Fail2ban 0.7.4 review

Download
by rbytes.net on

Fail2ban is a tool that scans logs and bans IP that makes too many password failures

License: GPL (GNU General Public License)
File size: 46K
Developer: Cyril Jaquier
0 stars award from rbytes.net

Fail2ban is a tool that scans logs and bans IP that makes too many password failures. It scans files like /var/log/pwdfail or /var/log/apache/error_log and updates firewall rules to reject the IP address.

Here are some key features of "Fail2ban":
Highly configurable.
Parses log files and looks for given patterns.
Executes a command when a pattern has be detected for the same IP address for more than X times. X can be changed.
After a given amount of time, executes another command in order to unban the IP address.
Uses Netfilter/Iptables by default but can also use TCP Wrapper (/etc/hosts.deny) or others firewalls.
Handles log files rotation.
Can handle more than one service (sshd, apache, vsftpd, etc).
Resolves DNS hostname to IP address.
Can send e-mail notifications.
Runs as a daemon.
Multiple logging targets (syslog daemon, stdout, stderr, files).

Requirements:
Python >=2.3
Log4py (not needed with >=fail2ban-0.5.2)
Netfilter/Iptables

What's New in 0.6.1 Stable Release:
Added permanent banning. Set banTime to a negative value to enable this feature (-1 is perfect). Thanks to Mannone
Fixed locale bug. Thanks to Fernando Jose
Fixed crash when time format does not match data
Propagated patch from Debian to fix fail2ban search path addition to the path search list: now it is added first.
Thanks to Nick Craig-Wood
Added SMTP authentification for mail notification. Thanks to Markus Hoffmann
Removed debug mode as it is confusing for people
Added parsing of timestamp in TAI64N format (#1275325). Thanks to Mark Edgington
Added patch #1382936 (Default formatted syslog logging).
Thanks to Patrick B?rjesson
Removed 192.168.0.0/16 from ignoreip. Attacks could also come from the local network.
Robust startup: if iptables module does not get fully initialized after startup of fail2ban, fail2ban will do "maxreinit" attempts to initialize its own firewall. It will sleep between attempts for "polltime" number of seconds (closes Debian: #334272). Thanks to Yaroslav Halchenko
Added "interpolations" in fail2ban.conf. This is provided by the ConfigParser module. Old configuration files still work. Thanks to Yaroslav Halchenko
Added initial support for hosts.deny and shorewall. Need more testing. Please test. Thanks to kojiro from Gentoo forum for hosts.deny support
Added support for vsftpd. Thanks to zugeschmiert

What's New in 0.7.4 Development Release:
Improved configuration files. Thanks to Yaroslav Halchenko
Added man page for "fail2ban-regex"
Moved ban/unban messages from "info" level to "warn"
Added "-s" option to specify the socket path and "socket" option in "fail2ban.conf"
Added "backend" option in "jail.conf"
Added more filters/actions and jail samples. Thanks to Nick Munger, Christoph Haas
Improved testing framework
Fixed a bug in the return code handling of the executed commands. Thanks to Yaroslav Halchenko
Signal handling. There is a bug with join() and signal in Python
Better debugging output for "fail2ban-regex"
Added support for more date format
cPickle does not work with Python 2.5. Use pickle instead (performance is not a problem in our case)

Fail2ban 0.7.4 keywords