Skip to main content

find Bot IPs in log file to firewall them

Project description

Tools to build Firewall Command for UFW from List of (Apache)-Log-files.

It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it does not change any Firewall-rules on your computer.

Installation

To install the latest release on PyPI, simply run:

pip install find2deny

Or to install the latest development version, run:

git clone [TODO]
cd find2deny
python setup.py install

Quick Tutorial

For example, you have a set of Apache Logfile in directory apache2: access.log.1, access.log.2, … The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like:

#!/bin/bash
ufw deny from 1.2.3.4/0 to any
ufw deny from 1.2.3.4/1 to any
...
  1. Make a Configuration-File: Simple copy this configuration to a file, say config.toml

verbosity = "INFO"
log_files = ["apache2/access.log.*"]
log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"'
database_path="./blocked-ip.sqlite"


[[judgment]]
    name = "path-based-judgment"
    [judgment.rules]
        bot_request = [
            "/?XDEBUG_SESSION_START=phpstorm",
            "/phpMyAdmin/",
            "/pma/",
            "/myadmin/",
            "/MyAdmin/",
            "/mahua/",
            "/wp-login",
            "/webdav/",
            "/help.php",
            "/java.php",
            "/db_pma.php",
            "/logon.php",
            "/help-e.php",
            "/hell.php",
            "/defect.php",
            "/webslee.php",
            "http://www.123cha.com/",
            "http://www.wujieliulan.com/",
            "http://www.epochtimes.com/",
            "http://www.ip.cn/",
            "www.baidu.com:443"
        ]

[[judgment]]
    name = "time-based-judgment"
    [judgment.rules]
        max_request = 501
        interval_seconds = 59


[[execution]]
    name = "ufw_cmd_script"
    [execution.rules]
        script = "./block-ip.sh"
  1. Run script

find2deny-init-db blocked-ip.sqlite

to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration database_path in the file config.toml.

  1. Run

find2deny-cli config.toml --verbosity=DEBUG

to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell to update your firewall.

Configuration

The syntax used in configuration file ist Toml. There are three sections in a configuration files, as you see above

Common Configuration

This section defines common configurations, such as how much infos should be printed onto console, ect.

Judgment

This section defines a list of Judgments. They are identified by name. At this time there are only two judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration. Judments are class, which uses rules defined in configuration to decide which IPs should be blocked.

Execution

This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

find2deny-0.1.7.post1558426258.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

find2deny-0.1.7.post1558426258-py3-none-any.whl (13.5 kB view details)

Uploaded Python 3

File details

Details for the file find2deny-0.1.7.post1558426258.tar.gz.

File metadata

  • Download URL: find2deny-0.1.7.post1558426258.tar.gz
  • Upload date:
  • Size: 10.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/39.1.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.7

File hashes

Hashes for find2deny-0.1.7.post1558426258.tar.gz
Algorithm Hash digest
SHA256 98cd2f54ef102454d7cbfe058bc476c3668e883da9b7d0cc2efb112968678d75
MD5 f971ad119e4bf91a253c1537ea3af506
BLAKE2b-256 7f0f4660723732b6de9c83cb3dce86797ae1df664d2d29580be4d21c3ef22b60

See more details on using hashes here.

File details

Details for the file find2deny-0.1.7.post1558426258-py3-none-any.whl.

File metadata

  • Download URL: find2deny-0.1.7.post1558426258-py3-none-any.whl
  • Upload date:
  • Size: 13.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/39.1.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.7

File hashes

Hashes for find2deny-0.1.7.post1558426258-py3-none-any.whl
Algorithm Hash digest
SHA256 2c8cadc46638da98480d7bd21d226051806617ef1ae7883c23d5e5bd580dac84
MD5 8d993c3f1a44d0e4da9370c848a5b44a
BLAKE2b-256 93c7c57057756ca18d5fb336a4f692c2763e0048f307ddc151c5b79aa35a48ff

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page