find2deny
Tools to build Firewall Command for UFW from List of (Apache)-Log-files.
It creates a file block-ip.sh which contains Linux UWF-Command to block IP-network, but it
does not change any Firewall-rules on your computer.
To install the latest release on PyPI <https://pypi.org/project/find2deny/>_,
simply run:
::
pip install find2deny
Or to install the latest development version, run:
::
git clone [TODO] cd find2deny python setup.py install
For example, you have a set of Apache Log-files in a directory apache2 like
access.logaccess.log.1,access.log.2.gz,The python script find2deny-cli can create a shell-Script block-ip.sh which contains commands like
::
#!/bin/bash
ufw deny from 1.2.3.4/0 to any
ufw deny from 1.2.3.4/1 to any
...
Make a Configuration-File: Simple copy this configuration to a file, say config.toml::
verbosity = "INFO"
# Path to apache log files in system
log_files = ["apache2/access.log.*"]
# Log Pattern
log_pattern = '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"'
# temporary sqlite database
database_path="./blocked-ip.sqlite"
[[judgment]]
name = "path-based-judgment"
[judgment.rules]
bot_request = [
"/?XDEBUG_SESSION_START=phpstorm",
"/phpMyAdmin/",
"/pma/",
"/myadmin/",
"/MyAdmin/",
"/mahua/",
"/wp-login",
"/webdav/",
"/help.php",
"/java.php",
"/db_pma.php",
"/logon.php",
"/help-e.php",
"/hell.php",
"/defect.php",
"/webslee.php",
"http://www.123cha.com/",
"http://www.wujieliulan.com/",
"http://www.epochtimes.com/",
"http://www.ip.cn/",
"www.baidu.com:443"
]
[[judgment]]
name = "time-based-judgment"
[judgment.rules]
max_request = 501
interval_seconds = 10
[[execution]]
name = "ufw_cmd_script"
[execution.rules]
script = "./block-ip.sh"
Run script::
find2deny-init-db blocked-ip.sqlite
to create a Sqlite-Database in file blocked-ip.sqlite. The filename must match the configuration
database_path in the file config.toml.
Run::
find2deny-cli config.toml
to create file block-ip.sh. Then you can examinate the file block-ip.sh and run it from your shell
to update your firewall.
The syntax used in configuration file ist Toml <https://github.com/toml-lang/toml>_. There are three
sections in a configuration files, as you see above
This section defines common configurations, such as how much infos should be printed onto console, ect.
This section defines a list of Judgments. They are identified by name. At this time there are only two
judments: path-based-judgment and time-based-judgment. Each judgment has its owns configuration.
Judgments are classes, which use rules defined in configuration to decide which IPs should be blocked.
They extend the class AbstractIpJudgment.
This section defines a list of executions. At this time there is only one execution. Executions are classes which create firewall-rules or execute something, which nessesary to block an IP, or , in this implementation, block the network, to which the ip belongs.
FAQs
find Bot IPs in log file to firewall them
We found that find2deny demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.