github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 Commits
32 Branches
229 Tags
17 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a562542523'
${ noResults }
Go to file
Cyril Jaquier a562542523
- Remove posix from import 		20 years ago
config - Add firewall and interface options 20 years ago
firewall - Initial import 20 years ago
log-test - update some dates 20 years ago
logreader - Remove this file has it is no more necessary. Fail2Ban seems to be more services dependant than syslog daemons 20 years ago
CHANGELOG - Update current changes 20 years ago
MANIFEST - Add firewall/ipfw.py and firewall/ipfwadm.py 20 years ago
README - Fail2ban now support ipfw and ipfwadm 20 years ago
fail2ban.py - Remove posix from import 20 years ago
setup.cfg - Setup and dist files 20 years ago
setup.py - Setup and dist files 20 years ago
version.py - Change to CVS version 20 years ago

README
Escape 

               __      _ _ ___ _               
              / _|__ _(_) |_  ) |__  __ _ _ _  
             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

=============================================================
Fail2Ban (version 0.1.1)                           10/23/2004
=============================================================

Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too much password failures. It updates firewall
rules to reject the IP address. Currently sshd, iptables,
ipfw and ipfwadm are supported. It needs log4py.

This is my first Python program. I began learning Python for
less than one week so please be understanding ;-) English is
not either my mother tongue...


More details:
-------------

Fail2Ban is rather simple. I have a home server connected to
the Internet which runs apache, samba, sshd, ... I see in my
logs that people are trying to log into my box using "manual"
brute force or scripts. They try 10, 20 and sometimes more
user/password (without success anyway). In order to
discourage these script kiddies, I wanted that sshd refuse
login from a specific ip after 3 password failures. After
some google searches, I found that sshd was not able of that.
So I search for a script or program that do it. Found
nothing :-( So I decide to write mine and to learn Python :-)

I read the log file (/var/log/pwdfail/current on metalog) and
search for a given pattern which indicates a login attempt.
Then I get the ip and if it has already done 3 or more
password failure in the last banTime, I ban the ip for
banTime using a iptable rule. After banTime, the rule is
deleted.

Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with most syslog daemons and
services that require a login (sshd, telnetd, ...). It should
also support others firewalls than iptables.


Installation:
-------------

Require: python-2.3 (http://www.python.org)
         log4py-1.1 (http://sourceforge.net/projects/log4py)

To install, just do:

> tar xvfj fail2ban-0.1.1.tar.bz2
> cd fail2ban-0.1.1
> python setup.py install

This will install Fail2Ban into /usr/lib/fail2ban. The
fail2ban.py executable is placed into /usr/bin.

Fail2Ban should now be correctly installed. Just type:

> fail2ban.py -h

to see if everything is alright. You can configure fail2ban
with a config file. Copy config/fail2ban.conf.default to
/etc/fail2ban.conf.


Configuration:
--------------

You can configure fail2ban using the file /etc/fail2ban.conf
or using command line options. Command line options override
the value stored in fail2ban.conf. Here are the command line
options:

  -b         start fail2ban in background
  -d         start fail2ban in debug mode
  -e <INTF>  ban IP on the INTF interface
  -f <FILE>  read password failure from FILE
  -h         display this help message
  -i <IP(s)> IP(s) to ignore
  -l <FILE>  log message in FILE
  -r <VALUE> allow a max of VALUE password failure
  -t <TIME>  ban IP for TIME seconds
  -v         verbose
  -w <FIWA>  select the firewall to use. Can be iptables,
             ipfwadm or ipfw

Contact:
--------

You need some new features, you found bugs or you just
appreciate this program, you can contact me at :

Website: http://www.sourceforge.net/projects/fail2ban

Cyril Jaquier: <lostcontrol@users.sourceforge.net>


Thanks:
-------

K<E9>vin Drapel, Marvin Rouge, Sireyessire, Robert Edeker


License:
--------

Fail2Ban is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.

Fail2Ban is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.  See the GNU General Public License for more
details.

You should have received a copy of the GNU General Public
License along with Fail2Ban; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330,
Boston, MA  02111-1307  USA