Skip to main content

find Bot IPs in log file to firewall them

Project description

Tools to build Firewall Command for UFW from List of (Apache)-Log-files.

It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it does not change any Firewall-rules on your computer.

Installation

To install the latest release on PyPI, simply run:

pip install find2deny

Or to install the latest development version, run:

git clone [TODO]
cd find2deny
python setup.py install

Quick Tutorial

For example, you have a set of Apache Logfile in directory apache2: access.log.1, access.log.2, … The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like:

#!/bin/bash
ufw deny from 1.2.3.4/0 to any
ufw deny from 1.2.3.4/1 to any
...
  1. Make a Configuration-File: Simple copy this configuration to a file, say config.toml

verbosity = "INFO"
log_files = ["apache2/access.log.*"]
log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"'
database_path="./blocked-ip.sqlite"


[[judgment]]
    name = "path-based-judgment"
    [judgment.rules]
        bot_request = [
            "/?XDEBUG_SESSION_START=phpstorm",
            "/phpMyAdmin/",
            "/pma/",
            "/myadmin/",
            "/MyAdmin/",
            "/mahua/",
            "/wp-login",
            "/webdav/",
            "/help.php",
            "/java.php",
            "/db_pma.php",
            "/logon.php",
            "/help-e.php",
            "/hell.php",
            "/defect.php",
            "/webslee.php",
            "http://www.123cha.com/",
            "http://www.wujieliulan.com/",
            "http://www.epochtimes.com/",
            "http://www.ip.cn/",
            "www.baidu.com:443"
        ]

[[judgment]]
    name = "time-based-judgment"
    [judgment.rules]
        max_request = 501
        interval_seconds = 59


[[execution]]
    name = "ufw_cmd_script"
    [execution.rules]
        script = "./block-ip.sh"
  1. Run script

find2deny-init-db blocked-ip.sqlite

to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration database_path in the file config.toml.

  1. Run

find2deny-cli config.toml --verbosity=DEBUG

to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell to update your firewall.

Configuration

The syntax used in configuration file ist Toml. There are three sections in a configuration files, as you see above

Common Configuration

This section defines common configurations, such as how much infos should be printed onto console, ect.

Judgment

This section defines a list of Judgments. They are identified by name. At this time there are only two judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration. Judments are class, which uses rules defined in configuration to decide which IPs should be blocked.

Execution

This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

find2deny-0.1.11.post1558601524.tar.gz (11.2 kB view details)

Uploaded Source

Built Distribution

find2deny-0.1.11.post1558601524-py3-none-any.whl (13.6 kB view details)

Uploaded Python 3

File details

Details for the file find2deny-0.1.11.post1558601524.tar.gz.

File metadata

  • Download URL: find2deny-0.1.11.post1558601524.tar.gz
  • Upload date:
  • Size: 11.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/39.1.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.7

File hashes

Hashes for find2deny-0.1.11.post1558601524.tar.gz
Algorithm Hash digest
SHA256 bb709f29f00a8361bad2f5a41709ca034885117c023ade621009099690c86697
MD5 bcd9f7f800a174edf0b2d8866f9d31fd
BLAKE2b-256 2a144e7d89fad6645e34556b520f42987c9d3f81ea908d8e51daa9e81ce3b22e

See more details on using hashes here.

File details

Details for the file find2deny-0.1.11.post1558601524-py3-none-any.whl.

File metadata

  • Download URL: find2deny-0.1.11.post1558601524-py3-none-any.whl
  • Upload date:
  • Size: 13.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/39.1.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.7

File hashes

Hashes for find2deny-0.1.11.post1558601524-py3-none-any.whl
Algorithm Hash digest
SHA256 76a43c053335ee64988c39a7dbb83af8d6247b694e96ed0c5b1758c33d9e738c
MD5 807cbfc7a8f39f44b8fa3b073f3de76c
BLAKE2b-256 a2e48b94abcfce0ce2cb7a095f65e2bec1246b293a7f0c8530b475bde0fbe7f9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page