find Bot IPs in log file to firewall them
Project description
Tools to build Firewall Command for UFW from List of (Apache)-Log-files.
It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it does not change any Firewall-rules on your computer.
Installation
To install the latest release on PyPI, simply run:
pip install find2deny
Or to install the latest development version, run:
git clone [TODO] cd find2deny python setup.py install
Quick Tutorial
For example, you have a set of Apache Logfile in directory apache2: access.log.1, access.log.2, … The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like:
#!/bin/bash ufw deny from 1.2.3.4/0 to any ufw deny from 1.2.3.4/1 to any ...
Make a Configuration-File: Simple copy this configuration to a file, say config.toml
verbosity = "INFO" log_files = ["apache2/access.log.*"] log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"' database_path="./blocked-ip.sqlite" [[judgment]] name = "path-based-judgment" [judgment.rules] bot_request = [ "/?XDEBUG_SESSION_START=phpstorm", "/phpMyAdmin/", "/pma/", "/myadmin/", "/MyAdmin/", "/mahua/", "/wp-login", "/webdav/", "/help.php", "/java.php", "/db_pma.php", "/logon.php", "/help-e.php", "/hell.php", "/defect.php", "/webslee.php", "http://www.123cha.com/", "http://www.wujieliulan.com/", "http://www.epochtimes.com/", "http://www.ip.cn/", "www.baidu.com:443" ] [[judgment]] name = "time-based-judgment" [judgment.rules] max_request = 501 interval_seconds = 59 [[execution]] name = "ufw_cmd_script" [execution.rules] script = "./block-ip.sh"
Run script
find2deny-init-db blocked-ip.sqlite
to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration database_path in the file config.toml.
Run
find2deny-cli config.toml --verbosity=DEBUG
to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell to update your firewall.
Configuration
The syntax used in configuration file ist Toml. There are three sections in a configuration files, as you see above
Common Configuration
This section defines common configurations, such as how much infos should be printed onto console, ect.
Judgment
This section defines a list of Judgments. They are identified by name. At this time there are only two judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration. Judments are class, which uses rules defined in configuration to decide which IPs should be blocked.
Execution
This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for find2deny-0.1.11.post1558601524.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | bb709f29f00a8361bad2f5a41709ca034885117c023ade621009099690c86697 |
|
MD5 | bcd9f7f800a174edf0b2d8866f9d31fd |
|
BLAKE2b-256 | 2a144e7d89fad6645e34556b520f42987c9d3f81ea908d8e51daa9e81ce3b22e |
Hashes for find2deny-0.1.11.post1558601524-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 76a43c053335ee64988c39a7dbb83af8d6247b694e96ed0c5b1758c33d9e738c |
|
MD5 | 807cbfc7a8f39f44b8fa3b073f3de76c |
|
BLAKE2b-256 | a2e48b94abcfce0ce2cb7a095f65e2bec1246b293a7f0c8530b475bde0fbe7f9 |