|
||
Configuration:
|
||
--------------
|
||
|
||
You can configure fail2ban using the files in /etc/fail2ban
|
||
or using command line. Here are the available command line
|
||
options (not complete yet):
|
||
|
||
<COMMAND>
|
||
|
||
start start the server and the jails
|
||
reload reload the configuration
|
||
stop stop all jails and terminate the
|
||
server
|
||
status get the current status
|
||
|
||
set loglevel <LEVEL> set loglevel to <LEVEL>
|
||
get loglevel get loglevel
|
||
set logtarget <TARGET> set log target to <TARGET>
|
||
get logtarget get log target
|
||
|
||
add <JAIL> create <JAIL>
|
||
set <JAIL> <CMD> set the <CMD> value for <JAIL>
|
||
get <JAIL> <CMD> get the <CMD> value for <JAIL>
|
||
start <JAIL> start <JAIL>
|
||
stop <JAIL> stop <JAIL>. The jail is removed
|
||
status <JAIL> get the current status of <JAIL>
|
||
|
||
[OPTIONS]
|
||
|
||
-c <DIR> configuration directory
|
||
-d dump configuration. For debugging
|
||
-v increase verbosity
|
||
-q decrease verbosity
|
||
-x force execution of the server
|
||
-h display this help message
|
||
|
||
Contact:
|
||
--------
|
||
|
||
You need some new features, you found bugs or you just
|
||
appreciate this program, you can contact me at :
|
||
|
||
Website: http://fail2ban.sourceforge.net
|
||
|
||
Cyril Jaquier: <lostcontrol@users.sourceforge.net>
|
||
|
||
|
||
Thanks:
|
||
-------
|
||
|
||
K<EFBFBD>vin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
|
||
Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
|
||
Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
|
||
Edgington, Patrick B<>rjesson, kojiro, zugeschmiert
|
||
|
||
License:
|
||
--------
|
||
|
||
Fail2Ban is free software; you can redistribute it
|
||
and/or modify it under the terms of the GNU General Public
|
||
License as published by the Free Software Foundation; either
|
||
version 2 of the License, or (at your option) any later
|
||
version.
|
||
|
||
Fail2Ban is distributed in the hope that it will be
|
||
useful, but WITHOUT ANY WARRANTY; without even the implied
|
||
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||
PURPOSE. See the GNU General Public License for more
|
||
details.
|
||
|
||
You should have received a copy of the GNU General Public
|
||
License along with Fail2Ban; if not, write to the Free
|
||
Software Foundation, Inc., 59 Temple Place, Suite 330,
|
||
Boston, MA 02111-1307 USA
|