Go to file
Cyril Jaquier ce5ea1fa23 - Moved hardcoded socket path to a class variable
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@309 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-28 20:16:32 +00:00
client - Moved hardcoded socket path to a class variable 2006-08-28 20:16:32 +00:00
config - Clean up configuration files 2006-08-20 21:34:55 +00:00
doc - Removed "utils" directory 2006-08-24 18:10:26 +00:00
files - Added Gentoo init.d script 2006-08-23 20:56:07 +00:00
server - Moved hardcoded socket path to a class variable 2006-08-28 20:16:32 +00:00
testcases - Updated setFailRegex() with group 2006-08-20 22:54:53 +00:00
CHANGELOG - Updated for 0.7.1 2006-08-23 21:03:47 +00:00
MANIFEST - Added Gentoo init.d script 2006-08-23 20:56:31 +00:00
README - Updated for 0.7.1 2006-08-23 21:03:47 +00:00
TODO - Updated TODO 2006-08-20 20:41:55 +00:00
fail2ban-client - Search "fail2ban-server" using PATH and if it fails, 2006-08-23 20:58:10 +00:00
fail2ban-server - Fixed startup and daemon mode 2006-08-23 19:53:09 +00:00
fail2ban-testcases - Removed test which depends on current time 2006-08-20 20:40:47 +00:00
kill-server - Initial commit of the new development release 0.7 2006-06-26 20:05:00 +00:00
setup.cfg - One step forward to 0.7.0 2006-07-08 16:51:14 +00:00
setup.py - Do not install "testcase" 2006-08-22 22:11:12 +00:00
version.py - Updated for 0.7.1 2006-08-23 21:03:47 +00:00

README

               __      _ _ ___ _               
              / _|__ _(_) |_  ) |__  __ _ _ _  
             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

=============================================================
Fail2Ban (version 0.7.1)                           2006/08/23
=============================================================

Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. These rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.

This is my first Python program. Moreover, English is not my
mother tongue...


More details:
-------------

Fail2Ban is rather simple. I have a home server connected to
the Internet which runs apache, samba, sshd, ... I see in my
logs that people are trying to log into my box using "manual"
brute force or scripts. They try 10, 20 and sometimes more
user/password (without success anyway). In order to
discourage these script kiddies, I wanted that sshd refuse
login from a specific ip after 3 password failures. After
some Google searches, I found that sshd was not able of that.
So I search for a script or program that do it. I found
nothing :-( So I decide to write mine and to learn Python :-)

For each sections defined in the configuration file, Fail2Ban
tries to find lines which match the failregex. Then it
retrieves the message time using timeregex and timepattern.
It finally gets the ip and if it has already done 3 or more
password failures in the last banTime, the ip is banned for
banTime using a firewall rule. This rule is set by the user
in the configuration file. Thus, Fail2Ban can be adapted for
lots of firewall. After banTime, the rule is deleted. Notice
that if no "plain" ip is available, Fail2Ban try to do DNS
lookup in order to found one or several ip's to ban.

Sections can be freely added so it is possible to monitor
several daemons at the same time.

Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with daemons and services that
require a login (sshd, telnetd, ...) and with different
firewalls.


Installation:
-------------

Require: python-2.4 (http://www.python.org)

To install, just do:

> tar xvfj fail2ban-0.7.1.tar.bz2
> cd fail2ban-0.7.1
> python setup.py install

This will install Fail2Ban into /usr/lib/fail2ban. The
executable scripts are placed into /usr/bin.

Gentoo: ebuilds are available on the website.
Debian: Fail2Ban is in Debian unstable.
RedHat: packages are available on the website.

Fail2Ban should now be correctly installed. Just type:

> fail2ban-client -h

to see if everything is alright.

Configuration:
--------------

You can configure fail2ban using the files in /etc/fail2ban
or using command line. Here are the available command line
options (not complete yet):

  <COMMAND>

    start                   start the server and the jails
    reload                  reload the configuration
    stop                    stop all jails and terminate the
                            server
    status                  get the current status

    set loglevel <LEVEL>    set loglevel to <LEVEL>
    get loglevel            get loglevel
    set logtarget <TARGET>  set log target to <TARGET>
    get logtarget           get log target

    add <JAIL>              create <JAIL>
    set <JAIL> <CMD>        set the <CMD> value for <JAIL>
    get <JAIL> <CMD>        get the <CMD> value for <JAIL>
    start <JAIL>            start <JAIL>
    stop <JAIL>             stop <JAIL>. The jail is removed
    status <JAIL>           get the current status of <JAIL>

  [OPTIONS]

    -c <DIR>                configuration directory
    -d                      dump configuration. For debugging
    -v                      increase verbosity
    -q                      decrease verbosity
    -x                      force execution of the server
    -h                      display this help message

Contact:
--------

You need some new features, you found bugs or you just
appreciate this program, you can contact me at :

Website: http://fail2ban.sourceforge.net

Cyril Jaquier: <lostcontrol@users.sourceforge.net>


Thanks:
-------

K<E9>vin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
Edgington, Patrick B<>rjesson, kojiro, zugeschmiert

License:
--------

Fail2Ban is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.

Fail2Ban is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.  See the GNU General Public License for more
details.

You should have received a copy of the GNU General Public
License along with Fail2Ban; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330,
Boston, MA  02111-1307  USA