find Bot IPs in log file to firewall them
Project description
Tools to build Firewall Command for UFW from List of (Apache)-Log-files.
It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it does not change any Firewall-rules on your computer.
Installation
To install the latest release on PyPI, simply run:
pip install find2deny
Or to install the latest development version, run:
git clone [TODO] cd find2deny python setup.py install
Quick Tutorial
For example, you have a set of Apache Logfile in directory apache2: access.log.1, access.log.2, … The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like:
#!/bin/bash ufw deny from 1.2.3.4/0 to any ufw deny from 1.2.3.4/1 to any ...
Make a Configuration-File: Simple copy this configuration to a file, say config.toml
verbosity = "INFO" log_files = ["apache2/access.log.*"] log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"' database_path="./blocked-ip.sqlite" [[judgment]] name = "path-based-judgment" [judgment.rules] bot_request = [ "/?XDEBUG_SESSION_START=phpstorm", "/phpMyAdmin/", "/pma/", "/myadmin/", "/MyAdmin/", "/mahua/", "/wp-login", "/webdav/", "/help.php", "/java.php", "/db_pma.php", "/logon.php", "/help-e.php", "/hell.php", "/defect.php", "/webslee.php", "http://www.123cha.com/", "http://www.wujieliulan.com/", "http://www.epochtimes.com/", "http://www.ip.cn/", "www.baidu.com:443" ] [[judgment]] name = "time-based-judgment" [judgment.rules] max_request = 501 interval_seconds = 59 [[execution]] name = "ufw_cmd_script" [execution.rules] script = "./block-ip.sh"
Run script
find2deny-init-db blocked-ip.sqlite
to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration database_path in the file config.toml.
Run
find2deny-cli config.toml --verbosity=DEBUG
to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell to update your firewall.
Configuration
The syntax used in configuration file ist Toml. There are three sections in a configuration files, as you see above
Common Configuration
This section defines common configurations, such as how much infos should be printed onto console, ect.
Judgment
This section defines a list of Judgments. They are identified by name. At this time there are only two judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration. Judments are class, which uses rules defined in configuration to decide which IPs should be blocked.
Execution
This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for find2deny-0.1.13-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d0fd5976800d4da56510eeedd3c5a35c888cc6b07994213d28a445a9987ef493 |
|
MD5 | 5509ee4f54a6af7174f1afb152800c98 |
|
BLAKE2b-256 | 8f3459ab97e6e0f14ab54064b7aa53e1a76469323f85bd8fdc581fdf88170655 |