Skip to content

hpb-htw/find2deny

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits
docs
docs
 
 
find2deny
find2deny
 
 
test-data
test-data
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.rst
README.rst
 
 
pytest.ini
pytest.ini
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

find2deny

Tools to build Firewall Command for UFW from List of (Apache)-Log-files.

It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it does not change any Firewall-rules on your computer.

Installation

To install the latest release on PyPI, simply run:

pip install find2deny

Or to install the latest development version, run:

git clone [TODO]
cd find2deny
python setup.py install

Quick Tutorial

For example, you have a set of Apache Log-files in a directory apache2 like

  • access.log
  • access.log.1,
  • access.log.2.gz,
  • ...

The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like

#!/bin/bash
ufw deny from 1.2.3.4/0 to any
ufw deny from 1.2.3.4/1 to any
...

  1. Make a Configuration-File: Simple copy this configuration to a file, say config.toml:

    verbosity = "INFO"
# Path to apache log files in system
log_files = ["apache2/access.log.*"]
# Log Pattern
log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"'
# temporary sqlite database
database_path="./blocked-ip.sqlite"


[[judgment]]
    name = "path-based-judgment"
    [judgment.rules]
        bot_request = [
            "/?XDEBUG_SESSION_START=phpstorm",
            "/phpMyAdmin/",
            "/pma/",
            "/myadmin/",
            "/MyAdmin/",
            "/mahua/",
            "/wp-login",
            "/webdav/",
            "/help.php",
            "/java.php",
            "/db_pma.php",
            "/logon.php",
            "/help-e.php",
            "/hell.php",
            "/defect.php",
            "/webslee.php",
            "http://www.123cha.com/",
            "http://www.wujieliulan.com/",
            "http://www.epochtimes.com/",
            "http://www.ip.cn/",
            "www.baidu.com:443"
        ]

[[judgment]]
    name = "time-based-judgment"
    [judgment.rules]
        max_request = 501
        interval_seconds = 10


[[execution]]
    name = "ufw_cmd_script"
    [execution.rules]
        script = "./block-ip.sh"

  2. Run script:

    find2deny-init-db blocked-ip.sqlite

    to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration database_path in the file config.toml.

  3. Run:

    find2deny-cli config.toml

    to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell to update your firewall.

Configuration

The syntax used in configuration file ist Toml. There are three sections in a configuration files, as you see above

Common Configuration

This section defines common configurations, such as how much infos should be printed onto console, ect.

Judgment

This section defines a list of Judgments. They are identified by name. At this time there are only two judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration.

Judgments are classes, which use rules defined in configuration to decide which IPs should be blocked. They extend the class AbstractIpJudgment.

Execution

This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.

About

Tools to build Firewall Command for UFW from List of (Apache)-Log-files.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages